Manager, Global Technology Governance, Risk and Compliance – GRC
Canada
Full Time
1 week ago
$119,300 - $169,300 USD
No H1B
Key skills
Cyber SecurityServiceNowLeadershipRisk ManagementChange ManagementCommunicationCollaboration
About this role
Role Overview
- Lead and support the implementation, optimization, and ongoing management of ServiceNow IRM, ensuring alignment with GRC processes, regulatory expectations, and segment needs.
- Align and evolve information security policies and standards with industry frameworks (ISO 27001/2, COBIT, NIST) and regulatory requirements.
- Partner with Canada, Europe, and US to harmonize governance practices and support consistent adoption of policies, standards, and controls.
- Provide governance expertise and risk‑based guidance to senior leaders, balancing business needs with security considerations to support informed decision‑making.
- Drive change management, communication, training, and stakeholder engagement to support adoption of GRC practices and process workflows.
- Prepare and deliver governance updates, executive presentations, and risk insights for senior leadership and oversight committees.
- Use ServiceNow IRM to aggregate and interpret enterprise outcome data, including risks, issues, controls, remediation updates, and Key Risk Indicators (KRIs), for Lifeco‑level dashboards, metrics, and reporting.
- Aggregate and analyze segment‑level risk assessment outputs (technology, cyber, operational, regulatory, emerging) to support consolidated oversight.
- Support regulatory engagements (e.g., OSFI), including preparing responses, evidence, and submissions.
- Identify opportunities to streamline and automate GRC processes, reporting, and workflows across segments.
- Contribute to broader information security and technology risk governance activities, including Risk Taxonomy Engineering, Emerging Technology Risk Management, Third Party Risk Assessments, Frameworks and Policy Management, Cybersecurity Maturity etc.
Requirements
- 7–12 years of experience in Information Security, Technology Risk, or GRC roles within large complex organizations.
- Degree or Diploma in Information Technology and/ or business, or combined relevant field experience and certifications CISSP, CGRC, CISA, CISM, CRISC, CGEIT.
- Experience supporting or implementing ServiceNow IRM
- Experience in the designing, building, integrating, and maintaining a technology product, automation, and data structures that enable an organization’s GRC processes.
- Strong knowledge of frameworks (NIST CSF, ISO 27001, COBIT, CIS Controls) and regulatory expectations (OSFI B‑10, DORA, SOC 2, GDPR).
- Skilled at articulating technical risks in business language and influencing stakeholders across regions, lines of defence, and leadership levels.
- Excellent collaboration skills across global teams and multi‑segment environments.
Tech Stack
- Cyber Security
- ServiceNow
Benefits
- Inclusive workplace
- Employee voice and value
- Career and well-being support
- Opportunities for professional development