Director, Technology Governance, Risk

**Location**:
Toronto

Address:
100 Queens Quay East Toronto, Ontario M5E 1V3 Canada

Job Title:
Director, Technology Governance, Risk & Compliance
Canada Goose isn't like anything else. We've built something great, something special - an iconic lifestyle brand with an inspirational and authentic story. At the heart of it is our promise to inspire and enable all people to thrive in the world outside. To Live in the Open. At Canada Goose, you're part of a movement that belongs to something bigger. One that seeks out the restorative power of nature and is driven by a purpose to keep the planet cold and the people on it warm. We endure any condition, observe every detail, and are building a community that believes in living bravely and coming together to support game-changing people.

Here, opportunities are everywhere - to try something new, to learn, to do meaningful and impactful work, and they're yours for the taking.

Position Overview:
The Director of Technology GRC is responsible for overseeing and maturing the organization’s governance, risk, and compliance programs across IT and cybersecurity. This includes leading IT SOX control oversight, cybersecurity governance practices, vendor risk assessments, and vulnerability management. The role will also partner with Legal, technology, and business stakeholders to operationalize privacy frameworks and ensure alignment with regulatory and policy requirements.

**What You'll Do**:

- IT SOX Compliance
- Manage the execution and lifecycle of IT SOX controls, including annual scoping, testing, remediation, and reporting.
- Partner with internal and external auditors to ensure smooth audit cycles and timely issue resolution.
- Cybersecurity Governance
- Establish and maintain cybersecurity policies, risk frameworks, and governance practices aligned with standards such as NIST CSF and ISO 27001.
- Monitor and report on control effectiveness and risk posture across the enterprise.
- Ensure controls are effectively implemented across on-premises, hybrid, and cloud environments (e.g., AWS, Azure, SaaS platforms).
- Vendor Risk Management
- Lead third-party risk assessment processes to evaluate technology vendors and service providers.
- Collaborate with procurement and business owners to mitigate vendor-related security risks.
- Vulnerability Management Oversight
- Review vulnerability data to identify systemic issues and drive long-term improvements.
- Privacy and Legal Collaboration
- Partner with Legal and Compliance teams to implement and maintain privacy controls aligned with applicable laws (e.g., GDPR, CCPA).
- Support intake, coordination, and fulfillment of Data Subject Access Requests (DSARs), working across technical and business teams to ensure compliance.
- Provide risk and control input into new initiatives and third-party engagements that involve personal or sensitive data.
- Leadership and Stakeholder Engagement
- Lead cross-functional risk discussions and influence risk-aware decision-making.
- Mentor junior team members and contribute to a strong, accountable GRC culture.

**Let's Talk About You**:

- At least 10 years of IT audit, IT compliance or similar experience required
- At least 5 years of supervisory experience
- At least one of CISA, CIA, CPA, CISSP, CRISC, CDPSE, CIPP or other relevant IT or Information Security designation is required
- Thorough knowledge of IT auditing, regulatory requirements, and security standards such as SOX, COBIT, COSO, NIST CSF, GDPR
- Experience in retail, manufacturing and supply chain is an asset
- Experience working with and managing offshore service providers to deliver Sox testing
- Experience in working with COSO and IT COBIT framework
- Experience with Bill 198 and/or SOX certification
- ERP experience with MS Dynamics 365 and AuditBoard an asset
- Exceptional written and verbal communication skills for drafting and presenting results to senior management
- Proven project management skills

**What’s in it For You?**
- A company built on Canadian roots and heritage
- Your work is recognized with a comprehensive and competitive Total Rewards Program
- Opportunities for career growth through numerous internal and external programs
- Recognize and be recognized by your peers with our Goose Rewards & ICON Rewards
- Be a part of _CG Gives_. Donation matching and paid volunteer time to help the organizations you care about
- Access to tools and resources to support physical and mental health, embracing change and connecting with colleagues
- Inspiring leaders and colleagues who will lift you up and help you grow

We believe in the power of inclusion and are passionate about building and sustaining an inclusive and equitable working environment where all employees can bring their authentic selves to work everyday. We believe every one of our team members enriches our diversity by exposing us to varying ways to understand the world, identify challenges, and to discover, design, produce, and deliver great products