IT Security Compliance Auditor

For over 25 years, Global Relay has set the standard in enterprise information archiving with industry-leading cloud archiving, surveillance, eDiscovery, and analytics solutions. We securely capture and preserve the communications data of the world’s most highly regulated firms, giving them greater visibility and control over their information and ensuring compliance with stringent regulations.

Global Relay is a career-building company. We believe great businesses thrive on diversity, inclusion, and the contributions of all employees. Reporting to the Vice President, Finance, the IT Auditor – Application Security, you will evaluate the design and operating effectiveness of controls related to application security, secure software development, and DevSecOps practices across the software development lifecycle (SDLC). You will assess how security controls and secure development practices are implemented across engineering, security, and operational environments, identifying risks, evaluating control effectiveness, and providing actionable, risk-based recommendations to strengthen Global Relay’s overall security posture.

As part of the Internal Audit function, you’ll work cross-functionally with Engineering (Developers & DevOps), Information Security, IT Operations, and Product teams to understand technical implementations and independently assess the effectiveness of application and technology security controls within the environment.

You’ll primarily focus on application and secure development practices while also supporting broader technology and security audit activities where required.

Assess application security and engineering programs, policies and software development governance practices

Evaluate the secure software development lifecycle (SDLC) and DevSecOps practices, including the integration of security controls within the CI/CD pipelines and alignment to industry frameworks such as OWASP

Identify recurring security findings, systemic risks and broader control weaknesses across applications, infrastructure and supporting technology environments

Participate in risk-based audit planning activities, including audit scoping, risk assessments, and control identification for technology and security audits

Document audit observations, risk impacts, root causes and control deficiencies and develop practical, risk-based recommendations for improvement

Prepare and communicate audit findings and technical assessments to both technical and non-technical stakeholders, including Engineering, Security, Product, IT Operations and leadership teams

Prepare and deliver presentations, reports, and supporting materials to communicate audit activities, findings, technical assessments, and recommendations to management and relevant stakeholders.

Support audit issue tracking, remediation, validation and follow up activities to assess the effectiveness and timeliness of corrective actions

3-5 years of experience in IT Audit, Application Security, Cybersecurity, DevSecOps, Software Engineering or Technology Risk

• Certified Secure Software Lifecycle Professional (CSSLP), Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), CIA (Certified Internal Auditor) or equivalent certifications considered an asset
• Experience evaluating application security controls and secure software development practices within the software development lifecycle (SDLC) and DevSecOps environments
• Familiarity with application security testing methodologies and tools, including manual testing, DAST/SAST Scan, API security scanning, and software composition analysis (e.g. Familiarity with code repositories and version control systems (e.g. Understanding of common application security risks and frameworks (OWASP Top 10)
• Understanding of software development lifecycle (SDLC) processes and secure development practices
• General understanding of infrastructure and security concepts, including access control, network security, and vulnerability management
• Attention to detail and quality-oriented mindset
• Ability to translate technical concepts into risk and control implications
• Effective communication skills with the ability to explain technical findings to both technical and non-technical stakeholders
• Ability to manage multiple priorities and work across different audit activities, maintaining organization and consistency in deliverables
• Cooperative, team-oriented, with a proactive approach to understanding new technologies, tools, and emerging risks

We provide a comprehensive extended health benefits program, including virtual healthcare and a wellness allowance. Employees also receive annual allotted vacation days, which increase based on tenure. Paid sick days, maternity/parental enhancement program, bonus, and an RRSP contribution matching program.

For Vancouver-based employees, we provide a subsidized meal program, courtesy of our talented in-house culinary team!

80,000—$110,000 CAD

Global Relay is an equal-opportunity employer committed to diversity, equity, and inclusion.

We seek to ensure reasonable adjustments, accommodations, and personal time are tailored to meet the unique needs of every individual.

To learn more about our business, culture, and community involvement, visit .