CrawlJobs Logo

Manager, IT Governance, Risk & Compliance

Canada, Toronto 85000.00 - 125000.00 CAD / Year · Job Posted March 02, 2026
Apply Position
Job Link Share

Job Description

Reporting to the Director, IT Governance, Risk & Compliance, the GRC Manager is responsible for leading governance and compliance initiatives across all properties and the home office, ensuring alignment with privacy regulations, PCI requirements, and internal policies. The ideal candidate will have experience operating in a global enterprise with complex, cross‑functional dependencies, preferably within hospitality or retail PCI environments where multiple locations across various geographic locations and time zones rely on a centralized GRC team for compliance support and guidance. This includes coordinating evidence collection, managing compliance activities across distributed locations, and ensuring consistent adherence to PCI DSS controls. The role requires strong capabilities in PCI, IT, and cybersecurity risk management, including the ability to assess, identify, track, and mitigate risks across diverse business units and operational areas. The GRC Manager should also be skilled in developing risk remediation plans, driving them to completion, and maintaining ongoing compliance in environments. This includes leveraging GRC tooling such as ServiceNow to support workflow management, helpdesk operations, incident and request tracking, evidence collection, and dashboard reporting, as well as demonstrating strong proficiency in the Microsoft Office suite to produce clear documentation, reporting, and stakeholder communications. The primary focus of this role is leading and maintaining PCI Home Office compliance, ensuring continuous alignment with PCI DSS requirements and internal standards. The role also encompasses managing and supporting compliance activities across properties globally, overseeing helpdesk GRC requests, onboarding new properties and teams, delivering targeted training sessions, and maintaining accurate, up‑to‑date compliance statistics and documentation. This position provides broad exposure to current and future GRC initiatives and plays a critical role in sustaining the organization’s overall IT governance, risk, and compliance posture.

Job Responsibility

  • Lead the Corporate Office PCI compliance Program, including: Define, collect, and conduct internal reviews for the Corporate Quarterly PCI compliance cycles
  • Lead the planning, evidence collection, and internal review processes for the Corporate Annual PCI assessment
  • Scheduling and participating in all audit-related meetings to ensure consistent communication between teams and the QSA
  • Overseeing remediation of audit findings and tracking progress to closure
  • Work closely with the QSA to ensure the successful annual renewal of the company’s AoC (Attestation of Compliance) and RoC (Report of Compliance) as a Level 1 service provider
  • Facilitating the Corporate annual tabletop major incident response exercise with Corporate TID teams
  • Maintain and update the company’s IT policies, standards, and procedures
  • develop new documentation and RACI matrices
  • communicate changes to relevant stakeholders
  • conduct reviews as required
  • and deliver ongoing training to ensure organization‑wide understanding and adherence
  • Lead TID activities to ensure properties globally meet PCI compliance requirements and regulations: Identify opportunities to streamline property global compliance workflows and implement process optimizations or automation to increase efficiency and reduce operational risk
  • Lead the annual Hotel Security Assessment program and guide properties on how to comply with control requirements
  • Manage HSA findings in ServiceNow and follow up with property stakeholders to ensure timely remediation
  • Oversee PCI helpdesk tickets efficiently
  • Onboard new properties into the compliance program and deliver PCI compliance training and follow-up status calls
  • Monitor PCI compliance status across all properties and oversee the timely renewal of PCI self‑attestations
  • Compile and communicate program metrics, providing the GRC Director with clear visibility into compliance trends and remediation progress
  • Maintain and enhance compliance dashboards, SharePoint sites, reports, and documentation to support program oversight and decision‑making
  • Onboard new corporate teams into the Change Management program and ensure alignment with established processes
  • Collaborate with stakeholders to ensure changes are properly endorsed and effectively communicated to all impacted groups
  • Evaluate change requests to determine PCI significance, working closely with corporate PCI teams to ensure adherence to the internal PCI‑significant change process, documentation, and evidence collection alignment with PCI standards
  • Lead and facilitate weekly CAB (Change Advisory Board) meetings, including: Preparing weekly agenda and presentation
  • Reviewing and approving change requests
  • Follow up on pending change requests and ensure post‑implementation reviews and root cause analyses are documented when unplanned service disruptions or service outages occur
  • Support vendor selection activities by evaluating vendor capabilities, assessing risk and compliance alignment, and recommending solutions that best meet program and business needs
  • Manage GRC vendor relationships to ensure solutions and services align with the company’s operational and business needs
  • Conduct internal reviews and manage the renewal process for GRC‑owned contracts in collaboration with vendors and the Four Seasons internal legal team
  • Support GRC Director in overseeing invoice tracking and budget reconciliation for the PCI program
  • Leverage a wide range of technologies to improve operational efficiency and strengthen compliance management, including leading GRC platforms such as RSA Archer, ServiceNow, MetricStream, Refinitiv, and OpenPages
  • Identify, assess, and document cybersecurity and operational risks across systems, applications, vendors, and business processes, using established risk management practices
  • Conduct regular risk analyses aligned with recognized industry frameworks (such as NIST CSF, NIST 800‑30, ISO 27005) to evaluate control effectiveness and determine overall risk exposure
  • Translate technical findings into clear business impacts to support leaders and stakeholders in making informed, risk‑based decisions
  • Monitor emerging threats, vulnerabilities, and regulatory requirements to proactively assess changes that may affect the organization’s security or compliance posture
  • Collaborate with technology and business teams to drive timely remediation of identified risks, track mitigation progress, and confirm closure through appropriate evidence
  • Maintain and enhance risk registers, dashboards, and reporting mechanisms within the organization’s GRC tool to support leadership reporting, governance activities, and audit readiness
  • Advise teams on secure practices, policies, and control requirements to promote a strong risk‑aware culture across the organization
  • Ensure risk management activities support compliance with relevant standards and regulations (e.g., PCI DSS, data protection requirements, cybersecurity frameworks)

