IT Governance, Risk

**Posting End Date**:
December 21, 2025

**Employee Type**:
Regular-Full time

**Union/Non**:
This is a non-union position

In today’s digital landscape, safety is the cornerstone of trust and resilience in the IT space. Cybersecurity, risk management, and compliance are not just technical requirements—they are essential safeguards that protect sensitive data, ensure operational continuity, and uphold regulatory obligations. Read on to know more about this role

As an **IT Specialist - Governance, Risk & Compliance (GRC)**, your role is critical to ensuring our organization meets regulatory requirements, internal policies, and industry standards. This enables us to proactively manage risks and defend the Company against evolving threats, maintain stakeholder confidence, and create a secure environment where innovation thrives.

**Note: Internally, this role is referred to as Specialist I TIS GRC**

**What you will do**:
**Compliance Assurance, Monitoring, and Reporting**

- Manage and coordinate compliance assurance activities, including NIST Cybersecurity Framework (CSF) maturity assessments, regulatory assessments such as Sarbanes-Oxley (SOx) and Transportation Security Administration Security Directives (TSA SD), and internal audit engagements.

- Collect and validate compliance evidence for audits and assessments.

- Perform risk-based compliance checks and controls testing to validate effectiveness.

- Maintain accurate compliance performance through dashboards and management reporting.

- Ensure timely closure of audit findings and maintain audit logs.

**Risk Management Support**

- Identify and report emerging risks driven by technological and regulatory changes.

- Contribute to risk assessments and support tracking, monitoring, and documentation of risks.

**Governance - Policy and Standard Support**

- Assist in reviewing and updating cybersecurity policies, standards, and procedures.

- Support governance activities ensuring documentation aligns with organizational objectives and regulatory obligations.

**Relationship Management**

- Engage with internal stakeholders on compliance-related controls and risks.

- Maintain strong relationships with third-party assessors and internal audit teams to ensure seamless audit execution.

**Continuous Improvement**

- Identify opportunities to streamline compliance processes through automation and AI.

- Conduct post-implementation review sessions and integrate improvements into frameworks and processes.

**Who You Are**:

- University degree in computer sciences, engineering, audit, business, or related disciplines.

- A minimum of 6 years of progressive direct experience in the field of information security, IT governance, compliance, cybersecurity, audit, or risk management.

- Working knowledge of cybersecurity and risk management best practice specifically NIST frameworks.

- Ability to manage concurrent initiatives and conflicting priorities.

- Highly disciplined and professional regarding handling confidential information.

- Demonstrated understanding of various compliance and quality assurance roles.

- Ability to effectively interact with personnel involved in policy, technical, operational, and program management work.

- Excellent communication skills both written and verbal.

**Preferred**:

- Demonstrated understanding of various audit and quality assurance roles.

- Familiarity of SOx IT controls and regulatory requirements in US and Canada (i.e., TSA Security Directives, CFR, and CER).

- Ability to effectively collaborate with personnel at all levels involved in policy, technical, operational, and program management activities.

**Physical Requirements**:
Include but not limited to: Grasping, kneeling, light - moderate lifting (objects up to 20 pounds), reaching above shoulder, repetitive motion, typing, sitting, standing, visual requirement (able to see screens, detect color coding, read fine print), hearing requirement and the ability to sit at a computer for long periods of time.

**Mental Requirements**:
**Flex-Work**:
Enbridge provides competitive workplace programs that differentiate us and offer flexibility to our team members. Enbridge’s FlexWork (Hybrid Work Model) offers eligible employees the opportunity to work variable daily schedules with a flexible start or end time, to opt for a compressed workweek schedule or the option to work from home on Wednesdays and Fridays. Role requirements determine your eligibility for each option. #LI-Hybrid

Information For Applicants:

- Applications can be submitted via our online recruiting system only.

- We appreciate your interest in working with us; however, only those applicants selected for interviews will be contacted.