Information Technology Internal Auditor

Location: Montréal, QC or Toronto, ON (Hybrid/Office-based)

Role Type: Assistant Manager – Real-Time Project Security

Are you an AppSec or Cloud Security specialist who is tired of just "finding problems" and wants to help "build solutions"?

Most Internal Audit roles look backward at what went wrong. We don’t. At our client's company, the Real-Time Review (RTR) team sits at the front lines of innovation. We are looking for an IT Internal Audit Assistant Manager (Project Security) who functions more like a Security Consultant than a compliance officer.

If you understand the "under the hood" mechanics of AWS, how to secure AI-driven development, and how to fix a CI/CD pipeline rather than just reporting on it—we want to talk to you.

The Mission: Shift-Left Security

In this role, you won't be ticking boxes. You will be a proactive technical advisor across our North American and European operations.

You will:

• Advise, Not Just Audit: Partner with engineering teams during the design phase of Cloud and AI projects to ensure security is baked in from Day 1.
• Technical Deep Dives: Conduct hands-on reviews of AWS/Cloud parameters, container security, and secure coding practices.
• AI Governance: Identify and mitigate risks associated with Machine Learning and AI-assisted coding tools.
• Vulnerability Management: Don’t just list vulnerabilities—assess the root cause, understand the end-risk, and help developers implement the right controls.

Who You Are (The "Technical Specialist" Profile)

• The Architect Mindset: You ask "How do we build this safely?" instead of "Does this meet the regulation?"
• Cloud Native: You have a deep practical understanding of AWS (Security Hub, IAM, GuardDuty, etc.) and/or Azure/GCP.
• Code Literate: You understand the software development lifecycle (SDLC) and can identify vulnerabilities within the code or the pipeline.
• The Communicator: You can translate complex security risks into business logic for stakeholders. (Note: Bilingualism in English/French is required for our Montreal-based candidates).

What You Bring

• Education: Post-secondary degree in Computer Science, Software Engineering, or Information Systems.
• Experience: 3+ years in IT Security, DevSecOps, or Technical IT Audit. Big 4 or Insurance experience is a plus, but your technical "under the hood" knowledge is what matters most.
• Certifications: You likely hold (or are pursuing) a CCSP, CCSK, CISSP, or CISM.
• Forward-Thinking: You stay ahead of the curve on AI/ML security risks and modern framework (NIST, ISO 27001, SOC 2)

Why Join Us?

• Impact: You aren't a back-office function; you are a key value-add to our global technology success.
• Flexibility: Our client has vibrant, high-energy hubs in both Montréal and Toronto. This role can be based in either city.
• Innovation: Work with the latest tech stacks in AI and Cloud infrastructure.

Stop auditing the past. Start securing the future.