Requirements

  • Bachelor’s degree or equivalent business qualifications
  • Minimum 5 years of experience with PCI standard and GRC methodologies
  • Information Security Certification or Accreditation is an asset
  • Professional security management certifications are highly preferred (ie. CISSP, CRISC)
  • PCI Compliance: Strong understanding of PCI DSS requirements and the use of compliance tools to support adherence to the standards
  • Reporting & Analytics: Proficient in reporting tools for creating dashboards, analyzing program data, and generating compliance and risk reports that support leadership decision‑making
  • IT Governance: Strong knowledge of governance frameworks such as COBIT and ISO 27001, applying these structures to strengthen compliance and manage risks effectively
  • Ticketing & ITIL: Proficient in ITIL‑based ticketing systems such as ServiceNow to manage incidents, problems, and changes, ensuring smooth service delivery and timely issue resolution
  • Risk Management: Comprehensive understanding of IT and cybersecurity risk practices, including identifying and evaluating risks and supporting remediation efforts
  • Change Management: Experienced in managing and reviewing IT change requests to assess compliance and risk impact, ensuring proper approvals, documentation, and alignment with internal change governance processes
  • Business Productivity Tools: Strong proficiency in the Microsoft Office suite, using these tools to develop reports, presentations, and documentation that support compliance and risk management activities, and to effectively communicate information and updates to stakeholders
  • Strong attention to detail and stakeholder awareness, ensuring all work aligns with compliance standards
  • Results‑focused, with disciplined execution around deadlines, documentation, and reporting
  • Confident presence and professional authority, effectively guiding teams and stakeholders through compliance and risk decisions
  • Analytical thinker capable of evaluating complex issues and making sound, strategic decisions
  • Self‑directed, able to work independently while consistently delivering high‑quality outcomes
  • Improvement‑oriented, with a mindset that seeks root causes and drives continuous enhancement
  • Highly organized multitasker, effective in fast‑paced and evolving environments
  • Clear communicator, able to translate technical and compliance concepts for diverse audiences
  • Experienced in managing compliance activities with centralized oversight across multiple business units and sites, including reviewing evidence, identifying control gaps, and maintaining accurate documentation to support PCI, IT risk, change management, and governance requirements
  • Effective at monitoring compliance performance, analyzing data, and generating clear, meaningful reports that inform decision‑making and ensure alignment with regulatory and internal standards
  • Skilled in preparing clear, well‑structured technical documentation and tailoring content for both technical and non‑technical audiences
  • Capable translating complex risk, compliance, and TID control concepts into practical guidance that supports effective collaboration with stakeholders, vendors, and external partners

