Canada ● United States
Who We Are:
Bulletproof Solutions is a premiere technology company founded in 2000. Driven by innovative, empowered and creative teamwork, we build solutions that solve business challenges and deliver overall business improvement for our global clients. At Bulletproof, we are committed to our customers, our team and our communities.
Bulletproof’s practices include Security and Managed IT Operations Centers, Quality Assurance and Testing, Integration, Consulting, Education and Product Fulfillment; working together to provide true end-to-end business solutions. Our Security Operations Center protects our clients 24 hours a day by providing extensive security services, including best-in-class technology offerings. Our commitment to our Microsoft Practice elevates security, compliance, productivity and collaboration capabilities, and our Learning Solutions allow us to enhance the knowledge and skill sets of all our clients.
Bulletproof is a Gold Microsoft Partner and a TWO TIME Microsoft Canada Modern Workplace IMPACT Award winner. We are passionate about helping our customers achieve their information technology objectives more securely.
We are growing, since the acquisition of Bulletproof by Gaming Laboratories International (GLI), our mandate to expand our capacity and market reach is aggressive. We are building the team to help us achieve those goals, in Canada, the USA and internationally. We have ambitious plans to leverage our depth of experience across our practices and are building an ambitious team to achieve those goals together.
Interested? Read on to see if your experience is a fit.
As a Bulletproof Security Auditor you will conduct independent comprehensive assessments of management, operational, and technical security controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of our client’s security controls (as defined in NIST SP 800-53, ISO/IEC 27001: 2013 or other applicable standard).
This position will work with clients to assess, develop, and implement policies, standards and guidelines. Also, the position will entail developing security programs in alignment with information security frameworks. The position will ensure clients meet compliance requirements and guide them in developing an improved security posture.
- Conduct security assessments that can be multi-faceted for a wide variety of assigned clients.
- Conduct certification audits against various standards
- Provide clients with recommendations on building and enforcing information security standards and compliance to these standards.
- Participate in risk governance process to provide security risks, mitigations and input on other technical risk.
- Create security test reports and other documentation as needed.
- Work with clients in defining information security requirements for projects and ensures project compliance to these requirements.
- Author/review security architecture for clients and provides recommendations based on best practices or based on regulatory compliance requirements.
- Work with clients to develop information security program health checks and the appropriate remediation plans.
- Provide technical support as a subject matter expert in the sale of information security assignments on an as needed basis (work scoping and estimation).
- Provide thought leadership and direction for the Information Security practice on client security programs.
- Team up with colleagues in other lines of services in support of client needs for Information Security services.
- Research best practices, developments, techniques and trends in information security and determine relevance to client organizations.
- Provide clients with exceptional service in a professional, courteous and timely manner.
- Oversight and management of audit sub-contractors
- Other related duties as assigned.
- Degree from an accredited University or equivalent College Diploma and related experience.
- CISSP, CISA, CISM, CIA or SANS Certifications
- Excellent written and oral communication skills in English
- Ability to meet deadlines and deliver a high-quality product (reports)
- Strong attention to detail
- Ability to work both independently and perform as a leader in a team environment
- Experience performing information security audits, development of control tests and gathering evidence (exposure to Generally Accepted Auditing Standards (GAAS), ISO 19011)
- 5 years minimum information security experience ideally in a fast paced, changing environment
The following skills are preferred but not required:
- ISO/IEC 27001 Lead Auditor, PCI QSA
- Understanding of information security frameworks such as ISO/IEC 27001:2013, COBIT, NIST CSF, System and Organization Controls (SOC) Trust Service Principles (TSP)
- Familiarity with threat modelling and security design review methodologies
- Experience in professional service and delivery process development (to support our continued business growth)
- Must be able to travel 70% or more (after the pandemic related travel restrictions are lifted)