Compliance Officer
Manulife
Senior GRC Analyst
McCarthy Tétrault
full-time
Posted on:
Location Type: Hybrid
Location: Toronto • 🇨🇦 Canada
Visit company websiteJob Level
Senior
Tech Stack
ServiceNow
About the role
- Implementing and maintaining GRC policies, procedures, and controls aligned with ISO/IEC 27001:2022, NIST, and other relevant standards.
- Conducting risk assessments across business units, IT systems, and third-party vendors.
- Tracking and reporting on risk mitigation plans and residual risk.
- Monitoring regulatory changes (e.g., PIPEDA, GDPR, Quebec Law 25) and ensuring timely updates to internal controls and documentation.
- Coordinating internal and external audits, including evidence collection, control testing, and remediation tracking.
- Preparing dashboards and reports on risk posture, compliance status, and control effectiveness for review by the GRC Manager and senior leadership.
- Developing and delivering GRC-related training and awareness sessions to promote a culture of compliance and risk ownership.
- Capturing and documenting risks for inclusion in the enterprise risk register, ensuring traceability and accountability.
- Administering GRC platforms (e.g., Archer, ServiceNow GRC) and contributing to automation of workflows and reporting.
- Identifying opportunities to enhance risk management processes and drive a culture of security and compliance across the organization.
- Advising senior leadership on emerging risks, regulatory trends, and best practices.
- Influencing and building consensus among diverse stakeholders, including both technical and non-technical teams.
Requirements
- Bachelor’s degree in Information Security, Risk Management, or a related field.
- Minimum 5 years of experience in GRC, risk management, or compliance roles.
- Certifications such as ISO/IEC 27001 Lead Auditor, CIPP, CISM, CRISC, or CISSP preferred.
- Strong analytical, communication, and interpersonal skills, with the ability to translate technical risks into business impact, influence decision-making, and build consensus across diverse stakeholders.
- Experience working in cross-functional teams and managing multiple priorities.
- Familiarity with change management, disaster recovery, and business continuity practices.
- Experience with workflow automation and reporting within GRC or AI platforms is an asset.
- Hands-on experience with GRC tools (e.g., Archer, ServiceNow GRC) is preferred.
Benefits
- Outstanding benefits from day one, including insurance premiums paid by the Firm and wellness and technology reimbursements.
- Competitive compensation, paid overtime and generous time off, including a day off to volunteer and a day off for your birthday.
- A commitment to professional development and growth opportunities for our people at all levels, supported by a culture that fully embraces and encourages two-way feedback.
- Strong community involvement and a commitment to equity, diversity and inclusion.
- A collaborative, cohesive culture that connects lawyers and business teams through collective purpose.
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
GRC policiesrisk assessmentsrisk mitigationcontrol testingrisk managementworkflow automationreportingchange managementdisaster recoverybusiness continuity
Soft skills
analytical skillscommunication skillsinterpersonal skillsinfluence decision-makingbuild consensuscross-functional teamworkmanage multiple prioritiespromote culture of compliancerisk ownershipstakeholder engagement
Certifications
ISO/IEC 27001 Lead AuditorCIPPCISMCRISCCISSP
