GRC Manager, Information Security

Join to apply for the GRC Manager, Information Security role at First National Financial LPWe are hiring a Manager of GRC, Information Security. Reporting to the Senior Manager and Team Lead. This is a Full-Time position based in Toronto, ON.Posting Date October 27, 2025Closing Date November 7, 2025Hours Of Work 8:30 a.m. – 5:00 p.m.Grade Office Location: 16.4, Toronto, ONGreat location Steps away from the main public transit stationWhat We OfferHighly competitive compensation package which includes base salary, bonus, benefits, and career advancement opportunitiesThe OpportunityA strategic and integral member of the Information Security Team, reporting to the Senior Manager, Information Security, responsible for ensuring the security, integrity, and availability of the organization's information assets. The role will be responsible for the program management and continuous improvement of the GRC program (ISMS), including ISO 27001 certification and audit, SOC2 readiness and audits, day-to-day risk management, assessments, and controls testing. Additionally, this Manager will oversee the enterprise Physical Security program. Program Management How you will contribute: Develop, implement, and enhance the GRC program supporting information security governance, risk management, and compliance. Improve the Information Security Management Framework and build cross-organizational relationships. Manage the security risk management and compliance strategy, framework, and approach, ensuring alignment with ISO 27001 and other security standards. Track and communicate the status of risk response activities and advise teams on effective security controls. Risk Management Manage the Information Security Risk Management program, conducting regular Information Security Risk assessments. Oversee risk treatment and ensure program-specific risk assessments (Data Security, IAM, etc.) align with the broader security risk program. Collaborate with stakeholders to address key risks and improve processes, tools, and technologies. Compliance Management Ensure adherence to relevant regulations and industry standards (specifically SOC2 and ISO 27001). Develop, document, and evaluate measures, metrics, and internal controls that contribute towards the ISMS objectives and SOC2 goals. Review and update security policies, procedures, and standards to ensure compliance and security of First National assets. Audit Management Support all security-related audit and certification processes (e.g., ISO27001, SOC2). Support audit and assessment activities, including internal and external audits, vendor assessments, benchmarking, and more. Third Party Vendor Compliance and Risk Management Assist the vendor management team in ensuring third-party security compliance. Assist in implementing technical controls to mitigate third-party risks and monitor progress on security improvements. Physical Security Oversee physical security governance for First National, across all locations. Develop and implement physical security policies and procedures, where required. Conduct or coordinate physical security risk assessments. Continual Improvement Stay current with industry trends and emerging technologies and identify opportunities to integrate them into the GRC and information security program. Identify new GRC requirements through industry resources, research, and consultation with technology subject matter experts. The Experience You Need A bachelor’s degree in computer science, information security, or equivalent work experience is required. Graduate degree preferred. Information security certifications, such as CISA, CISSP, ISO27001, CISM, or equivalent preferred. A minimum of 6 years of prior experience in GRC management in a medium or large size organization is required. Experience with SOC2 and ISO 27001 audits and certifications. Experience in developing and maintaining Information Security policies, standards, processes, guidelines, procedures, and controls, ideally within the Financial Services industry. Knowledge of physical security principles and practices. Relationships Ability to work effectively with business unit and IT department managers, including Application Development, Infrastructure, Operations, Network, Technical Support, and others. Working Environment And Physical Demands Hybrid Office environment Periods of high volume with tight timelines Long periods of stationary position/sitting Prolonged periods of repetitive movement (i.e. using a keyboard and mouse) Long periods of time in viewing a computer screen Multi-tasking may include speaking to customers on a telephone call while looking up information on a computer program. Why join First National? Competitive Compensation Comprehensive benefits program (i.e., Health Spending Account, Maternity and Parental Leave Top Up) Hybrid working environment Extensive training programs to set our employees up for success Modern office environment conducive to collaboration Supportive teamwork culture Opportunities to give back to the communities and work through events focused on a variety of charities Ongoing social events throughout the year The Team You’ll Join First National is one of Canada’s largest non-bank lenders, providing residential mortgages through the mortgage broker channel and Canada’s largest commercial mortgage lender. First National is proud to be recognized as a great place to work and values employee engagement. Equal opportunity statement: First National is proud to be an equal opportunity employer and is committed to diversity and inclusion regardless of race, color, religion, national origin, age, gender identity, physical or mental disability, sexual orientation and any other category protected by law. First National supports requests for accommodation from applicants with disabilities; please contact Human Resources at accessibility@firstnational.ca should you need an accommodation at any point in the recruitment process. Note: #FNLOON #J-18808-Ljbffr