IT Auditor, Kraków
We are OANDA:
We are an award-winning global financial services company offering market leading currency solutions and online trading platforms for both retail and corporate clients. Our vision is to transform how our clients can meet all of their online trading and currency needs with innovative and award-winning solutions.
Backed by one of the world’s largest private equity firms, with significant ambitions to grow the business on the global stage, we are looking to empower highly motivated, passionate people who want to make their mark in a dynamic environment.
About the Team:
We are an international team of three located in Toronto and Krakow. We are responsible for providing risk based internal audit and advisory services and provide assurance on effective risk management and control over OANDA’s operations, technology, regulatory compliance, assets, reputation and financial management.
The Information Technology Auditor performs effective planning and execution of ongoing internal controls assessments and periodic audits of various complexity, ensuring OANDA’s information security management activities are consistent with recognized international standards and comply with relevant regulatory requirements and internal policies. While the primary focus of the job is Information Security audit, the incumbent will be called upon to support other audits on technology general controls as required.
The role requires some international travel (post-COVID), and work outside of Polish business hours (30% of the time)
Responsibilities will include:
- Independently plan and execute Information Security audits and review of internal controls covering a broad range of security activities including operating systems, applications, infrastructure, access management, SIEM and incident management according to the annual Audit Plan and audit methodology.
- Review security threat and vulnerability risk assessments completed by Information Security.
- Perform audits in compliance with internal auditing standards, best practices, and relevant frameworks such as: COBIT, ISO, NIST, OWASP
- Draft formal audit/review reports concerning audit findings and recommendations and present the findings to Senior Management during the engagement closing meetings.
- Maintain audit issues log and perform regular follow-up with responsible individuals to ensure that departments have completed remediation actions timely.
- Work closely with management on findings closure to identify challenges and gaps.
- Liaise with external auditors to facilitate the external auditing process.
- University degree and 3+ years of relevant experience.
- Strong understanding and ability to interpret and communicate risk management concepts.
- Understanding of typical security threats, vulnerabilities and safeguards relevant to application development, test and QA environments, and IT (data centre) operations.
- Familiar with security architecture, security standards (e.g. ISO27001, ISO27002), IT management frameworks (e.g. ITIL and CoBIT), and working knowledge of Threat Risk Assessment (TRA) methodologies and other risk assessment methodologies and tools
- Knowledge/ familiarity of a wide variety of information systems and security technologies including Operating Systems security, LAN and WAN, Internet protocols and applications, secure communications, firewalls, IDS/IPS, PKI, identity management, identification and authentication techniques, role-based access control, malware defenses, etc.
- Highly proficient with Microsoft Office (with advanced MS Excel), Google suite of applications, and data analytics experience with the use of tools such as ACL.
- CISSP, CISA or equivalent security designation
- Experience in IT Operations, development, network administration audits would be beneficial
We Value Our People:
OANDA Global Corporation is a diverse and global team with offices around the world. We value the unique skills and experiences each individual brings to OANDA. We are committed to creating and sustaining a collegial work environment in which all individuals are treated with dignity and respect and one which reflects the diversity of the community in which we operate. We provide an inclusive and accessible environment for everyone.
Candidates selected for an interview will be contacted directly. If you require accommodation during the recruitment and selection process, please let us know. We will work with you to provide as seamless a recruitment experience as possible.