IT Auditor, Application Security

Who we are

For over 25 years, Global Relay has set the standard in enterprise information archiving with industry-leading cloud archiving, surveillance, eDiscovery, and analytics solutions. We securely capture and preserve the communications data of the world’s most highly regulated firms, giving them greater visibility and control over their information and ensuring compliance with stringent regulations.

Though we offer competitive compensation and benefits and all the other perks one would expect from an established company, we are not your typical technology company. Global Relay is a career-building company. A place for big ideas. New challenges. Groundbreaking innovation. It’s a place where you can genuinely make an impact – and be recognized for it.

We believe great businesses thrive on diversity, inclusion, and the contributions of all employees. To that end, we recruit candidates from different backgrounds and foster a work environment that encourages employees to collaborate and learn from each other, completely free of barriers.

Your role

Reporting to the Vice President, Finance, the IT Auditor – Application Security, you will evaluate the design and operating effectiveness of controls related to application security, secure software development, and DevSecOps practices across the software development lifecycle (SDLC). You will assess how security controls and secure development practices are implemented across engineering, security, and operational environments, identifying risks, evaluating control effectiveness, and providing actionable, risk-based recommendations to strengthen Global Relay’s overall security posture.

As part of the Internal Audit function, you’ll work cross-functionally with Engineering (Developers & DevOps), Information Security, IT Operations, and Product teams to understand technical implementations and independently assess the effectiveness of application and technology security controls within the environment.

You’ll primarily focus on application and secure development practices while also supporting broader technology and security audit activities where required.

Your responsibilities

• Assess application security and engineering programs, policies and software development governance practices
• Evaluate the secure software development lifecycle (SDLC) and DevSecOps practices, including the integration of security controls within the CI/CD pipelines and alignment to industry frameworks such as OWASP
• Evaluate secure coding practices across engineering and development teams including the use of AI in development processes
• Review and analyze application security testing activities and outputs including SAST, DAST, API security testing, container security scanning and manual security testing results
• Assess vulnerability management and penetration testing processes, including identification, prioritization, remediation, validation, exception handling and reporting practices
• Review maturity and security of automation practices, controls across virtualized and container environments
• Identify recurring security findings, systemic risks and broader control weaknesses across applications, infrastructure and supporting technology environments
• Participate in risk-based audit planning activities, including audit scoping, risk assessments, and control identification for technology and security audits
• Perform testing and validation of application and technology security controls to assess their design and operating effectiveness
• Document audit observations, risk impacts, root causes and control deficiencies and develop practical, risk-based recommendations for improvement
• Prepare and communicate audit findings and technical assessments to both technical and non-technical stakeholders, including Engineering, Security, Product, IT Operations and leadership teams
• Prepare and deliver presentations, reports, and supporting materials to communicate audit activities, findings, technical assessments, and recommendations to management and relevant stakeholders.
• Support audit issue tracking, remediation, validation and follow up activities to assess the effectiveness and timeliness of corrective actions
• Stay informed of emerging threats, vulnerabilities, technologies and industry trends related to application security and secure development practices

About You

• 3-5 years of experience in IT Audit, Application Security, Cybersecurity, DevSecOps, Software Engineering or Technology Risk
• Certified Secure Software Lifecycle Professional (CSSLP), Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), CIA (Certified Internal Auditor) or equivalent certifications considered an asset
• Experience evaluating application security controls and secure software development practices within the software development lifecycle (SDLC) and DevSecOps environments
• Familiarity with application security testing methodologies and tools, including manual testing, DAST/SAST Scan, API security scanning, and software composition analysis (e.g. Jfrog X-Ray)
• Familiarity with code repositories and version control systems (e.g. Bitbucket or similar platforms)
• Understanding of common application security risks and frameworks (OWASP Top 10)
• Understanding of software development lifecycle (SDLC) processes and secure development practices
• General understanding of infrastructure and security concepts, including access control, network security, and vulnerability management
• Strong analytical and critical thinking skills
• Attention to detail and quality-oriented mindset
• Ability to translate technical concepts into risk and control implications
• Effective communication skills with the ability to explain technical findings to both technical and non-technical stakeholders
• Ability to manage multiple priorities and work across different audit activities, maintaining organization and consistency in deliverables
• Cooperative, team-oriented, with a proactive approach to understanding new technologies, tools, and emerging risks

Compensation

Global Relay advertises the pay range for this role in compliance with British Columbia’s pay transparency laws. Individual pay rates are determined by evaluating factors such as expertise, skills, education, and professional background.

The range below reflects the expected annual base salary, which is only one element of our comprehensive total rewards package designed to reflect our company pay philosophy, culture and values. We aim to foster an inspiring work environment and support employees' work-life rhythms. We provide a comprehensive extended health benefits program, including virtual healthcare and a wellness allowance. Employees also receive annual allotted vacation days, which increase based on tenure. Other benefits include: Paid sick days, maternity/parental enhancement program, bonus, and an RRSP contribution matching program.

For Vancouver-based employees, we provide a subsidized meal program, courtesy of our talented in-house culinary team!

British Columbia - Base salary range

$80,000 - $110,000 CAD

What you can expect

At Global Relay, there’s no ceiling to what you can achieve. It’s the land of opportunity for the energetic, the intelligent, the driven. You’ll receive the mentoring, coaching, and support you need to reach your career goals. You’ll be part of a culture that breeds creativity and rewards perseverance and hard work. And you’ll be working alongside smart, talented individuals from diverse backgrounds, with complementary knowledge and skills.

Global Relay is an equal-opportunity employer committed to diversity, equity, and inclusion.

We seek to ensure reasonable adjustments, accommodations, and personal time are tailored to meet the unique needs of every individual.

To learn more about our business, culture, and community involvement, visit