Manager Governance, Risk & Compliance

City of Toronto • Full-time • Toronto, ON, CA • C$ 179k / year • 20h ago

Job ID: AR684

Job Title: Manager Governance, Risk & Compliance

Division: Toronto Cyber Security Division

Reports To: Manager Cyber Awareness

Location: Toronto, Ontario

Employment Type: Permanent Full-Time, Monday to Friday, 35 hours work week

Salary: $179,000.00

Consider your new role with Aliant Resources and our municipal government client, The City of Toronto.

About Us

Aliant Resources is a dedicated provider of IT staffing services, committed to promoting diversity, equity, inclusion, belonging, anti-racism, and accessibility in all facets of our operations.

Job Summary

To provide senior-level strategic and tactical guidance to the Director of Cyber Advisory as well as the Chief Information Security Office (CISO) in the execution of its mandate to establish and maintain a City-wide cyber program to ensure the City is adequately protected.

To provide leadership, guidance and manage the design, integration and implementation of cyber solutions that support the organization and the CISO's strategic objectives.

To implement and oversee the Governance, Risk & Compliance Programs and socialize Risk Management principles across the organization to promote awareness and effective management of cyber risks.

To collaborate with other segments of the organization to manage City-wide cyber initiatives.

Major Responsibilities

Lead and enhance the enterprise-wide Cybersecurity Governance, Risk, and Compliance (GRC) program, ensuring effective identification, assessment, treatment, and closure of cyber risks across the organization.
Document, and operationalize cyber risk appetite and tolerance thresholds, ensuring risk treatment decisions, exceptions, and residual risk acceptance align with formally approved governance frameworks.
Embed governance structures and accountability models across Divisions, Agencies & Corporations, ensuring clear ownership for risk remediation, control effectiveness, and compliance obligations.
Implement, and continuously mature a NIST-aligned control framework, ensuring consistent application, monitoring, and reporting of control effectiveness across the enterprise.
Lead the development, review, and lifecycle management of cybersecurity policies, standards, and procedures, ensuring alignment with regulatory, legal, and internal governance requirements and driving compliance through enforcement and attestation.
Oversee and enhance the formal processes to track, manage, and close audit findings, remediation and treatment plans (RTPs), and compliance gaps, ensuring timely remediation, evidence-based closure, and executive reporting.
Implement continuous control monitoring and periodic risk assessments, including effectiveness testing, to validate control performance and identify emerging risks, with integrated GRC reporting and dashboards.
Develop, assess, and enforce information security controls to protect confidentiality, integrity, and availability (CIA), ensuring controls are measurable, auditable, and aligned with compliance requirements.
Lead the organization’s response to increasing regulatory, audit, and third-party assurance demands, including ISO 27001/2, SOC 2, and other external assessments, ensuring audit readiness, evidence management, and successful certification/attestation outcomes.

Qualifications/Certifications:

Post-secondary degree in Business or Technology or a related discipline.
Over seven years of senior-level experience in Information Security.
Extensive senior-level and expertise in Information Security or Governance, Risk & Compliance (GRC).
Over five years of experience in Information IT Risk/Audit organizations.
Three years of experience with GRC tools.
Extensive experience preparing comprehensive reports and presentations for all levels of an organization.
Experience in establishing strategy and implementation of GRC Programs.
Experience leading transformative multi-year programs.
Ability to engage with internal and external stakeholders diplomatically and professionally.
Strong understanding of security risks, threats, and vulnerabilities and the judgment to assess and articulate risk effectively.
Experienced with security control frameworks including NIST Cybersecurity Framework, SOC 2, NIST 80-53, ISO 27001, and PCI.
Strong understanding of the terminology, concepts, IT controls and best practices across key risk areas including risk assessment methodologies.
Knowledge of architectural design and implementation methodologies, including software, network, and infrastructure.
Knowledge of network and information security methods, standards, architectures, policies and procedures.
Preferred Certifications (any in the list): CISSP, CRISC, CISM, CISA.

Skill

sAbility to work in transformative programs
.Excellent leadership and organizational skills and the ability to work effectively with all levels of stakeholders
.Motivated self-starter demonstrating integrity, initiative and innovation qualities
.Strong analytical ability where problems are typically unusual and difficult
.Strong analytical skills and ability to prioritise and multitask
.Excellent problem-solving skills with capability to identify solutions to unusual and complex problems
.Ability to make quick decisions
.Strong business acumen with budgeting experience
.Excellent understanding of audit and compliance standards
.Experience with the audit process and performing risk-based audits
.Ability to work with the broader IT organization and business management to align priorities and plans with key business objectives
.Demonstrated capacity to lead under pressure, make decisions in ambiguous situations and drive cross functional collaboration in a short period of time
.Demonstrated influence and persuasion skills, able to present to senior levels
.Strong understanding of the business impact of security tools, technologies and policies
.Ability to handle ambiguity and make decisions and recommendations with limited data
.Ability to prioritize and effectively manage competing priorities and projects
.Ability to manage multiple initiatives while adhering to strict deadlines
.Excellent communication and active listening skills with an aptitude for extracting and synthesizing complex information
.Exceptional written and oral communication skills
.Transferable skills, like communication and decision-making, are equally important
.Being able to think on your feet and show good judgment are especially valuable in this field. “Security pros should always be ready to react to cyber-related incidents quickly

.Diversity Statemen

tAt Aliant Resources, we are committed to building a workforce that reflects the communities we serve and to promoting a diverse, anti-racist, inclusive, accessible, merit-based, respectful and equitable workplace

.Accessibility Statemen

tAliant Resources is dedicated to making our recruitment process accessible to everyone with or without a disability. We adhere to workplace accessibility standards to ensure that individuals with disabilities can fully participate in employment opportunities. We understand the importance of identifying and removing barriers and we strive to provide an inclusive experience for all candidates

.Workplace Accommodation

sWe offer workplace accommodations throughout the recruitment process and all aspects of employment consistent with the requirements of the AODA

.If you require workplace accommodations due to a disability, injury, illness, or any other condition that may affect your ability to apply online or perform essential job functions, please reach out to us at accommodations@aliantresources.com. Your request will be answered and we will collaborate with you to provide appropriate workplace accommodations as appropriate

.How to Appl

yYou must apply online here on LinkedIn
.Your resume should not exceed four (4) pages, in Microsoft Word or PDF format only

.Note for all Applicant

sWe thank all applicants for their interest but advise that only those selected for further consideration will be contacted
.Qualified applicants may be considered for other comparable positions
.Please prepare your application in accordance with the qualifications posted in this job advertisement
.Subject to a police check, background check, psychological assessment and/or any other checks on a regular basis as the Office of the CISO handles highly sensitive and confidential information