IT Systems Auditor

  • Edmonton, Canada

Company Description

For several years, this organization has worked to provide accounts regarding our sustainability efforts beginning with a baseline report in 2009.

Job Description

With us, you’re in good company. As a management consulting and technology firm, we are always searching for talented and motivated professionals to join our team. We distinguish ourselves from our competition by providing a rewarding and stimulating environment. We are committed to delivering brilliant client service to our clients. Likewise, we recognize that in order to be the best professional services organization, we must provide the same level of care and commitment to our employees, whom we regard as stewards.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  This position will report to the IT Risk Manager within the Information Security Office (ISO). This position will conduct risk analysis on information systems, platforms, and processes in accordance with established regulations and organizational standards. He/she will evaluate IT infrastructure in terms of risk to the organization and establish controls to mitigate loss of data, confidentiality, integrity and availability, while aligning those initiatives to the core organizational mission of Research, Care and Education. He/she will determine and recommend improvements in current risk management framework and controls.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Principle Duties include:                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   Conduct IT risk analysis, evaluations and education on IT assets and processes; evaluate risks associated with the procurement of new IT products/systems; evaluate risks associated on the use of third-party IT vendors (business associates); evaluate and propose solutions to mitigate risks under the established risk management strategies; assist constituents with remediation planning and ensure identified gaps have been appropriately managed in order to achieve certification; perform technical testing of controls for assurance and validation of IT asset compliance; review compliance regulations and assist with updating organizational compliance initiatives; assist in the development of internal processes for streamlining risk analysis techniques; assist in development of HIPAA Privacy and Security training content and initiatives; other duties as assigned.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Minimum Qualifications                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Relevant training/education/experience plus one to four years of related experience.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Preferred Qualifications                                                                                                                                                                                                                                              Strong background in IT risk analysis, auditing and/or information security practices with significant experience in a complex, multi-platform, higher education or healthcare IT environment. Understanding of regulatory compliance and industry best practices towards maintaining compliance with HIPAA/HITECH, 21 CFR Part 11, PCI, FERPA and GLBA. Familiarity with IT frameworks such as ISO, HITRUST, ITIL or COBIT. Ability to prepare both executive and detailed reports on risk findings and status. Ability to develop remediation plans and guide departments with remediation strategy. Strong service commitment, and verbal, writing, and reporting skills. High level of integrity, and sound judgment concerning security and privacy. Ability to plan and execute project plans. Ability to understand and work with healthcare professionals, educators and researchers. Ability to work independently with minimal supervision as well as be creative and innovative at conducting a high volume of risk analyses while reporting accurate and relevant risks to the appropriate constituents.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Our core values are at the heart of our culture. We demonstrate these principles our daily work with clients and each other. A spirit of entrepreneurship, client service, and passion for building the best organization has become the rich foundation upon which every Clarkston Steward grows his or her successful career. By living our core values and by always going the extra mile, our employees and clients enjoy being part of a winning team