Security GRC Specialist (Governance, Risk & Compliance)
- HYBRID one day a week in office (Wednesday) in either Toronto (Toronto Preferred) or Vancouver locations
Overview
We are seeking a Security GRC Specialist to support and enhance the organization’s cybersecurity risk and governance framework. This role focuses on identifying, assessing, and managing technology and cybersecurity risks while strengthening policies, controls, and compliance processes.
The position is ideal for someone who is proactive, detail-oriented, and passionate about security, with a strong ability to build trust and collaborate across teams.
Key Responsibilities
Risk Management
- Conduct risk assessments across IT systems, applications, vendors, and business processes
- Identify, assess, and document cybersecurity and technology risks
- Track remediation efforts and ensure timely resolution of identified risks
- Maintain and update risk registers, KPIs, and reporting metrics
- Collaborate with audit, IT, and business teams to support risk mitigation
Governance
- Support development and maintenance of cybersecurity policies, standards, and procedures
- Ensure alignment with industry frameworks such as NIST, ISO, and COBIT
- Help operationalize governance processes and establish long-term frameworks
Assurance & Compliance
- Monitor compliance with internal controls and external regulatory requirements
- Support internal and external audits
- Perform control testing and validate effectiveness of security controls
- Assist in preparing reports and metrics for leadership and board-level updates
Third-Party Risk
- Support vendor risk assessments and review third-party security controls
- Evaluate responses to risk questionnaires and identify gaps
GRC Tools & Reporting
- Work with GRC tools (e.g., Archer, ServiceNow GRC, Resolver)
- Support dashboards, reporting, and automation of risk and compliance processes
Requirements
- 5–8 years of experience in:
- IT risk
- Cybersecurity risk
- Audit or compliance
- Strong understanding of risk lifecycle and assessment processes
- Experience with GRC tools and platforms
- Familiarity with regulatory and compliance requirements
- Knowledge of frameworks such as NIST, ISO 27001, COBIT
- Bachelor’s degree in Information Security, Computer Science, Business, or related field
- Certifications such as CISSP, CISA, CRISC are an asset
Key Traits for Success
- Strong communication skills with the ability to present to both technical and non-technical stakeholders
- High level of integrity, transparency, and sound judgment
- Ability to build trust across teams and with senior stakeholders
- Proactive mindset with strong curiosity and willingness to learn
- Adaptability in fast-paced, evolving environments
- Strong analytical and problem-solving skills
What This Role Is
- Focused on governance, risk, and compliance (GRC)
- Involves identifying risks, assessing gaps, and improving processes
- A mix of strategic thinking and hands-on execution
- A generalist role with a security focus
What This Role Is NOT
- Not a hands-on security operations role (SOC, incident response, etc.)
- Not a purely technical engineering role
