Who we are

Founded in 2002, Zafin offers a SaaS product and pricing platform that simplifies core modernization for top banks worldwide. Our platform enables business users to work collaboratively to design and manage pricing, products, and packages, while technologists streamline core banking systems. 

With Zafin, banks accelerate time to market for new products and offers while lowering the cost of change and achieving tangible business and risk outcomes. The Zafin platform increases business agility while enabling personalized pricing and dynamic responses to evolving customer and market needs. 

Zafin is headquartered in Vancouver, Canada, with offices and customers around the globe including ING, CIBC, HSBC, Wells Fargo, PNC, and ANZ. Zafin is proud to be recognized as a top employer and certified Great Place to Work® in Canada, India and the UK.  

What is the opportunity

The Senior Internal Auditor is responsible for conducting independent and objective assessments of the organization's Information Security Management System (ISMS) to ensure compliance with industry standards, including but not limited to ISO 27001. The role involves evaluating the effectiveness of information security controls, risk management processes, and governance practices. The Senior Internal Auditor will provide recommendations for improvement and support the organization in maintaining ISO 27001 certification.

What will you do?:

  1. ISO 27001 Compliance:
    • Conduct internal audits to assess compliance with ISO 27001 standards and the organization's ISMS.
    • Evaluate the effectiveness of information security controls and identify areas for improvement.
    • Ensure that the ISMS is aligned with the organization's information security objectives and regulatory requirements.
  2. Risk Assessment and Management:
    • Perform risk assessments to identify and evaluate information security risks.
    • Collaborate with management to develop and implement risk mitigation strategies.
    • Monitor and review the effectiveness of risk management processes.
  3. Audit Planning and Execution:
    • Develop and execute a risk-based audit plan focused on ISO 27001 compliance.
    • Conduct detailed audit fieldwork, including reviewing documents, conducting interviews, and testing controls.
    • Analyze data to identify trends, anomalies, and areas of concern.
  4. Reporting and Communication:
    • Prepare comprehensive audit reports that summarize findings, conclusions, and recommendations.
    • Communicate audit findings and recommendations to management and relevant stakeholders.
    • Follow up on the implementation of audit recommendations and corrective actions.
  5. Continuous Improvement:
    • Identify opportunities for process improvements and operational efficiencies within the ISMS.
    • Stay updated on ISO 27001 standards, industry best practices, and emerging information security threats.
    • Provide training and support to employees on information security practices and ISO 27001 requirements.
  6. Documentation and Record Keeping:
    • Maintain detailed documentation of audit work, including workpapers, evidence, and audit reports.
    • Ensure that all audit records are securely stored and easily accessible for future reference.
  7. Coordination with External Auditors:
    • Coordinate with external auditors and certification bodies to support ISO 27001 certification and surveillance audits.
    • Share relevant information and findings with external auditors to facilitate their audit activities.
  8. Advisory Role:
    • Provide consulting services to management on information security, risk management, and ISO 27001 compliance.
    • Offer strategic input on new initiatives, projects, and business processes to ensure they are designed with adequate information security controls.

Qualifications:

  1. Education: Bachelor’s degree in information security, Computer Science, Information Technology, or a related field. A Master’s degree is a plus.
  2. Certifications: Certified Information Systems Auditor (CISA), ISO 27001 Lead Auditor.
    Certified Information Systems Auditor (CISA), or other relevant certifications are preferred.
  3. Experience: Minimum of 3-5 years of experience in information security auditing, internal auditing, or a related field, with a focus on ISO 27001 compliance.
  4. Skills:
    • Knowledge of ISO 27001 standards, information security controls, and risk management processes.
    • Strong analytical and problem-solving skills.
    • Excellent written and verbal communication skills.
    • Proficiency in audit software and Microsoft Office Suite.
    • Ability to work independently and as part of a team.
    • Strong attention to detail and organizational skills.

Competencies:

  1. Attention to Detail: Ability to conduct thorough audits and recognize discrepancies or areas for improvement.
  2. Analytical Thinking: Strong capacity to analyze complex data and provide actionable insights.
  3. Integrity: Uphold high ethical standards and confidentiality in handling sensitive information.
  4. Adaptability: Flexibility to adjust audit strategies in response to changing organizational needs and risks.
  5. Collaboration: Work effectively with cross-functional teams to promote information security awareness and compliance.
  6. Project Management: Skills to manage multiple audit projects simultaneously while meeting deadlines.
  7. Communication: Ability to convey complex information clearly and concisely to stakeholders at all levels.

Working Conditions:

  • Travel Requirements: Travel is required approximately 15% of the time for audits and related activities.

What’s in it for you

Joining our team means being part of a culture that values diversity, teamwork, and high-quality work. We offer competitive salaries, annual bonus potential, generous paid time off, paid volunteering days, wellness benefits, and robust opportunities for professional growth and career advancement. Want to learn more about what you can look forward to during your career with us? Visit our careers site and our openings: zafin.com/careers

Zafin welcomes and encourages applications from people with disabilities. Accommodations are available on request for candidates taking part in all aspects of the selection process. 

Zafin is committed to protecting the privacy and security of the personal information collected from all applicants throughout the recruitment process. The methods by which Zafin contains uses, stores, handles, retains, or discloses applicant information can be accessed by reviewing Zafin’s privacy policy at https://zafin.com/privacy-notice/. By submitting a job application, you confirm that you agree to the processing of your personal data by Zafin described in the candidate privacy notice.

Apply for this Job

* Required
resume chosen  
Dropbox Google Drive
(File types: pdf, doc, docx, txt, rtf)
Cancel
cover_letter chosen  
Dropbox Google Drive
(File types: pdf, doc, docx, txt, rtf)
Cancel

Enter the verification code sent to to confirm you are not a robot, then submit your application.

This application was flagged as potential bot traffic. To resubmit your application, turn off any VPNs, clear the browser's cache and cookies, or try another browser. If you still can't submit it, contact our support team through the help center.