IT Audit & Compliance Analyst

at  Bond Brand Loyalty Inc

At Bond, we craft innovative solutions with the aim of forging stronger brand loyalty for our clients. Our diverse and dynamic approach takes us in thrilling directions, and you will play a pivotal role in steering the future of loyalty within our Bond Technical Services team.

A typical day in this role might include:

• Collaborate with internal teams and work closely with external auditors to ensure SOC 1 requirements/ objectives are met with control design and operational effectiveness
• Collaborate with internal teams and work closely with external auditors to ensure SOC 2 controls, policies and processes are designed and implemented.
• Aid with the internal PCI compliance initiatives and ensure annual PCI service provider and merchant compliance is achieved.
• Maintaining the corporate policy, standard and procedure framework as it relates to security, information handling, identity management and technology. Continuously improving company’s security posture.
• Performing gap analysis and develop compliance roadmaps for required security standards PCI, SSAE 16 etc.
• Assist with 3rd party auditors, RFPs, security questionnaires and vendors risk assessments in the procurement and delivery of services, reviewing InfoSec documents and compliance certification reports as required to ensure our data is secure
• Performing risk assessments on new and existing solutions and processes. Participating in design and development of remediation plans and required security controls.
• Working with various Bond departments to develop audit-able procedures and policies to ensure ongoing compliance while recommending and implementing improved controls and processes
• Identify and escalate issues providing solutions and action plans to mitigate
• Oversee changes in accreditation standards that affect information security and data privac

Do these statements describe you?

• +3 years experience in an information security and compliance/IT audit role. Privacy experience is an asset
• Experience in SOC1 and SOC 2 auditing is mandatory. Additional experience with ISO 27001 and PCI would be preferred
• Experience with GDPR compliance is an asset
• Technical designations are an asset: e.g. CISSP, CISA, CRISC
• Detailed understanding of Application, Data, Infrastructure and Cloud Security
• Excellent organizational skills and attention to detail
• Experience in writing policy documents and process development
• Exceptional integrity as demonstrated by previous positions of trust and authority

Bond is proudly recognized as a Great Place to Work and Best Managed Company. We’re 800(ish) people working tirelessly together to make the world a more loyal place. You’ll be joining a hyper-talented team with a galaxy of skill sets ranging from research to creative to digital and beyond. You’ll have an excellent opportunity to grow, learn and make an impact as we tackle some of our client’s biggest business challenges.
At Bond, we are proud to be a diverse organization and we are committed to building and fostering an environment where our employees feel included, valued, and heard. Our belief is that a strong commitment to diversity and inclusion enables us to truly create equal opportunity and positive employment experiences for everyone. We encourage applications from Indigenous peoples, racialized people, people with disabilities, people from gender and sexually diverse communities, and people with intersectional identities.
Please connect with our People & Values team should you require any accommodation.

• Collaborate with internal teams and work closely with external auditors to ensure SOC 1 requirements/ objectives are met with control design and operational effectiveness
• Collaborate with internal teams and work closely with external auditors to ensure SOC 2 controls, policies and processes are designed and implemented.
• Aid with the internal PCI compliance initiatives and ensure annual PCI service provider and merchant compliance is achieved.
• Maintaining the corporate policy, standard and procedure framework as it relates to security, information handling, identity management and technology. Continuously improving company’s security posture.
• Performing gap analysis and develop compliance roadmaps for required security standards PCI, SSAE 16 etc.
• Assist with 3rd party auditors, RFPs, security questionnaires and vendors risk assessments in the procurement and delivery of services, reviewing InfoSec documents and compliance certification reports as required to ensure our data is secure
• Performing risk assessments on new and existing solutions and processes. Participating in design and development of remediation plans and required security controls.
• Working with various Bond departments to develop audit-able procedures and policies to ensure ongoing compliance while recommending and implementing improved controls and processes
• Identify and escalate issues providing solutions and action plans to mitigate
• Oversee changes in accreditation standards that affect information security and data priva