Manager, GRC

KPMG

$98K — $139K *
Business Services
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 5-8 years in Risk Management with a focus on GRC specialization.
  • Experience in leading architecture on multi-platform engagements.
  • Proven abilities in end-to-end cloud GRC delivery using tools like MetricStream and ServiceNow.
  • Strong familiarity with technical integration using Java, REST, JSON, Python, and SQL.
  • Experience with identity and access management protocols like LDAP and SAML.

Responsibilities

  • Define GRC architecture and solution blueprints for enterprise clients.
  • Lead complex risk management use cases across various domains.
  • Implement cloud solutions and drive technical configurations for GRC.
  • Establish Agile methodologies and governance frameworks for project oversight.
  • Advise clients on compliance, enabling effective risk management strategies.
  • Develop thought leadership pieces and mentor junior staff in the GRC field.

Benefits

  • Flexible working arrangements to support work-life balance.
  • Inclusive workplace culture fostering diversity and respect.
  • Opportunities for professional development and continuous learning.
  • Adjustments and accommodations throughout the recruitment process.
Full Job Description
Overview

Our Technology Risk Services team is growing and we are looking for a Manager, GRC to join our team in Toronto. The Technology Risk Services practice provides a variety of services to our clients. The successful candidate will focus primarily on performing IT internal audit and IT risk advisory engagements. They will also be involved with managing engagements and training our junior staff.

What you will do

Architecture and Delivery
  • Define enterprise GRC target architecture and solution blueprints (data models, taxonomy, control libraries, business hierarchy, workflows, RBAC).
  • Lead complex use cases: Enterprise/Operational Risk, Resilience, Regulatory Compliance, Policy, IT/Cyber Risk, Vulnerability, Third Party Risk, Audit, Issues/Remediation, Business Continuity, Risk Analytics.
  • Perform hands-on configuration/customization across enterprise GRC technologies including custom objects, forms, workflows, reporting.

Technical Implementation and Integration
  • Implement end-to-end cloud solutions: OOTB package deployment, environment provisioning, platform hardening.
  • Build APIs/data pipelines; design event-driven integrations for continuous control monitoring and real-time risk insights.
  • Lead data migration/normalization/lineage; enable control testing automation and risk quantification reporting.

Governance, Methodology, and PMO
  • Establish Agile SDLC, program governance, RAID, and executive dashboards.
  • Design operating models (RACI, roles/processes, governance committees, three-lines model, control ownership, issue management).
  • Maintain GRC taxonomy: risk/control libraries, policies, authority documents, obligations mapping, evidence repositories.

Advisory, Enablement, and Change Management
  • Advise on regulations and frameworks; create compliance mappings and control rationalization.
  • Deliver enablement (admin/end-user training, playbooks, SOPs, knowledge transfer).
  • Drive adoption via stakeholder engagement, champions, benefits tracking; define KPIs for risk posture, compliance maturity, efficiency.

Practice Development and Thought Leadership
  • Develop accelerators, reference architectures, integration patterns, configuration blueprints.
  • Publish thought leadership, lead demos/POCs, support RFPs/solutioning; mentor junior staff.
  • Evaluate emerging capabilities (AI/ML analytics, control automation, continuous monitoring) and guide roadmaps.

What you bring to the role

  • 5-8 years in Risk Management with GRC specialization; proven lead architect/SME on multi-platform engagements.
  • End-to-end cloud GRC delivery on MetricStream, Archer, ServiceNow IRM/Compliance, AuditBoard, Workiva.
  • Experience installing/configuring MetricStream, Archer, and ServiceNow IRM/Compliance, AuditBoard, Workiva.
  • Identity and access: LDAP/AD, SAML/OAuth/OIDC, role-based access and entitlements.
  • Technical skills: Java, JavaScript; REST/SOAP, JSON/XML; Python/PowerShell; SQL.
  • Agile SDLC leadership; PMO-level governance, risk, and benefits tracking.
  • Prefered Certifications: ServiceNow.
  • Knowledge of FAIR risk quantification, BI/analytics (Power BI/Tableau), continuous control monitoring.
  • Experience with Azure/AWS/GCP and security architectures for GRC integrations.
  • Advisory presence; strong stakeholder management and communication.
  • Advanced problem-solving and solution architecture; ability to scale complex requirements.
  • Cross-functional leadership, mentoring, and consensus-building across business, risk, audit, and technology teams.

KPMG Ontario Region Pay Range Information

The expected base salary range for this position is $98,000 to $139,500 and may be eligible for bonus awards. The determination of an applicant's base salary within this range is based on the individual's location, skills & competencies, and unique qualifications. In addition, KPMG offers a comprehensive and competitive Total Rewards program.

Providing you with the support you need to be at your best

Our Values, The KPMG Way

Integrity, we do what is right | Excellence, we never stop learning and improving | Courage, we think and act boldly | Together, we respect each other and draw strength from our differences | For Better, we do what matters

Similar Jobs

More Jobs at KPMG

More Business Services Jobs

Find similar Manager, GRC jobs: