Senior Auditor, It/Cyber Security

Worker Type: Employee

Group: Internal Audit Department

Job Post End Date: 02/20/2024

Roughly this opportunity:

The Senior Auditor (IT/Cyber) will assist with the planning and execution of the cyber-focused audit engagements and will prepare/implement detailed audit programs, participate/lead audit fieldwork, document audit findings and observations, and prepare final audit reports.

The successful candidate will contribute to the annual SOX IT general control testing engagements by providing suggestions to strength Cenovus's ITGC control framework and overall cyber security posture. They will work independently and use their knowledge and experience to develop and implement detailed audit programs that align with established security frameworks, while managing their time to deliver on multiple engagements.

Responsibilities:

• Work closely with IT, OT and Business teams within Cenovus and external auditors

• Represent Internal Audit in a professional and respectful manner to assess and provide recommendations

• Conduct internal audits that validate the design and effectiveness of IT and cyber security of all control areas defined in the Cenovus Cyber Security Management System

• Design, implement and complete testing over the design and operating efficiency of SOX IT controls that include general IT, application, infrastructure, and interface controls

• Evaluate audit findings, and develop and coordinate remediation activities

• Work with the external auditors, respond to various requests, and facilitate and coordinate communications between IT process owners and the auditors

• Document audit findings and author audit reports that provide recommendations based on standard processes or based on regulatory compliance requirements

• Provides technical input and consultation in the areas of IT and cyber security and SOX IT general control design and implementation

• Collaborate with internal colleagues in other business teams in support of client needs for Information Security services

• Research best practices, developments, techniques and trends in information security that are relevant to Cenovus

Qualifications:

• Must be legally entitled to work in Canada

• Minimum 7-10 years of experience, preferably in a public accounting firm or an organization dedicated to IT/cyber audit activities

• Minimum 5-years SOX IT auditing and control practices, and IT control auditing for Oracle, MS SQL, Windows AD and Linux

• Minimum 3 years experience auditing SOX IT security controls for SAP S/4 HANA environment

• Must have an undergraduate Degree in Computer Science, Information Security or related major

• Must have a CISA & CISSP designation (CRISC and other security-related designations will be considered an asset)

• Solid understanding of internal auditing techniques to address all elements defined in the NIST cyber security framework

• Excellent verbal communication skills with the ability to confidently interact with and present audit findings to all levels of management

• Excellent written skills with the ability to create risk-focused audit observations and reports cleary and concisely

• Ability to accept and quickly adapt to change, work independently, meet timelines, and make routine decisions without close supervision

• Ability to explain and defend technical and complex internal audit observations to all levels of Management within the organization

Note: The application deadline for this position is 11:59 PM MT February 19th, 2024.

If you require accessibility assistance to complete the on-line application or otherwise apply for an open position with Cenovus, its subsidiaries and affiliates, please email careeropportunities@cenovus.com.

Internal candidates that are currently in a lower grade will be assessed based on their sustained job performance, how they demonstrate the expected organizational competency behaviors and values and in discussions with their current leader prior to determining next steps.

About Cenovus:

We're a Canadian-based integrated energy company headquartered in Calgary. We're committed to maximizing value by sustainably developing our assets in a safe, innovative and cost-efficient manner, integrating environmental, social and governance considerations into our business plans.

Find Cenovus on Facebook, Twitter, LinkedIn, YouTube and Instagram.

For more information, please visit cenovus.com.

At Cenovus, we embrace diversity of thought, experience and backgrounds to help us make better business decisions, address our challenges, seize opportunities and unlock innovative solutions. We're committed to building a diverse, equitable and inclusive workplace where people feel respected, valued and engaged. We strive for a collaborative, physically and psychologically safe environment where you can be yourself, feel a sense of belonging and thrive. For more information, including details on our inclusion and diversity targets and networks, visit Cenovus.com.

The requirements of this posting may be modified to support business needs. Title and compensation administration will be based on the skills and capabilities of the successful incumbent.

Notification

To be considered for a position, please click Apply and create an account or sign in to your Cenovus Careers profile.

Immediately following successful submission of your online application, you will receive an online notification confirming Cenovus's receipt of your resume.

Only those applicants who apply directly to a posted position and are selected for an interview will be contacted. We will not accept agency or third-party candidate submissions.

To follow the status of your application, log in to your Cenovus Careers profile and click on the appropriate job under 'My Applications'.

Interested in this opportunity? Click the Apply link.

If you are a CURRENT EMPLOYEE please apply by going to our Internal Career Site