Director, Governance, Risk and Compliance (GRC)

About The Position

Requirements

• 10+ years of experience in information security, cybersecurity, technology risk, or IT controls
• At least 5 years of direct GRC experience, including 3+ years in a leadership capacity
• Experience within banking, fintech, insurance, payments, wealth management, or another regulated financial services environment
• Proven success operating as a senior individual contributor with ownership of risk assessments, governance documentation, executive reporting, and remediation tracking
• Strong understanding of enterprise cyber risk management, governance, and compliance practices
• Extensive experience with data governance risk management, privacy controls, and information asset protection
• Experience managing cyber risk registers, risk reviews, issue management, and remediation programs
• Strong knowledge of Canadian financial sector regulatory expectations, operational resilience principles, and privacy obligations
• Excellent communication skills with the ability to translate technical issues into clear business risk language
• Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, Risk Management, or a related field, or equivalent practical experience
• Experience supporting audits, regulatory reviews, customer security assessments, and control testing activities
• Strong understanding of identity and access management, data protection, cloud security, vulnerability management, incident response, third-party risk, and business continuity

Nice To Haves

• Experience within a Canadian regulated financial institution or fintech organization
• Professional certifications such as CISSP, CISM, CRISC, CGEIT, or ISO 27001 Lead Implementer/Auditor
• Experience implementing or enhancing GRC platforms, workflow automation, and reporting dashboards
• Familiarity with PCI DSS, SOC 2, cloud control frameworks, and privacy control frameworks
• Experience mapping controls across multiple regulatory and compliance frameworks

Responsibilities

• Own and operate the enterprise cyber risk management framework
• Maintain cybersecurity, technology, and data risk registers
• Conduct cyber risk assessments across business processes, systems, vendors, and strategic initiatives
• Define and track key risk indicators (KRIs), metrics, and remediation activities
• Support post-incident risk reviews and continuous improvement efforts
• Support internal and external audits, regulatory reviews, and customer due diligence requests
• Validate control effectiveness and coordinate audit evidence collection
• Manage cybersecurity policy governance and exception management processes
• Ensure alignment with industry frameworks including NIST, ISO 27001, privacy regulations, and financial sector requirements
• Partner with data governance, privacy, legal, and compliance teams to manage information risk
• Oversee data governance activities including classification, retention, protection, access governance, and recovery controls
• Support vendor and third-party risk assessments and remediation efforts
• Prepare executive-level cyber risk reporting and governance updates
• Present risk trends, control gaps, remediation progress, and emerging risks to leadership
• Influence business, technology, and control owners to drive risk reduction activities
• Build strong relationships across cybersecurity, IT, legal, compliance, enterprise risk, and operational teams
• Develop and mature cybersecurity governance programs, policies, standards, and procedures
• Improve GRC processes, workflows, and governance effectiveness
• Personally execute critical deliverables in a hands-on leadership capacity
• Balance business objectives with practical, risk-based governance and security controls

Benefits

• Discretionary Annual Bonus
• Comprehensive Benefits: health and dental plans with 100% of the premiums covered
• Employee Assistance Program
• Retirement Plans
• Tuition assistance
• Professional development reimbursement
• Discounts through Perkopolis
• Rewards and recognition programs