IT Auditor

At Couchbase, we are in an exciting stage of rapid growth and innovation. As a key member of our Governance, Risk, and Compliance (GRC) team, the IT Auditor plays a crucial role in safeguarding our assets, ensuring compliance, and driving continuous improvement to support the company's ambitious expansion. You'll have the opportunity to learn new skills, grow your career, and work alongside a team of the smartest, most passionate people in the industry.
Location Required: Eastern Canada

Responsibilities

• Oversee the execution of the Information Security Management System (ISMS) audit process, including planning, conducting, and reporting on annual and ad-hoc audits.
• Collaborate with both internal stakeholders and external auditors to ensure smooth and frictionless audits. 
• Collaborate with cross-functional teams to gain exposure to various aspects of the business, broadening your skillset and unlocking opportunities for professional development.
• Issue and oversee the resolution of non-conformities identified during audits, providing recommendations to improve the control posture and align ISMS policies with industry best practices.
• Administer and manage the GRC tool to effectively and efficiently run the audits. Map controls across various frameworks to optimize and automate the audit process to achieve productivity gains.
• Assist with the development and delivery of security awareness and training programs for internal teams, fostering a culture of security and compliance.
• Review supplier security questionnaires and conduct third-party risk assessments for new systems and services to ensure compliance with relevant standards.
• Participate in the management of security incidents, including root cause analysis, corrective actions, and final report reviews.
• Plan, design, execute, report, and communicate phishing campaigns to improve organizational resilience.
• Conduct annual risk assessments and maintain the information security risk register, providing strategic insights to the GRC team.
• Demonstrate strong multi-tasking and time management skills to effectively prioritize and deliver on multiple assignments and deadlines.
• Review and document information security standards, controls, processes, internal and external audit outcomes for continuous improvement of Couchbase Compliance program.
• Provide regular and timely status reports on ongoing projects and Information Security Management System (ISMS) activities, ensuring effective communication and progress tracking.

Required Skills and Qualifications:

• Bachelor's degree from an accredited college or university, or equivalent experience
• 5+ years of internal and external audit planning and execution experience preferably in a well known auditing firm.
• Able to explain control requirements to control owners who might be non-technical or at management level.
• Proven expertise in conducting root cause analyses and implementing effective corrective actions
• Excellent verbal and written communication skills, with a strong focus on attention to detail and quality of work
• Independant, energetic, self-starter with keen initiative and a focus on continuous improvement of GRC processes
• Strong relationship-building, interpersonal skills, and aptitude for working in a team environment
• Critical thinking and strong analytical skills with the ability to analyze and interpret results into actionable recommendations
• Certification in Internal Auditing (e.g., CIA, CISA) or Information Security (e.g., CISSP, CISM) is preferred.
• Experience with GRC automation and management tools.
• Required: Strong hands-on experience implementing information security standards (such as ISO 27001, NIST, SOC 2, HIPAA, and PCI-DSS)
• Required: ISO 27001 Lead auditor certification
• Desirable: Experience implementing HITRUST and FedRAMP
• Experience in developing policy, process, and procedure documents.
• Business Continuity Planning certification from an accredited institution is an asset.