Security Audit Specialist

Osler, Hoskin & Harcourt LLP is one of Canada’s leading business law firms. Advising many of Canada’s corporate leaders, as well as U.S. and international parties with extensive interest in Canada, our more than 1,000 firm members are based in offices in Toronto, Montréal, Ottawa, Vancouver, Calgary and New York.

Osler prides itself on attracting and maintaining some of the brightest talent in the legal arena. Our lawyers, students, management and staff have created a unique firm culture which nurtures mentoring and the exchange of ideas. Osler is a dynamic and exciting place to further your career or carve out a new path.

Reporting to the Manager, Security & Compliance, the Security Audit Specialist will be entrusted with ensuring the ongoing effectiveness, compliance, and integrity of the Firm's ISO 27001 program, while promoting continuous improvement and alignment with evolving standards and client requirements. As a member of the Firm’s Information Security Management System (ISMS), this role is also accountable for reviewing and advising on Outside Counsel Guidelines, security policy and other security related matters in a manner consistent with legislation, client requirements and Firm culture. In addition, this role is accountable for leading client security audits and attestations by interfacing directly with our clients and Firm members as required.

Major Responsibilities

• Lead internal and external ISO 27001 audits to ensure the Firm’s compliance with ISO 27001 certification requirements
• Lead various ISO 27001 certification efforts including initiatives pertaining to governance, tracking, remediation and compliance of information systems and controls
• Track and report on ISO related compliance status, including any identified non-conformities or opportunities for improvement as well as develop and implement corrective and preventive actions to address and determine root cause
• Develop and update policies, procedures, and controls to mitigate identified risks and ensure compliance with industry security best practices
• Ensure ISO 27001 process and certification related documentation is available and up to date
• Engage with Firm members from different departments to raise awareness and support of the certification process
• Stay up to date with the latest developments in information security and ISO 27001 standards
• Participate and act a resource on client security audits, coordinating with and preparing firm members as required
• Participate in the Outside Counsel Guidelines process by reviewing and advising Outside Counsel Guidelines
• Advise ISMS members on all audit and security related matters
• Assist other security team members with tasks critical to the maintenance of these certifications
  
  

Position Requirements

Education and Experience

This position requires a university degree in Computer Science or a related information systems security field and a minimum of three years of security, compliance, or auditing experience.  

Security+ or SCCP and/or CIA or CISA or ISO/IEC 27001 Lead Implementer or equivalent certification is required. ISO Auditor training is considered an asset. An equivalent combination of education, training and experience may be acceptable.

Knowledge and Skills

• Audit experience with a focus on risks and controls and risk-based auditing techniques
• Deep understanding of the security issues affecting organizations
• Able to understand and interpret security-related laws and regulations, and voluntarily adopted standards (e.g., ISO 27002)
• Strong technical and process documentation writing skills
• Project Management experience with proven ability to set and shift priorities to meet a variety of timelines
• Formal knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption)
• Knowledge of penetration testing principles, tools, and techniques
• Knowledge of vulnerability scanning and assessment skills
• Knowledge of system and application security threats and vulnerabilities
• Knowledge of information security systems such as PaloAlto, CarbonBlack, MS SCEP, Active Directory/Entra
• Demonstrated experience with execution of information security policy practices and procedures
• Experience handling major and minor IT security incidents

We are currently working in a hybrid work arrangement, which includes a requirement to work primarily in the office and flexibility to work remotely up to 2 days per week.

Accessibility and Accommodation

We thank all applicants for their interest in Osler; however, only chosen applicants will be contacted.  Osler is committed to fostering a diverse and inclusive work environment, and we welcome and encourage applications from people with disabilities and people with diverse backgrounds, identities, and cultures. Accommodations are available upon request for candidates in all phases of the selection process.

Background and Reference Checks

Please note that any offer of employment will be conditional upon background and reference checks, including a criminal record check, credit check, and employment and educational verifications.

If you have the required background with the ability to provide exceptional customer service and wish to work in one of Canada's leading law firms, please reply in confidence with a cover letter and résumé by the closing date.

#LI-Hybrid  

#LI-AC1