Cyber Governance & Compliance Specialist

About The Position

Requirements

• University degree in information systems, accounting, finance, cybersecurity, or any combination of equivalent education and experience.
• Minimum 5 years of relevant experience in IT controls, technology risk, internal audit/external audit, or compliance programs.
• Strong knowledge of IT control domains (access, change, operations) and how to document and evidence controls in an audit context.
• Experience supporting compliance obligations such as NI52-109 and familiarity with related frameworks/norms (e.g., ISO 27001, COBIT, ITIL; familiarity with other industry norms such as SOX is an asset).
• Strong ability to write clear control documentation and influence control owners across IT (Applications, Infrastructure, Cloud, IAM, End-User, etc.).
• Comfortable partnering with Finance, Internal Audit and External Audit; able to explain technical processes in business/audit language.
• Excellent organizational skills and attention to detail; strong judgement and ability to prioritize.
• For candidates located in Quebec, bilingualism is required considering the necessity to interact on a regular basis with English-speaking colleagues across the country.
• No Canadian work experience required however must be eligible to work in Canada.

Nice To Haves

• Familiarity with other industry norms such as SOX is an asset.

Responsibilities

• Own and maintain the enterprise IT controls framework aligned to NI52-109 and other applicable norms (e.g., ISO 27001, COBIT/ITIL), including control taxonomy, and evidence expectations.
• Translate compliance requirements into practical, testable controls for key IT domains (e.g., identity and access management, change management, IT operations, backups, incident management, SDLC where applicable).
• Develop and maintain control documentation (control narratives, procedures, evidence guides, control rationales) in partnership with IT control owners.
• Lead control design assessments and walkthroughs with stakeholders; identify control gaps and propose remediation plans.
• Define evidence standards and quality gates to improve auditability (what “good evidence” looks like, retention, consistency, traceability).
• Coordinate and support audit activities (internal and external): walkthroughs, responses, testing support, and closure packages.
• Maintain a strong working relationship with Finance stakeholders for IT control topics that support financial reporting and disclosure obligations under NI52-109.
• Support the evolution of the control environment (rationalization, standardization, and continuous improvement) and proactively propose new best practices and technologies where valuable.
• Support on compliance Regulatory inquiries, reviews

Benefits

• Flexible work arrangements and a hybrid work model
• Possibility to purchase up to 5 extra days off per year
• Multiple benefits offered to support physical and mental wellbeing, including telemedicine, Wellness account and much more
• Share plan & other savings: up to 12% of salary or even more (ask how you could earn guaranteed income for life)
• Annual bonus target, based on the base salary, with a potential payout of up to double the target (subject to personal and company performance): 15%
• Employee Share Purchase Plan (ESPP) – with Intact matching 50% of your net shares.
• Defined benefit pension plan offering guaranteed income for life.