Governance, Risk & Compliance Manager

EarthDaily Analytics•Vancouver, BC

2d•CA$130,000 - CA$150,000•Hybrid

About The Position

EarthDaily is revolutionizing the way we understand and monitor our planet. Through cutting-edge Earth Observation (EO) technology and geospatial analytics, we provide unparalleled insights for industries ranging from agriculture to mining, insurance, and government intelligence. Our mission is to build the world’s most advanced change detection system to capture, analyze, and interpret global shifts in near real-time. We are currently looking for an experienced, Vancouver-based Governance, Risk, & Compliance (GRC) Manager to join our crew! This is a Vancouver-based hybrid position, with some in-office work required and occasional travel for audits, team meetings, or vendor assessments. Reporting directly to the Director, IT, with a dotted-line reporting relationship to the VP, Finance & Internal Controls, this role owns policy lifecycle management, risk documentation, audit readiness, and compliance evidence collection for IT general controls and related IT compliance obligations. In addition to driving the company’s broader GRC program, including SOC 2, existing compliance certifications, and any future frameworks the business adopts, this position plays a key role in advancing EarthDaily’s IT general controls supporting SOX 302 and 404, IT inputs to disclosure controls, and cybersecurity governance as it relates to public-company readiness. Success requires self-direction, sound judgment, and persistence in driving cross-functional initiatives forward across IT, Finance/Internal Controls, Legal, HR, and Engineering.

Requirements

Bachelor’s degree in Information Security, Computer Science, Business Administration, Accounting, or related field; relevant professional experience and certifications may substitute for formal education
5+ years of experience in IT security, risk management, compliance, or audit roles
3+ years of direct experience with GRC programs, policy management, or audit preparation
Demonstrated experience working with industry-recognized security and compliance frameworks such as SOC 2, NIST CSF, or ISO 27001, plus working experience with SOX/ICFR controls
Experience serving as a liaison with external auditors or supporting certification efforts
Working familiarity with SOX Sections 302 and 404 and IT general controls, ideally through prior support of SOX programs, internal audit testing, or public-company readiness activities
Strong knowledge of common security and compliance frameworks such as SOC 2, NIST, and ISO 27001, and a practical understanding of how these frameworks intersect with IT general controls and public-company readiness expectations
Working knowledge of the COSO 2013 Internal Control – Integrated Framework and the application of SOX 302 and 404 to IT general controls, including how control deficiencies are identified, rated, and tracked through remediation
Working knowledge of identity and access management platforms such as Okta or Azure AD, including the ability to navigate admin consoles, pull user populations, assess privileged access, and support periodic access review processes
Comfortable pulling configuration details, audit logs, and compliance-relevant data from SaaS platforms and organizing them into complete, audit-ready evidence packages
Working knowledge of risk assessment methodologies and risk register management
Familiarity with privacy regulations such as GDPR and CCPA, and with cloud security concepts across SaaS, IaaS, and identity platforms
Self-sufficient and highly organized, with the ability to manage multiple concurrent workstreams and operate independently with minimal oversight
Excellent written and verbal communication, including the ability to convey compliance requirements clearly to technical and non-technical audiences and prepare concise updates for senior management
Resourceful, persistent, and resilient, with the ability to follow up, escalate when necessary, and drive initiatives forward across competing priorities
Builds credibility and productive working relationships across IT, Legal, Finance, Internal Controls, Engineering, and business teams, balancing sound governance with practical execution

Nice To Haves

Relevant professional certifications such as CISA, CRISC, CISSP, CISM, or CGRC are preferred
Familiarity with SOX/ICFR (e.g., through co-sourced internal audit experience or a CPA-track background) is an asset
Experience working with GRC platforms such as Vanta, Drata, or ServiceNow GRC
Background in IT administration or technical operations, with comfort navigating system admin consoles and pulling reports independently; familiarity with scripting languages is an asset but not required
Experience supporting compliance in high-growth or regulated environments, including IPO readiness, SEC cybersecurity disclosure support, or publicly traded companies
Experience in technology, SaaS, or data-intensive industries

Responsibilities

Own the enterprise risk register, conduct risk assessments, and present findings, mitigation plans, and residual risk levels to decision-makers
Escalate risk acceptance decisions, security variance approvals, and policy exceptions to the appropriate owner (the Director, IT, the VP, Finance & Internal Controls, or executive leadership) based on risk type and organizational impact
Identify gaps in processes, documentation, or controls through stakeholder interviews and process walkthroughs, and take ownership of addressing them, developing procedures and templates as needed
Manage the policy lifecycle across IT and information security policies, and support Finance and Internal Controls in maintaining ICFR-related policies
Adapt policy templates to reflect organizational realities while coordinating annual reviews, version control, and approval tracking
Review contractual agreements for GRC-related requirements and ensure compliance obligations are identified, documented, and tracked
Own the IT general controls (ITGC) component of SOX 302 and 404, including scoping, documentation, management testing, deficiency evaluation, and remediation tracking, partnering with Finance and Internal Controls, who own process- and entity-level controls
Provide IT inputs to disclosure controls and procedures (DC&P), including IT sub-certification processes that support public-company readiness for executive certification requirements
Contribute to cybersecurity disclosure readiness aligned with Item 106 of Regulation S-K and Item 1.05 of Form 8-K
Coordinate periodic tabletop exercises and incident response walkthroughs to validate incident readiness, including readiness for SEC Item 1.05 disclosure timelines, and to test the effectiveness of key controls
Collect and organize evidence artifacts to support compliance audits, certification efforts, and public-company readiness activities, leveraging GRC tooling and pulling data directly from systems when needed
Serve as a primary liaison with internal and external auditors and other advisors, coordinating evidence requests, walkthroughs, remediation follow-up, and diligence support
Manage third-party risk by coordinating vendor security assessments, collecting attestations, and tracking contract security provisions
Coordinate with regional privacy stakeholders to ensure company-wide alignment on data protection practices
Monitor business and technology initiatives for compliance, cybersecurity, and controls implications, proactively engaging when projects involve customer data, financially relevant systems, new applications, or third-party integrations
Coordinate periodic privileged access reviews, user access certifications, and other recurring IT general control activities with IT operations, maintaining evidence of performance for audit and compliance purposes
Generate compliance metrics, remediation status, and readiness reports, presenting findings, risks, and recommendations to the Director, IT, the VP, Finance & Internal Controls, and executive leadership in a clear, decision-useful manner