Risk and Compliance Manager

**Description**:
As a key member of the Cybersecurity, Risk, and Compliance team, you will play an integral role in building the future of GS1 Canada’s Technology Governance, Risk and Compliance (GRC) capabilities. Acting as a representative of the GRC function, you will support initiatives aimed at enhancing process maturity, strengthening internal controls, and driving the ongoing execution and improvement of GRC activities. This includes responsibilities across vendor management, financial oversight, and Technology Service Management..

You will manage the enterprise risk management (ERM) program and collaborate with business units leads to assess and prioritize ERM risks. Your background in Technology GRC, coupled with strong problem-solving abilities, effective communication, and solid organizational skills, will be essential to your success. This role involves broad collaboration across all areas of the organization and includes managing the technology department’s budget in partnership with Technology Leads, covering financial reporting, forecasting, and invoice oversight.

**Key Responsibilities**:

- Assist in the planning, development and operationalization of Technology GRC programs that are consistent with the organization’s mission and goals.
- Ensure compliance with internal policies, standards and regulatory or other external requirements.
- Conduct risk assessments and control gap analyses; support the development and implementation of mitigation strategies.Ensure controls are monitored effectively and evidence is appropriately captured.
- Conduct regular compliance audits and risk reviews to ensure alignment with internal policies, industry standards, and applicable laws and regulations.Provide training and guidance to staff on compliance matters.
- Participate in training delivery, communication and outreach on behalf of IT GRC.
- Support partnerships and effective relationships with key internal stakeholders, including audit, business services, finance, human resources, legal services and information security.
- Effectively represent Technology GRC.
- Support IT Service Management (ITSM) practices, including Change Management and Service Request Management.
- Support the IT Measurement Program and the delivery of timely and accurate reporting.
- Identify opportunities for continuous improvement.
- Collaborate with various departments to ensure a cohesive risk management approach.
- Manage the Technology department's budget with direction from Technology Leads, including financial reporting, invoice management and efficient allocation of resources.
- Forecast financial trends and prepare budget reports.
- Ensure efficient allocation of resources and cost management.

Partner with Technology and Finance teams to ensure budgets are aligned with organizational priorities and support effective resource allocation.

**Skills, Knowledge & Expertise**:

- At least 5 to 7 years experience in a technology governance, risk, compliance or service management role.
- Undergraduate degree in Computer Science/Engineering or equivalent experience.
- Certification in risk and/or compliance is preferred.
- Understanding of IT GRC frameworks (e.g., COBiT, ITIL).
- Technical proficiency in working with GRC platforms (e.g., OneTrust, Drata, ServiceNow).
- Understanding of common IT compliance frameworks (e.g., SOC 2, ISO).
- Superior analytical skills in collecting, interpreting, and using data to support decisions and improve processes.
- Excellent time management and organizational skills, with the ability to prioritize tasks and meet deadlines.
- Strong communication skills, both verbal and written, with the ability to convey ideas clearly and effectively.
- Strong collaboration skills, with the ability to work across multiple stakeholder groups.
- Attention to detail and accuracy, ensuring high-quality and thorough completion of tasks.
- Proficient in problem-solving and critical thinking, with the ability to analyze complex situations and make informed decisions.
- Experience in procurement an asset.
- Experience with Jira an asset.
- Proficiency in financial management and reporting tools.

**About GS1 Canada**:
GS1 Canada is committed to helping all employees, customers, stakeholders and subscribers in an effective and timely manner by preventing and removing barriers for persons with disabilities. Our policies and practices are intended to foster diversity, inclusiveness and accessibility, while also ensuring that the workplace is free from discrimination and harassment.