Job Specifications
We are hiring a Manager of GRC, Information Security!
Reporting To
Senior Manager and Team Lead
Full-Time/Part- Time
Full-time
Posting Date
October 7, 2025
Closing Date
October 21, 2025
Hours Of Work
8:30 a.m. - 5:00 p.m.
Grade
Office Location:
16.4
Toronto, ON
Great location! Steps away from the main public transit station
What We Offer
Highly competitive compensation package which includes, base salary, bonus, benefits, and career advancement opportunities!
Eligibility for benefits is dependent on the terms of employment
The Opportunity
A strategic and integral member of the Information Security Team, reporting to the Senior Manager, Information Security, responsible for ensuring the security, integrity, and availability of the organization's information assets. The role will be responsible for the program management and continuous improvement of the GRC program (ISMS), including ISO 27001 certification and audit, SOC2 readiness and audits, day-to-day risk management, assessments, and controls testing, etc. Additionally, this Manager will oversee the enterprise Physical Security program.
Program Management
How you will contribute:
Develop, implement, and enhance the GRC program supporting information security governance, risk management, and compliance.
Improve the Information Security Management Framework and build cross-organizational relationships.
Manage the security risk management and compliance strategy, framework, and approach, ensuring alignment with ISO 27001 and other security standards.
Track and communicate the status of risk response activities and advise teams on effective security controls.
Risk Management
Manage the Information Security Risk Management program, conducting regular Information Security Risk assessments.
Oversee risk treatment and ensure program-specific risk assessments (Data Security, IAM, etc.) align with the broader security risk program.
Collaborate with stakeholders to address key risks and improve processes, tools, and technologies.
Compliance Management
Ensure adherence to relevant regulations and industry standards (specifically, SOC2 and ISO 27001).
Develop, document, and evaluate measures, metrics, and internal controls that contribute towards the ISMS objectives and SOC2 goals.
Review and update security policies, procedures, and standards to ensure compliance and security of First National assets.
Audit Management
Support all security-related audit and certification processes (e.g., ISO27001, SOC2).
Support audit and assessment activities, including internal and external audits, vendor assessments, benchmarking, and more.
Third Party Vendor Compliance and Risk Management
Assist the vendor management team in ensuring third-party security compliance.
Assist in implementing technical controls to mitigate third-party risks and monitor progress on security improvements.
Physical Security
Oversee physical security governance for First National, across all locations.
Develop and implement physical security policies and procedures, where required.
Conduct or coordinate physical security risk assessments.
Continual Improvement
Stay current with industry trends and emerging technologies and identify opportunities to integrate them into the GRC and information security program.
Identify new GRC requirements through industry resources, research, and consultation with technology subject matter experts.
The Experience You Need
A bachelor's degree in computer science, information security, or equivalent work experience is required. Graduate degree preferred.
Information security certifications, such as CISA, CISSP, ISO27001, CISM, or equivalent preferred.
A minimum of 6 years of prior experience in GRC management in a medium or large size organization is required.
Experience with SOC2 and ISO 27001 audits and certifications.
Experience in developing and maintaining Information Security policies, standards, processes, guidelines, procedures, and controls, ideally within the Financial Services industry.
Knowledge of physical security principles and practices.
Relationships
Ability to work effectively with business unit and IT department managers, including Application Development, Infrastructure, Operations, Network, Technical Support, and others.
Working Environment And Physical Demands Analysis
Hybrid Office environment
Periods of high volume with tight timelines
Long periods of stationary position/sitting
Prolonged periods of repetitive movement (i.e. using a keyboard and mouse)
Long periods of time in viewing a computer screen
Multi-tasking may include speaking to customers on a telephone call while looking up information on a computer program.
Why join First National?
Competitive Compensation
Comprehensive benefits program (i.e., Health Spending Account, Maternity and Parental Leave Top Up)
Hybrid working environment
Extensive training programs to set our employees up for success
Modern office environment conducive to c