×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security IT Consultant Data Security

Senior Information Security Auditor; Technical – TISAX, NIST & CMMC; GTO, Montreal

Job in Ottawa, Ontario, Canada
Listing for: Seratos Consulting Inc.
Full Time position
Listed on 2026-06-26
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, IT Consultant, Data Security
Salary/Wage Range or Industry Benchmark: 85000 - 120000 CAD Yearly CAD 85000.00 120000.00 YEAR
Job Description & How to Apply Below
Position: Senior Information Security Auditor (Technical) – TISAX, NIST & CMMC (GTO, Montreal )

Senior Information Security Auditor (Technical) – TISAX, NIST & CMMC (GTO, Montreal, Ottawa)

Seratos is seeking an experienced Senior Information Security Auditor to join our growing consulting practice. This client‑facing role is focused on delivering information security auditing, compliance assessments, and certification readiness services across multiple security frameworks, with particular emphasis on ISO/IEC 27001:2022, TISAX® (VDA ISA), NIST Cybersecurity Framework (CSF), NIST SP 800-171, and Cybersecurity Maturity Model Certification (CMMC).

The successful candidate will lead ISMS audits, conduct technical and governance assessments, perform gap analyses, facilitate readiness activities, and support clients throughout certification and regulatory audit processes. This role requires a strong technical understanding of information security controls, risk management, secure system architectures, and compliance frameworks.

Key Responsibilities Information Security Audits
  • Lead and conduct internal audits and independent assessments against information security frameworks including:
  • TISAX (VDA ISA)
  • NIST Cybersecurity Framework (CSF)
  • NIST SP 800-171
  • CMMC Level 1 and Level 2 requirements
  • ISO/IEC 27001:2022
  • SOC 2 Trust Services Criteria
  • Evaluate the effectiveness of administrative, technical, and physical security controls.
Gap Assessments & Compliance Readiness
  • Perform detailed gap assessments and maturity evaluations.
  • Develop practical remediation recommendations and prioritized action plans.
  • Assess control implementation, evidence quality, and operational effectiveness.
TISAX and CMMC Readiness Programs
  • Support clients preparing for TISAX assessments and CMMC certification efforts.
  • Conduct readiness reviews, mock assessments, and evidence validation exercises.
  • Assist clients in implementing corrective actions and strengthening control environments.
Security Governance & Risk Management
  • Evaluate information security governance structures, risk management processes, supplier security programs, and incident response capabilities.
  • Review policies, procedures, standards, and technical documentation for compliance and effectiveness.
  • Design and facilitate tabletop exercises and cyber incident simulations.
  • Assess organizational preparedness and provide recommendations for improvement.
Third-Party Audit Support
  • Support clients during certification audits, customer assessments, regulatory reviews, and external examinations.
  • Act as a trusted advisor during audit preparation, evidence collection, and auditor interactions.
  • Prepare comprehensive audit reports, executive summaries, risk assessments, and remediation roadmaps.
  • Present findings and recommendations to client leadership, technical teams, and stakeholders.
Stakeholder Engagement
  • Build strong client relationships and serve as a trusted advisor on information security and compliance matters.
  • Collaborate with cross‑functional teams including IT, Engineering, Legal, Quality, and Executive Leadership.
Required Qualifications
Experience
  • Minimum of 5 years of experience in information security auditing, compliance consulting, cybersecurity governance, or risk management.
  • Demonstrated experience conducting assessments against one or more of the following:
  • TISAX (VDA ISA)
  • NIST CSF
  • NIST SP 800-171
  • CMMC
  • ISO/IEC 27001
  • SOC 2
  • Experience supporting organizations through external audits, certification assessments, or regulatory reviews.
Technical Knowledge

Strong understanding of:

  • Information Security Management Systems (ISMS)
  • Security architecture and technical controls
  • Identity and Access Management (IAM)
  • Endpoint and infrastructure security
  • Cloud security environments (AWS, Azure, Google Cloud)
  • Incident response and business continuity
  • Supplier and third‑party risk management
Certifications

Required (one or more):

  • Certified Information Systems Auditor (CISA)

Strongly Preferred Technical Background

  • Hands‑on experience in cybersecurity engineering, cloud security, Dev Ops, infrastructure operations, software development, security operations (SOC), industrial control systems (ICS/SCADA), operational technology (OT), IoT security, or enterprise architecture.
  • Experience implementing or managing security controls…
Position Requirements
10+ Years work experience
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search