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Manager, IT Governance, Risk & Compliance

8 matching positions

Governance, Risk & Compliance Manager

This role is the owner of day‑to‑day governance, risk, compliance and business c...
Location
Location
United Kingdom , Manchester
Salary
Salary:
Not provided
jobs.360resourcing.co.uk Logo
360 Resourcing Solutions
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Hands‑on experience running risk management activity
  • Strong experience maintaining risk registers and reporting risk at senior level
  • Business continuity planning experience, including testing and exercises
  • Experience working across group or multi‑entity structures
  • Confidence working directly with senior leaders and boards
  • Ability to produce clear, credible written outputs
Job Responsibility
Job Responsibility
  • Owner of day‑to‑day governance, risk, compliance and business continuity across the group
  • Ensure risks are identified, documented, monitored, escalated and owned
  • Ensure governance and continuity arrangements work in practice
  • Run processes end to end, keep controls moving, and hold the business to account
  • Work confidently with senior leaders and boards
What we offer
What we offer
  • Refer a friend for £1000 bonus which is unlimited
  • Generous holiday entitlement
  • Day off for your birthday
  • Staff Awards
  • Hotel and airline discounts
  • Employee Assistance Programme
Read More
Arrow Right

Senior Manager - Governance, Risk & Compliance (Insurance)

A leading global organization in the general insurance industry is expanding its...
Location
Location
Singapore , Singapore
Salary
Salary:
Not provided
https://www.randstad.com Logo
Randstad
Expiration Date
July 12, 2026
Flip Icon
Requirements
Requirements
  • Proven expertise within the general insurance sector, specifically in areas related to customer due diligence and regulatory oversight
  • Analytical approach with a natural inclination to challenge processes and suggest innovative governance solutions
  • Exceptional interpersonal skills with the ability to engage diverse teams and maintain open channels of communication
  • Strong resilience and the ability to maintain clarity and focus while working under demanding timelines
  • High level of professionalism and discretion, with a meticulous eye for detail in all reporting tasks
  • Degree in Banking and Finance
  • Bachelor Degree
  • 6 years experience
Job Responsibility
Job Responsibility
  • Execute and maintain comprehensive risk management frameworks to safeguard the organization's interests
  • Evaluate and update internal compliance procedures to ensure maximum mitigation of operational risks
  • Monitor and integrate the latest industry standards and regulatory developments into daily operations
  • Build strong relationships with stakeholders at all levels to promote a culture of transparency and accountability
  • Act as a strategic advisor to senior management on compliance matters and professional ethics
  • Fulltime
Read More
Arrow Right

Governance, Risk & Compliance Manager

This role leads the organization’s governance, risk, and resilience agenda, ensu...
Location
Location
United Kingdom , Manchester
Salary
Salary:
Not provided
jobs.360resourcing.co.uk Logo
360 Resourcing Solutions
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Demonstrated experience in risk management, governance frameworks, and compliance processes
  • Familiarity with assurance, audit standards, and regulatory best practice
  • Proven experience in disaster recovery and business continuity in complex, multi‑entity environments
  • Exceptional written and verbal communication skills
  • Strong organisational and time‑management abilities with experience managing multiple priorities
  • Skilled in stakeholder engagement and workshop facilitation
  • Proficient in Microsoft Office
  • Ability to work independently and collaboratively across diverse teams and locations
  • Willingness to travel within the UK
Job Responsibility
Job Responsibility
  • Promote and embed risk management best practice across the organisation
  • Mature the enterprise risk programme, including emerging risk identification and development of risk profiles
  • Provide risk insights and recommendations to support strategic decision-making
  • Maintain and enhance risk data within the Governance, Risk & Compliance (GRC) platform
  • Oversee risk and governance registers at corporate and functional levels
  • Conduct policy reviews, manage approval workflows, and ensure timely publication
  • Develop and maintain compliance policies including conflicts of interest and anti‑bribery and corruption
  • Support development of compliance training aligned to regulatory requirements
  • Lead the enterprise business continuity programme
  • Work with business units and IT to develop and maintain recovery plans aligned to ISO standards
What we offer
What we offer
  • Refer a friend for £1000 bonus which is unlimited
  • Generous holiday entitlement
  • Day off for your birthday
  • Staff Awards
  • Hotel and airline discounts
  • Employee Assistance Programme
Read More
Arrow Right

