Audit & Compliance Manager Job

Job Overview

Toronto, Ontario
Job Type
Full Time
Salary / Compensation
Details Not Provided
Date Posted
1 year ago

Additional Details

Some Exp. Required (2 - 5 Years)

Job Description

Key Responsibilities 2keys: 


  • Implementation, operation and management of the ISMS.  
  • Perform other key ISO related tasks as required by the ISMS Steering committee. 
  • Assist the ISMS Steering committee in growing and maturing the Information Security Management System. 
  • Assist the ISMS Steering committee in developing Key Performance Indicators (KPIs) that measure the effectiveness of security controls.  
  • Formally record, collect evidence of and report any opportunities for improvement, observations or non-compliances to ISMS Steering Committee in a timely fashion. 

ISMS Officer will be responsible for managing the day-to-day operations of the ISMS and raising the following in the ISMS Steering Committee:  

  • Items requiring an update and/or approval; 
  • key security trends, incidents, and/or new threats/risks; 
  • performance measurement results; 
  • progress with mitigating previously identified threats/risks via the previously discussed risk treatment; and 
  • other improvement activities are pertaining to the ongoing operational improvement of the ISMS. 
  • Chair and minute the ISMS Steering Committee meetings and follow-up on the outcomes of meetings in relation to the operation of the ISMS and improvement activities.   
  • Coordinate risk assessment on accepted risks at least annually 
  • Maintain the Statement of Applicability that identifies the applicable controls for the scope environment.  
  • The ISMS Officer, in cooperation with the asset owners, will conduct assessments to ensure that the controls implemented in accordance to the Risk Treatment Plan are effective. 
  • The ISMS Officer will be responsible for updating the Corrective and Preventative Actions Plan (CAPA) at every monthly meeting – all action items, due dates must be adhered to, and this table will detail all audit findings, risks on the Risk Treatment Plan and information security improvement initiatives.  
  • The ISMS Officer is responsible for ensuring that residual risk and changes to ISMS scope’s technology, business objectives, processes, legal requirements and identified threats are incorporated into the ISMS.  Where appropriate, the ISMS Officer will initiate the risk assessment process to ensure that security controls are relevant.   
  • The ISMS Officer can, if required, implement additional controls without undertaking a risk assessment upon consultation with respective subject matter advisors and approval from the ISMS Steering Committee if the threat or vulnerability could have a significant impact on ISMS scope, its partners or personnel.  
  • Coordinate quarterly management reviews and document any action items for improvements. 
  • Establishing links with other organizations, other groups (such as HR) and the ISMS Steering Committee to obtain security advice. 

Maintain the following records: 

  • The ISMS Manual; 
  • Risk assessment documentation; 
  • Corrective and Preventative Action Plan; 
  • ISMS Steering Committee Meeting Minutes and Agenda; 
  • Audit reports; and 
  • Security exceptions and Non-conformances. 
  • Provide the following information to the Director, Security Operations for review at least annually: 
  • Risk assessment documentation; 
  • Corrective and Preventative Actions Table; 
  • ISMS Governance Committee meeting minutes; 
  • Audit reports; 
  • Staff feedback; 
  • Evolving threats and vulnerabilities; and 
  • Status of actions from previous reviews. 
  • Coordinate with the asset owners, and confirm that all corrective actions are correctly implemented. 
  • Monitor compliance with the standard. 
  • Responsible for ensuring ongoing training and awareness via the Audit Tracker Tickets and eventually in Workday.  

Technical Compliance: 

  • Oversee the implementation and operation of technical compliance audit solutions to ensure they fulfill requirements 
  • Regularly review the compliance scan results and report on them, including remediation recommendations and progress towards them 
  • Work co-operatively with the Security Operations Centre to operationalize the usage of the compliance scanning tools, balancing workload across the team. 
  • Manage and coordinate monthly compliance audits. Review findings 

Risk Management: 

  • Manage the Risk Register and chair the Risk Governance Committee. 
  • Work with key stakeholders for regular updates to the RMR project 
  • Third Party Risk Management: 
  • Manage Third Party Risk assessments and vendor analysis. 

Project Management: 

  • Manage all projects related to risk, governance and compliance. 

External Audit: 

  • Manage the relationship with PECB and the External Auditor. 
  • Plan and coordinate external audits with PECB. 
  • The ISMS Officer will maintain and manage the ISMS audit schedule. 
  • The ISMS Officer is responsible for interfacing with ISMS auditors to field questions pertaining to the ISMS by knowledgeably and confidently responding or by bringing the appropriate subject matter advisors to the table. 

Internal Audit: 

  • Plan, establish, implement and maintain the internal ISO 27001 audit program. 
  • Prepare a quarterly internal audit report. 
  • Define the audit criteria and scope for each audit. 
  • Conduct regular interviews with employees and gather evidence of compliance towards ISO 27001 security controls and other standards as identified by the organization. 
  • Evaluate the implementation of organizational security controls and measure their performance and effectiveness against the ISO 27001, 27017 and 27018 requirements and other standards identified by the organization. 

2Keys Recruitment Process and Accommodations

2Keys Corporation thanks all applicants; however, only those selected for an interview will be contacted.

2Keys is an inclusive workplace. We are committed to supporting accessibility, diversity and equal opportunity. Requests for accommodation can be made at any stage of the recruitment process providing the applicant has met the requirements for the position.  Applicants need to make their accommodation requirements known when contacted.


This website uses cookies to ensure you get the best experience on our website. Cookie Policy