Executive Advisor - Governance, Risk and Compliance

About The Position

Requirements

• 15+ years of progressive cybersecurity and GRC experience, including senior leadership roles in consulting, industry, or government
• Demonstrated track record standing up and scaling Cyber Resilience Programs for large, complex enterprises — including governance structures, risk frameworks, control libraries, metrics, and operating cadences
• Deep expertise across CMMC (Levels 1–3) and emerging CPCSC requirements, including how each maps to NIST 800-171 / 800-172 and supplier obligations
• Hands-on experience advising clients in space, aerospace, and defense — familiarity with ITAR, CGP, controlled goods, export controls, and allied compliance regimes
• Strong command of NIST CSF 2.0, NIST 800-53/171/172, ISO 27001/27005, ITSG-33, SOC 2, PCI DSS, and relevant privacy regimes (PIPEDA, Quebec Law 25, GDPR)
• Executive presence — proven ability to advise CISOs, CIOs, CFOs, GCs, audit committees, and boards
• Strong commercial acumen — practice building, account growth, proposal leadership, and revenue accountability
• Demonstrated leadership in mentoring, coaching, and developing high-performing GRC teams
• Eligibility for Government of Canada security clearance (Secret or higher); existing clearance highly valued
• Bachelor's degree required

Nice To Haves

• Certifications such as CISSP, CISM, CRISC, CGEIT, CISA, ISO 27001 Lead Auditor/Implementer, or CMMC Registered Practitioner (RP) strongly preferred
• Bilingualism (English/French) considered a strong asset
• Advanced degree (MBA, MS in Cybersecurity) preferred

Responsibilities

• Lead executive-level GRC advisory engagements for clients across space, aerospace, defense, government, and critical infrastructure
• Stand up and mature Cyber Resilience Programs at large enterprises, integrating governance, risk management, business continuity, third-party risk, and incident readiness into a cohesive operating model
• Advise C-suite and board stakeholders on cyber risk posture, regulatory exposure, and strategic investment priorities
• Lead client journeys to CMMC (Cybersecurity Maturity Model Certification) readiness and certification, including scoping, gap assessments, SSP/POAM development, and assessor coordination
• Lead client adoption of the Canadian Program for Cyber Security Certification (CPCSC) for organizations supporting the Government of Canada defense supply chain
• Develop, operationalize, and audit programs aligned with NIST CSF 2.0, NIST 800-53/171, ISO 27001/27005, ITSG-33, SOC 2, and sector-specific frameworks
• Advise space-sector clients on emerging requirements such as Space ISAC guidance, NIST IR 8401 (Satellite Ground Segment), and allied space defense expectations
• Define and implement enterprise risk management frameworks, KRIs/KPIs, risk appetite statements, and board reporting cadences
• Lead third-party / supply-chain risk programs aligned with defense industrial base (DIB) and allied requirements
• Shape Malleum's GRC service offerings, methodologies, accelerators, and intellectual property
• Mentor and develop senior managers, managers, and consultants — building bench strength and a strong delivery culture
• Drive business development: trusted-advisor relationships, account growth, proposals, and thought leadership across the space, aerospace, and defense ecosystem
• Represent Malleum in industry forums, regulator engagements, client briefings, and executive roundtables

Benefits

• Highly competitive executive compensation
• performance incentives
• equity-style participation in practice growth
• Continuous learning budget
• certification sponsorship
• a platform to publish, speak, and shape industry dialogue