IT Governance & Risk Manager

The IT Risk & Governance Manager, who reports into the Head of Risk, is responsi...
Location
Location
United Kingdom , London
Salary
Salary:
Not provided
auditandriskrecruitment.com Logo
Audit & Risk Recruitment
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Minimum of 5 years of experience in IT risk management, IT Governance, or a related field
  • Strong understanding of IT risk management principles and practices
  • In-depth knowledge of IT risk management and control frameworks e.g COBIT, ITIL
  • Ability to analyse complex IT environments and identify potential risks
  • Excellent organizational and project management skills
  • High attention to detail and accuracy
  • Strong leadership and influencing skills
Job Responsibility
Job Responsibility
  • Identify, assess, and prioritize IT risks, including cybersecurity, data privacy, and operational risks
  • Design and implement effective IT controls to mitigate identified risks
  • Monitor and evaluate the effectiveness of IT controls and risk management strategies
  • Ensure compliance with relevant laws, regulations, and industry standards (e.g., GDPR, ISO 27001)
  • Prepare and present IT risk reports to senior management and the board of directors
  • Conduct training and awareness programs on IT risk and controls
  • Fulltime
Read More
Arrow Right

It Governance, Risk And Controls Manager

We are partnered with a leading global beverage solutions provider who are looki...
Location
Location
United States , Tampa
Salary
Salary:
130000.00 - 150000.00 USD / Year
apollo-solutions.com Logo
Apollo Solutions
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of relevant experience, including IT SOX within a US-listed environment
  • Strong experience in IT Risk, IT audit, or risk management within a large or global organisation (manufacturing experience is essential)
  • Deep knowledge of SOX compliance, IT general controls (ITGCs), and control frameworks
  • Experience with ERP systems, ideally SAP, and understanding of system control environments
  • Professional certifications such as CPA, CIA, CISA, or CRISC
  • Strong stakeholder management and communication skills
  • Analytical mindset with the ability to assess complex risks and controls
  • Highly organised with strong project and program management capabilities
Job Responsibility
Job Responsibility
  • Lead comprehensive IT risk assessments across applications, infrastructure, and data environments
  • Develop and maintain risk registers, identifying key threats, impacts, and mitigation strategies
  • Own and enhance SOX compliance processes, including RCM maintenance and control testing
  • Evaluate application controls, interfaces, data transfers, and report accuracy (IPE validation)
  • Monitor and manage third-party risk, developing and implementing risk frameworks
  • Oversee IT disaster recovery planning, testing, and audit readiness
  • Assess cybersecurity posture and evaluate the impact of incidents on controls and reporting
  • Ensure compliance with regulatory frameworks such as SOX and NIST
  • Partner with IT and business stakeholders to remediate risks and strengthen controls
  • Support internal and external audits and deliver GRC training initiatives
  • Fulltime
Read More
Arrow Right

Cybersecurity Governance, Risk, Compliance, Training & Resilience Manager

We are hiring a Manager to lead the day-to-day execution of cybersecurity Govern...
Location
Location
United States , Boston
Salary
Salary:
120000.00 - 180000.00 USD / Year
aptiv.com Logo
Aptiv plc
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 7–10+ years of cybersecurity risk, compliance, audit, or GRC program experience
  • Experience managing or contributing to ISO 27001, NIST 800-171, SOX, GDPR, or TISAX efforts
  • Proficiency with GRC platforms and internal controls execution
  • Strong writing and documentation skills
  • Must reside in Greater Boston area with ability to be present on site at least 3 days/weekly
  • United States Citizenship required
Job Responsibility
Job Responsibility
  • Lead execution of GRC programs across Aptiv and Wind River, including control maintenance, risk register updates, and audit readiness
  • Maintain documentation, controls, and audit-ready evidence for ISO 27001, NIST 800-171, TISAX, SOX, NIS2, CMMC and GDPR across both Aptiv and Wind River, incorporating new regulatory or customer requirements as they arise
  • Administer GRC tooling (ZenGRC, AuditBoard, ServiceNow), ensuring accuracy, auditability, and workflow continuity
  • Manage internal risk exceptions, maturity roadmaps, and control owners’ engagement
  • Provide daily operational support to maintain compliance posture and support regulatory assessments
  • Own documentation and execution for business impact assessments (BIAs), continuity planning, and tabletop exercises
  • Coordinate resilience planning with cross-functional partners including IT, Facilities, Cyber Defense, and Legal
  • Maintain continuity playbooks, incident response records, and recovery planning materials
  • Provide execution support for Wind River’s third-party risk assessments, evidence collection, and remediation tracking
  • Execute and drive enforcement of cybersecurity right-to-audit clauses with vendors and partners
What we offer
What we offer
  • Hybrid work model for workplace flexibility
  • Comprehensive health, dental, and life insurance
  • Short and long-term disability coverage
  • RRSP matching for financial security
  • Flexible time-off policies for work-life balance
  • Employee assistance program for mental well-being
  • Learning benefits, including a LinkedIn Learning subscription and seminars
  • Fulltime
Read More
Arrow Right
New

