Job Description

Description de l'entreprise
Wepoint est l'architecte des grandes transformations des entreprises et des acteurs publics.
Nous accompagnons nos clients de la strategie a la mise en oeuvre technologique, en nous attachant toujours a penser au-dela des evidences et a s'inscrire dans des logiques de Responsabilite Economique, Sociale, Environnementale et Technologique (RESET), pour creer de nouvelles facons de travailler, de nouveaux modeles economiques et de nouveaux lieux intelligents.
En pres de 20 ans, nous sommes devenus l'un des acteurs majeurs de la transformation numerique et employons 3 500 collaborateurs en Europe, en Tunisie et en Amerique du Nord ainsi qu'en Asie Pacifique.
Ce que nous recherchons
COURAGE - AUTHENTICITE - OUVERTURE - ENGAGEMENT - ELEGANCE
Autant de valeurs qui rejoignent les collaborateurs de Wepoint.
Nous travaillons avec des talents engages, prets a partager leurs expertises dans des collectifs ouverts, qui ont le courage de prendre des initiatives et capables de se remettre en question.
Au coeur des relations humaines et du respect de notre environnement, chez Wepoint, se trouvent l'authenticite et la volonte de toujours tendre vers l'excellence pour nos clients.
Responsibilities
Lead and conduct reviews as part of the annual control plan, focusing on risks related to information technology, information security, and cybersecurity;
Conduct walkthroughs (reconstructions of business and control processes) to gather the information needed to understand the context, risks, and expected functioning of the controls to be tested;
Scope, plan, and execute technology and compliance control audits with the following focus areas: Design and execute tests to validate application controls (system controls), which may include data analysis, code inspection, and system process re-execution; Analyze the design of controls around system architecture (security, availability, performance) and their impact on technology teams aligned with the business; Analyze business and technology processes to assess the effectiveness of relevant controls; Validate that system functionalities meet business, technical, and regulatory requirements.
Identify issues through testing and ensure that appropriate action plans are developed by the business to correct deficiencies;
Discuss findings and conclusions with stakeholders (business, functions tested);
Document audit work and draft final test reports to formally communicate findings;
Verify that corrective actions agreed upon by the business are implemented on time;
Maintain regular engagement and provide feedback to key stakeholders within compliance, risk, and business units;
Assist the audit manager in developing the annual risk-based test plan.
Education and certifications
Bachelor's degree in computer science, information security, engineering, or equivalent field;
IT audit/security certifications preferred: CISA (asset), CISSP, CPA, CIA;
Excellent oral and written communication skills in English, as the position requires communicating with teams located outside Quebec.
Qualifications
7-11 years of professional experience in financial services or equivalent environment;
3-5 years of experience in systems auditing, physical/logical security, or cybersecurity in a technical environment, applying recognized auditing standards consistent with internal control frameworks;
General knowledge of regulatory requirements applicable to banking investment and broker-dealer activities;
AML experience and securities licenses: a plus.
Technical skills and tools
Frameworks and regulations: NIST, FFIEC, ISO, GDPR, NYSDFS, FISMA, etc.;
Data analysis and management tools: Scripting: Python, VBA; Relational databases: T-SQL, PL/SQL; Data visualization: Power BI, MicroStrategy, Spotfire.
Proficiency in Microsoft Word, Excel, PowerPoint;
Excellent writing skills.
Required profile
Mastery and application of audit methodology and control-based audit techniques;
Experience in auditing general and application controls on various technologies and platforms, based on industry standards and best practices;
Good knowledge of high-risk IS/cyber areas: identity and access management (IAM), data protection, encryption, firewall security, intrusion detection/prevention systems (IDS/IPS), internal threats;
Ability to audit non-technical areas: IT governance, project management, systems development;
Knowledge of cloud infrastructures is a plus;
Ability to synthesize data and observations into findings and present conclusions clearly in writing and orally;
Ability to analyze complex data sets using Excel, Access, VBA, and other advanced analytical scripts/tools;
Understanding of the risks and regulations associated with banking investments and broker-dealer activities;
Strong analytical skills, organizational skills, ability to manage multiple simultaneous and ad hoc requests;
Rigorous, self-motivated, detail-oriented, and able to work in a dynamic environment with deadlines;
Interpersonal skills, ability to work collaboratively in complex, multicultural organizations; excellent writing and oral communication skills.
Only candidates legally authorized to work for any employer in Canada will be considered.
Avantages Wepoint:
Minimum de 3 semaines de vacances des la premiere annee;
Assurances collectives completes avec contribution genereuse de l'employeur;
Contribution employeurs au REER collectif
Flexibilite de teletravail complete : Hybride, Distanciel, Presentiel.
Un bureau chaleureux, lumineux et accueillant qui vous offre : des fruits frais, du cafe, des breuvages, des repas occasionnels, etc.
Budget de materiel informatique annuel
Environnement de travail equilibre et flexibilite d'horaires;
Evolution de carriere : Formation et certifications, Apprentissage en-ligne ou en presentiel, Academy Wepoint, etc.
Une communaute internationale d'experts prets a partager leurs connaissances;
Une culture d'entreprise axee sur les besoins des individus et leurs appartenances a une communaute forte

Skills Required