Job Descriptions

Use this tool to access job descriptions for your next hire. Search by skills or job titles and download the job description to help you get started. Tip: You can use this tool to help ensure your own resume is up-to-date with the latest job requirements.

You may search job titles by skills within selected career category
Information System Security Officer (ISSO)
Chief Information Security Officer (CISO)
Information Security (IS) Auditor Security Architect
Security Automation Engineer
Secure Software Assessor
Cryptographer/Cryptanalyst
Information Systems Security Developer
Operational Technology Systems Analyst
Security Engineer
Supply Chain Security Analyst
Security Testing and Evaluation Specialist
Identity Management & Authentication Support Specialist
Encryption / Key Management Support Specialist
Data Privacy Specialist
Cybersecurity Operations Technician
Cybersecurity Incident Responder
Cybersecurity Malware Specialist
Digital Forensics Analyst
Cybersecurity Operations Analyst
Vulnerability Assessment Analyst
Information Systems Security Manager - Cybersecurity Operations
Threat Hunter
Cybersecurity Operational Technology Incident Responder
Penetration Tester
Data Scientist (AI)
Machine Learning Engineer
Computer Vision Engineer
Automation Process Engineer
IT Service Manager
Systems Engineer
Full Stack Developer
Front End Developer
User Interface Designer
User Experience Designer
Software Engineer
Programmer
Systems Analyst
Developer
Data Engineer
Data Scientist (Tech)
Data Analyst
Project Manager
Technical Recruiter
Product Manager
Social Media Manager
Business Analyst
Policy Analyst
Learning and Development Specialist
Architectural Designer
IT Author / Technical Writer
Cognitive Copywriter
Clinical Researcher / Coordinator
Legal Compliance Officer
IT Auditor
Deep Learning Engineer
Robotics Process Analyst
IT Program Manager
IT Procurement Officer
Network and Systems Administrator
Web Developer
Systems Architect
Online/Digital Learning Developer
Human Resources Analyst
Medical Coder/Programmer
Tech Sales and Customer Service
Business Intelligence Analyst
Graphic and Animation Designer
Digital Marketing / Communications

Information Security (IS) Auditor

OVERSEE & GOVERN

Skills

Job Description

Other Titles

  • Cybersecurity auditor
  • Security control assessor
  • IT security auditor

Note: This role is most commonly found in large or medium-sized organizations. 

Reporting relationship

To be completed by the user of this job description as appropriate

Job purpose / summary

A specialized auditor role, an information security auditor is responsible for evaluating and reporting on the security and effectiveness of IT systems and related controls in support of organizational information / data security, IT systems and their components. The audit conducted is often reported to a senior manager with recommendations for changes or improvements.

Duties and responsibilities

  • Collaborate with key stakeholders to establish an effective information security audit program.
  • Ensure compliance with the changing laws and applicable regulations
  • Develop and implement audit plans that are aligned to the organizational objectives and security requirements
  • Identify, acquire and oversee management of financial, technical and personnel resources required to support IS audit activities
  • Develop and deploy policy testing on IS systems
  • Advise other senior management on cybersecurity programs, policies, processes, systems, and elements
  • Review and interpret cybersecurity / information security policies and controls
  • Maintain a current understanding the IT threat landscape for the business context
  • Schedule and conduct IS audits
  • Analyse and interpret IS audit results
  • Report results and provide recommendations to the system owner(s).

Competencies

Basic application of the following KSAs:

  • Project and program management
  • IT audit policies, practices and procedures

Advanced application of the following KSAs:

  • Legal, policy and compliance requirements
  • Business objectives and how IT/data/systems enables the business
  • Information security audit polices, practices and procedures
  • Integrated/organizational security concepts, principles and practice (software, system, data, physical and personnel) 
  • Sector/context relevant threats, business needs and technical infrastructure
  • Organizational security responsibilities, accountabilities and performance measures
  • Cybersecurity program management, measures and monitoring
  • Organizational cybersecurity controls and responsible agents
  • Organizational threats and vulnerabilities including:
    • Cybersecurity threat landscape
    • Vulnerability assessments and application of mitigations
    • Organizational security infrastructure including protective and defensive systems
    • System integration, testing and deployment
    • Supplier management (if IT or security services are outsourced) and supply arrangements

Tools and Technology

  • Strategic and business plans
  • Threat and risk assessments
  • Vulnerability management processes and vulnerability assessments
  • Incident management processes and procedures
  • Cybersecurity risk management processes & policies
  • Compliance requirements including privacy and security legislation
  • Organizational security infrastructure and reporting systems
  • IS audit tools and systems
  • Vulnerability assessments
  • Penetration testing results
  • IT systems performance measures

Direct reports (if appropriate)

To be completed by the user of this job description as appropriate

Qualifications

Education. Post-secondary education in a cyber or IT related field (e.g.; Computer engineering, Computer Science, Information Technology, Business Technology Management – Digital Security or equivalent)

Certifications.

To be completed by the user of this job description as appropriate

Other relevant qualifications.

Specialized training in IT or information system audit and security audit.

Employment in this role is often preceded by formal education with a degree or diploma in an IT field as well as experience in an organizational cybersecurity role. There is also a requirement for specialized training and education in information system and information security audit practices.

Key Attributes.

To be completed by the user of this job description as appropriate

Experience. Experience (3-5 years) in cybersecurity with preference in systems analytics (e.g. cybersecurity operations analyst, vulnerability analyst, IT systems security analyst)

Working conditions (if required)

If the job requires a person to work in special working conditions this should be stated in the job description. Special working conditions cover a range of circumstances from regular evening and weekend work, shift work, working outdoors, working with challenging clients, and so forth.

Physical requirements (if appropriate)

If the job is physically demanding, this should be stated in the job description. A physically demanding job is one where the incumbent is required to stand for extended periods of time, lift heavy objects on a regular basis, do repetitive tasks with few breaks, and so forth.