Senior Governance, Risk & Compliance Business Partner

Are you a seasoned GRC professional who thrives on moving beyond advisory to act...
Location
Location
Australia , Adelaide
Salary
Salary:
70.00 - 75.00 AUD / Hour
https://www.randstad.com Logo
Randstad
Expiration Date
July 23, 2026
Flip Icon
Requirements
Requirements
  • Proven Delivery Track Record: Deep, practical experience in governance, risk, and compliance within complex environments, with a proven history of personally leading or materially driving GRC uplift initiatives
  • Framework Expertise: Strong working knowledge of risk management principles aligned directly to ISO 31000
  • Executive Presence: Demonstrated ability to operate as a trusted advisor to executive leadership, with exceptional verbal and written communication skills
  • Execution & Analytical Capability: Strong analytical capability with the ability to interpret complex policy or legislation (including Freedom of Information processes) and translate them into actionable business solutions
  • Agility: The ability to determine priorities, bring structure to ambiguity, manage competing demands, and deliver high-quality outcomes to tight timeframes
  • 10 years experience
Job Responsibility
Job Responsibility
  • Drive GRC Maturity: Strengthen and uplift the organisation's GRC maturity, translating risk and compliance frameworks into practical, embedded business practices
  • Internal Audit & Assurance: Lead the development and formulation of a detailed, risk-based Internal Audit Plan for executive and board sub-committee approval
  • Strategic Business Partnering: Influence, consult, and partner with executives and senior leaders to embed clear accountability for risk, compliance, and internal controls
  • Policy & Framework Custodianship: Review, draft, and maintain robust corporate policies and procedures, ensuring strict alignment with legislative and government policy requirements (including protective security frameworks)
  • Reporting & Briefings: Prepare high-level briefings, reports, and papers for executive leadership and board-level review
Read More
Arrow Right
New

Governance, Risk, & Compliance Specialist

Beacon Hill is now hiring for a fully-remote GRC specialist who has experience w...
Location
Location
United States , Charlotte
Salary
Salary:
Not provided
bhsg.com Logo
Beacon Hill
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 3+ years of experience in GRC, cybersecurity compliance, IT audit, information security, or related areas
  • Knowledge of frameworks including NIST, ISO 27001, SOC 2, and CIS Controls
  • Experience supporting audits, control testing, evidence collection, and remediation activities
  • Ability to develop and maintain security policies, standards, and procedures
  • Experience with risk assessments, compliance reviews, and vendor risk management
  • Strong documentation, organizational, and communication skills
  • Experience collaborating with IT, Security, Engineering, Legal, Compliance, and other business teams
  • Working knowledge of cloud security, identity and access management, vulnerability management, and incident response
Job Responsibility
Job Responsibility
  • Support governance, risk, and compliance initiatives across the organization
  • Maintain security documentation, policies, and compliance records
  • Coordinate audit activities and compliance evidence collection
  • Track remediation efforts, audit findings, exceptions, and risk treatment plans
  • Conduct control testing, risk assessments, and vendor reviews
  • Assist with mapping controls to security and compliance frameworks
  • Maintain risk registers, control inventories, and compliance reporting
  • Partner with internal stakeholders to support security and regulatory requirements
  • Monitor compliance trends and contribute to continuous improvement of the security program
Read More
Arrow Right