Manager, IT Governance, Risk and Compliance
Hybrid:
Markham, Ontario | Position:
Manager, IT Governance, Risk and Compliance | Type:
Full‑Time | Permanent | Hybrid |
Location:
Markham, ON |
Reports to:
Director, Security and Infrastructure, IT
Manager, IT Governance, Risk and Compliance is the IT owner for ICFR, PCI‑DSS, NIST Cybersecurity Framework (CSF) 2.0, and Third‑Party Risk Management (TPRM). This hands‑on leadership role delivers IT controls, evidence, remediation, policy governance, the IT Security Risk Register, and the full TPRM lifecycle while partnering with Finance, Payments, Security, Procurement, and Legal.
Essential Duties- Act as the primary IT point of contact for internal and external audit partners on ICFR/ITGC, PCI‑DSS, and NIST CSF 2.0 audits.
- Own the IT General Controls (ITGC) portion of the annual ICFR program: scoping, documentation, evidence, walkthroughs, testing support, and remediation.
- Manage the PCI‑DSS IT compliance program (Requirements1–12,A1–A3), including evidence, QSA support, and remediation.
- Lead IT‑side implementation and maturity of NIST CSF 2.0 across all six functions.
- Develop, maintain, and govern all IT policies, standards, procedures, and process documentation aligned with ICFR, PCI, and NIST CSF.
- Own and maintain the IT Security Risk Register (identification, assessment, treatment plans, monitoring, and reporting).
- Lead the IT Third‑Party Risk Management (TPRM) program: vendor risk assessments, due diligence, ongoing monitoring, contract reviews, scoring, and off‑boarding for all technology and cloud vendors in scope for ICFR, PCI, or NIST.
- Coordinate and deliver evidence and responses during internal/external audits and regulatory reviews.
- Track and drive remediation of IT‑related findings from audits and TPRM assessments.
- Maintain centralized IT controls library and automated evidence repository.
- Perform regular control self‑assessments and continuous monitoring.
- Report compliance status, risk register, and TPRM metrics to IT leadership, Finance, Procurement, and the Audit Committee.
- Stay current on regulatory changes and translate them into actionable IT and vendor requirements.
- Other tasks as assigned.
- 8+ years of progressive IT governance, risk, compliance, or audit experience.
- Minimum 4 years in a leadership role.
- Direct, hands‑on experience delivering IT evidence and remediation for ICFR/ITGC, PCI‑DSS, NIST CSF, and Third‑Party Risk Management programs.
- Proven ability to work successfully with internal/external audit partners and vendors.
- Professional certification required (one or more): CISA, CISM, CRISC, CISSP‑ISSAP, PCIP, or equivalent.
- Strong policy, process documentation, and risk register management skills.
- Hands‑on experience running a TPRM program and using vendor risk platforms.
- Mastery of ICFR/ITGC, PCI‑DSS, NIST CSF 2.0, and TPRM.
- Policy and process documentation excellence.
- IT risk register and vendor risk lifecycle ownership.
- Audit coordination and evidence delivery.
- Cross‑functional partnership (Finance, Security, Payments, Procurement, Legal).
- Calm execution under tight audit and vendor review timelines.
The targeted salary range for this position is $125,000–$135,000 annually. The final offer will be based on factors such as market location, relevant skills, experience and internal equity.
Benefits- Hybrid, Flexible Work Options
- Comprehensive health and dental benefits
- Employee Share Purchase Plan with company matching
- Learning and Development support tailored to you
- An inclusive, collaborative culture where your voice matters
- Fun company events that keep us connected
- Preferred rates for car rentals, hotels, phone plans and gym discounts
- Generous employee discounts on our products
Pet Valu is an equal opportunity employer committed to inclusion and accessibility. Accommodations are available upon request for candidates taking part in all aspects of the recruitment and selection process, in accordance with the Accessibility for Ontarians with Disabilities Act (AODA). At Pet Valu, we are committed to transparency and fairness in our hiring practices. The use of AI enabled technology may assist in the recruitment process for positions, but all decisions throughout the process are made exclusively by Pet Valu’s hiring team.
At no stage does AI determine recruitment outcomes.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search: