Responsibilities

• Develop, maintain, and enforce IT policies, standards, and procedures. 

• Define and manage the IT governance framework aligned with business objectives. 

• Develop and maintain IT risk management methodologies and processes. 

• Conduct regular IT risk assessments, identifying threats, vulnerabilities, and control gaps. 

• Maintain an IT risk register and track mitigation actions. 

• Perform Business Impact Analysis (BIA) and support Disaster Recovery/BCP planning. 

• Ensure compliance with internal and external requirements (ISO 27001, GDPR, SOC2, local regulations, etc.). 

• Coordinate and support internal and external audits. 

• Track remediation of audit findings and compliance issues. 

• Evaluate third-party risks and maintain vendor risk assessments. 

• Ensure vendors comply with security and contractual requirements. 

• Drive the company’s preparation and compliance for international standards and certifications (e.g., ISO 27001, SOC 2, Cyber Trust Mark by CSA) 

• Promote a culture of IT risk awareness across the firm. 

Qualifications and requirements 

• At least 2 to 5 years of relevant experience in IT Governance, IT Audit and Risk Management 

• Experience with IT frameworks such as ISO 27001, COBIT, NIST, CIS Benchmarks, or ITIL. 

• Experience with governance platforms or GRC tools (e.g. Drata, GRC, Archer, OneTrust). 

• Strong understanding of IT processes, systems, networks, and infrastructure. 

• Able to work independently, good communication skill, multi-task, and a team player. 

• Excellent documentation and report-writing skills. 

• Willingness to learn new frameworks and adapt to compliance changes.