Manager GRC

Base Salary Range: $144591 - $196565

• Lead and enhanced the enterprise-wide Cybersecurity Governance, Risk, and Compliance (GRC) program, ensuring effective identification, assessment, treatment, and closure of cyber risks across the organization.
• Document, and operationalize cyber risk appetite and tolerance thresholds, ensuring risk treatment decisions, exceptions, and residual risk acceptance align with formally approved governance frameworks.
• Embed governance structures and accountability models across Divisions, Agencies & Corporations, ensuring clear ownership for risk remediation, control effectiveness, and compliance obligations.
• Implement, and continuously mature a NIST-aligned control framework, ensuring consistent application, monitoring, and reporting of control effectiveness across the enterprise.
• Lead the development, review, and lifecycle management of cybersecurity policies, standards, and procedures, ensuring alignment with regulatory, legal, and internal governance requirements and driving compliance through enforcement and attestation.
• Oversee and enhance the formal processes to track, manage, and close audit findings, remediation and treatment plans (RTPs), and compliance gaps, ensuring timely remediation, evidence-based closure, and executive reporting.
• Implement continuous control monitoring and periodic risk assessments, including effectiveness testing, to validate control performance and identify emerging risks, with integrated GRC reporting and dashboards.
• Develop, assess, and enforce information security controls to protect confidentiality, integrity, and availability (CIA), ensuring controls are measurable, auditable, and aligned with compliance requirements.
• Lead the organization’s response to increasing regulatory, audit, and third-party assurance demands, including ISO 27001/2, SOC 2, and other external assessments, ensuring audit readiness, evidence management, and successful certification/attestation outcomes.

• Post-secondary degree in Business or Technology or a related discipline.
• Over seven years of senior-level experience in Information Security
• Extensive senior-level and expertise in Information Security or Governance, Risk & Compliance (GRC).
• Over five years of experience in Information IT Risk/Audit organizations
• Three years of experience with GRC tools
• Extensive experience preparing comprehensive reports and presentations for all levels of an organization.
• Experience in establishing strategy and implementation of GRC Programs.
• Experience leading transformative multi-year programs.
• Ability to engage with internal and external stakeholders diplomatically and professionally
• Strong understanding of security risks, threats, and vulnerabilities and the judgment to assess and articulate risk effectively
• Experienced with security control frameworks including NIST Cybersecurity Framework, SOC 2, NIST 80-53, ISO 27001, and PCI.
• Strong understanding of the terminology, concepts, IT controls and best practices across key risk areas including risk assessment methodologies.
• Knowledge of architectural design and implementation methodologies, including software, network, and infrastructure.
• Knowledge of network and information security methods, standards, architectures, policies and procedures.
• Preferred Certifications (any in the list):  CISSP, CRISC, CISM, CISA

• Ability to work in transformative programs.
• Excellent leadership and organizational skills and the ability to work effectively with all level of stakeholders.
• Motivated self-starter demonstrating integrity, initiative and innovation qualities.
• Strong analytical ability where problems are typically unusual and difficult.
• Strong analytical skills and ability to prioritise and multitask.
• Excellent problem-solving skills with capability to identify solutions to unusual and complex problems.
• Ability to make quick decision.
• Strong business acumen with budgeting experience.
• Excellent understanding of audit and compliance standards.
• Experience with the audit process and performing risk-based audits.
• Ability to work with the broader IT organization and business management to align priorities and plans with key business objectives.
• Demonstrated capacity to lead under pressure, make decisions in ambiguous situations and drive cross functional collaboration in a short period of time.
• Demonstrated influence and persuasion skills, able to present to senior levels.
• Strong understanding of the business impact of security tools, technologies and policies.
• Ability to handle ambiguity and make decisions and recommendations with limited data
• Ability to prioritize and effectively manage competing priorities and projects.
• Ability to manage multiple initiatives while adhering to strict deadlines.
• Excellent communication and active listening skills with an aptitude for extracting and synthesizing complex information.
• Exceptional written and oral communication skills.
• Transferable skills, like communication and decision-making, are equally important.
• Being able to think on your feet and show good judgment are especially valuable in this field. “Security pros should always be ready to react to cyber-related incidents quickly.