GRC Lead

Location: Toronto, ON (Hybrid, 3 days onsite)
Language: English (written and spoken)
Duration: Permanent
Background Check Requirement: Standard employment and security clearance checks may be required

What’s in it for You

You’ll join a culture that values impact, collaboration, and professional growth. With exposure to executive leadership and multiple enterprise programs, you’ll develop your skills while contributing to meaningful cybersecurity outcomes. The organization fosters mentorship, innovation, and a workplace that balances autonomy with the chance to lead high-profile initiatives.

Your Responsibilities

• You’ll own and drive the enterprise cyber GRC program, including policies, standards, frameworks, and risk lifecycle management.

• You’ll lead regulatory compliance, audit engagement, and executive reporting on security posture and program maturity.

• You’ll partner enterprise-wide to embed security into business operations and influence risk-based decision-making.

• You’ll manage cyber risk lifecycle and assessments, liaising with internal and external auditors.

• You’ll develop security requirements across platforms, products, and services, supporting vendor alignment and ongoing program maturity.

• You’ll build executive dashboards, KPIs, and security maturity reporting for SLT, Board, and business stakeholders.

Skills and Qualifications

• 8+ years of senior enterprise GRC experience with strong program ownership and execution capability

• Proven experience operating in regulated environments (financial services, fintech, or enterprise tech preferred)

• Ability to lead programs without direct reports using influence-based leadership

• Experience supporting audits, regulatory requirements, and executive-level reporting

• Hands-on knowledge of cybersecurity frameworks (ISO 27001/2, PCI DSS, CIS, NIST 800 Series)

• Familiarity with GRC tools (tool-agnostic, Auditboard experience an asset)

• Relevant certifications such as CISSP, CISA, CRISC, or CISM

Note from the Hiring Manager
“We’re looking for someone who can take full ownership of our cybersecurity programs, drive impact quickly, and partner across the business to embed security into everything we do.”

Why Partner with Altis
If you’ve never worked with a staffing agency before, we make it easy. We work with top employers across Canada who have great jobs to fill, each vetted and verified by our team. When you apply for a job with Altis, we get to know you as a candidate and learn what your strengths are. Then, if you’re a solid match, we handle all the logistics, advocating for you as a candidate for the role, providing access to coaching and connecting you directly with the hiring manager. And rest assured, all our services are free of cost for candidates.

We appreciate the time and effort all applicants invest in their submissions. Please note that only candidates shortlisted for this role will be contacted directly. However, your profile will remain under consideration for future opportunities that align with your experience and career goals. All qualified applicants will receive fair consideration for employment. We welcome individuals of all backgrounds, experiences, and identities including those who identify as women, members of racialized groups, Indigenous Peoples, persons with disabilities, and 2SLGBTQIA+ communities. If you require an accommodation, please review our accessibility policy and reach out to our accessibility officer with any questions. Our human recruiters review all applications and always make the final hiring decision. On occasion, we also use AI-assisted tools to help review applications.