×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security

Program Lead, Governance, Risk & Compliance; GRC

Job in Vernon, BC, Canada
Listing for: Blackstone Talent Group
Contract position
Listed on 2026-01-01
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Job Description & How to Apply Below
Position: Program Lead, Governance, Risk & Compliance (GRC)

Blackstone Talent Group, an award-winning technology consulting and talent agency is seeking a Program Lead, Governance, Risk & Compliance (GRC) to join our Client's team.

Key Responsibilities

Governance & Program Leadership:

  • Establish and mature the enterprise GRC program aligned to ISO , SOX, NIST CSF, CIS Controls and relevant regulatory requirements.
  • Own the Information Security Management System (ISMS) lifecycle: scope definition, risk assessment, Statement of Applicability (SoA), control implementation, internal audit, management review, corrective actions, and surveillance/recertification readiness.
  • Define and maintain policies, standards, and procedures (e.g., access control, change management, vulnerability management, secure SDLC, incident response, supplier security).
  • Chair/coordinate governance forums (e.g., Risk & Compliance Steering Committee, Change Advisory Board, Management Review meetings).

    • Risk Management:

  • Implement enterprise risk management (ERM) for information and technology risks: risk identification, assessment (qualitative/quantitative), treatment plans, and risk acceptance with accountable owners.
  • Build third‑party/vendor risk management (TPRM) including due diligence, contractual controls, continuous monitoring, and remediation.
  • Integrate operational technology (OT) risk (ICS/SCADA, IIoT) into the enterprise risk register with pragmatic controls that do not disrupt production.

    • Compliance: ISO & SOX:

  • Lead ISO certification journey: gap analysis, roadmap, control implementation, training/awareness, internal audits, and liaison with external certification bodies.
  • Own SOX ITGCs and application controls: design, documentation, testing coordination, remediation tracking, and /Disclosure Committee reporting.
  • Align identity & access management, change management, computer operations, and IT service delivery to SOX and ISO control objectives; ensure evidence quality and audit readiness.
  • Coordinate with Finance/Accounting on financial reporting risks.

    • Audit & Assurance:

  • Plan and execute internal audits (ISO , policy compliance, control effectiveness) and coordinate external audits (SOX, ISO surveillance/certification, PCI).
  • Build defensible control evidence repositories, ensure sampling precision, and drive timely remediation of findings.
  • Develop and maintain control libraries, test plans, and mapping across frameworks (ISO/NIST, SOX ITGC etc.).

    • Tooling, Automation & Metrics:

  • Select, implement, and administer GRC platforms (e.g., Archer/Drata/Vanta, Service Now GRC/IRM, One Trust) and integrate with ticketing, IAM, CMDB, SIEM, and ERP (e.g., SAP/Oracle).
  • Operationalize continuous control monitoring (CCM) and control analytics (e.g., access outliers, change exceptions, segregation of duties conflicts).
  • Define and publish KPIs/KRIs and Board/C‑suite dashboards: audit status, control effectiveness, residual risk, TPRM posture, policy adoption, incident trends.

    • Team Leadership & Vendor Management:

  • Lead a hybrid, geographically distributed team of employees and vendor/consulting resources; set objectives, coach, and develop talent.
  • Build SOWs, manage budgets, and ensure vendor SLAs/KPIs and quality outcomes.
  • Foster a culture of accountability, transparency, and continuous improvement.

    • Training, Awareness & Change Management:

  • Lead assessment and management of training + phishing campaign platform and process (e.g., SOX for IT engineers, ISO control owners, plant operations staff).
  • Drive change management communications to embed controls into daily operations without impeding manufacturing throughput.

    • Incident, BCP/DR & Privacy Alignment:

  • Ensure incident response processes are governed, tested, and produce audit-ready evidence.
  • Oversee BCP/DR governance (business impact analysis, testing cadence, lessons learned).
  • Partner with Legal/Privacy on data protection, records retention, and supplier agreements (e.g. CCPA).

    • Qualifications

    Education

  • Bachelor’s degree in Information Systems, Computer Science, Engineering, Accounting/Finance, or related field preferred. Advanced degree (MBA, MS Information Assurance) is a plus.

    • Experience

  • 10–15+ years progressive experience in IT Audit/Controls, or Enterprise Risk; 5+ years…
    • Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
    To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
     
     
     
    Search for further Jobs Here:
    (Try combinations for better Results! Or enter less keywords for broader Results)
    Location
    Increase/decrease your Search Radius (miles)

    Job Posting Language
    Employment Category
    Education (minimum level)
    Filters
    Education Level
    Experience Level (years)
    Posted in last:
    Salary
    Advanced Search