IT Risk, Governance and Compliance (GRC) Senior Executive

Responsibilities

• Develop, maintain, and enforce IT policies, standards, and procedures.

• Define and manage the IT governance framework aligned with business objectives.

• Develop and maintain IT risk management methodologies and processes.

• Conduct regular IT risk assessments, identifying threats, vulnerabilities, and control gaps.

• Maintain an IT risk register and track mitigation actions.

• Perform Business Impact Analysis (BIA) and support Disaster Recovery/BCP planning.

• Ensure compliance with internal and external requirements (ISO 27001, GDPR, SOC2, local regulations, etc.).

• Coordinate and support internal and external audits.

• Track remediation of audit findings and compliance issues.

• Evaluate third-party risks and maintain vendor risk assessments.

• Ensure vendors comply with security and contractual requirements.

• Drive the company's preparation and compliance for international standards and certifications (e.g., ISO 27001, SOC 2, Cyber Trust Mark by CSA)

• Promote a culture of IT risk awareness across the firm.

Qualifications and requirements

• At least 2 to 5 years of relevant experience in IT Governance, IT Audit and Risk Management

• Experience with IT frameworks such as ISO 27001, COBIT, NIST, CIS Benchmarks, or ITIL.

• Experience with governance platforms or GRC tools (e.g. Drata, GRC, Archer, OneTrust).

• Strong understanding of IT processes, systems, networks, and infrastructure.

• Able to work independently, good communication skill, multi-task, and a team player.

• Excellent documentation and report-writing skills.

• Willingness to learn new frameworks and adapt to compliance changes.