OverviewOur Technology Risk Services team is growing and we are looking for a Manager, GRC to join our team in Toronto. The Technology Risk Services practice provides a variety of services to our clients. The successful candidate will focus primarily on performing IT internal audit and IT risk advisory engagements. They will also be involved with managing engagements and training our junior staff.
What you will doArchitecture and Delivery
- Define enterprise GRC target architecture and solution blueprints (data models, taxonomy, control libraries, business hierarchy, workflows, RBAC).
- Lead complex use cases: Enterprise/Operational Risk, Resilience, Regulatory Compliance, Policy, IT/Cyber Risk, Vulnerability, Third Party Risk, Audit, Issues/Remediation, Business Continuity, Risk Analytics.
- Perform hands-on configuration/customization across enterprise GRC technologies including custom objects, forms, workflows, reporting.
Technical Implementation and Integration
- Implement end-to-end cloud solutions: OOTB package deployment, environment provisioning, platform hardening.
- Build APIs/data pipelines; design event-driven integrations for continuous control monitoring and real-time risk insights.
- Lead data migration/normalization/lineage; enable control testing automation and risk quantification reporting.
Governance, Methodology, and PMO
- Establish Agile SDLC, program governance, RAID, and executive dashboards.
- Design operating models (RACI, roles/processes, governance committees, three-lines model, control ownership, issue management).
- Maintain GRC taxonomy: risk/control libraries, policies, authority documents, obligations mapping, evidence repositories.
Advisory, Enablement, and Change Management
- Advise on regulations and frameworks; create compliance mappings and control rationalization.
- Deliver enablement (admin/end-user training, playbooks, SOPs, knowledge transfer).
- Drive adoption via stakeholder engagement, champions, benefits tracking; define KPIs for risk posture, compliance maturity, efficiency.
Practice Development and Thought Leadership
- Develop accelerators, reference architectures, integration patterns, configuration blueprints.
- Publish thought leadership, lead demos/POCs, support RFPs/solutioning; mentor junior staff.
- Evaluate emerging capabilities (AI/ML analytics, control automation, continuous monitoring) and guide roadmaps.
What you bring to the role- 5-8 years in Risk Management with GRC specialization; proven lead architect/SME on multi-platform engagements.
- End-to-end cloud GRC delivery on MetricStream, Archer, ServiceNow IRM/Compliance, AuditBoard, Workiva.
- Experience installing/configuring MetricStream, Archer, and ServiceNow IRM/Compliance, AuditBoard, Workiva.
- Identity and access: LDAP/AD, SAML/OAuth/OIDC, role-based access and entitlements.
- Technical skills: Java, JavaScript; REST/SOAP, JSON/XML; Python/PowerShell; SQL.
- Agile SDLC leadership; PMO-level governance, risk, and benefits tracking.
- Prefered Certifications: ServiceNow.
- Knowledge of FAIR risk quantification, BI/analytics (Power BI/Tableau), continuous control monitoring.
- Experience with Azure/AWS/GCP and security architectures for GRC integrations.
- Advisory presence; strong stakeholder management and communication.
- Advanced problem-solving and solution architecture; ability to scale complex requirements.
- Cross-functional leadership, mentoring, and consensus-building across business, risk, audit, and technology teams.
KPMG Ontario Region Pay Range InformationThe expected base salary range for this position is $98,000 to $139,500 and may be eligible for bonus awards. The determination of an applicant's base salary within this range is based on the individual's location, skills & competencies, and unique qualifications. In addition, KPMG offers a comprehensive and competitive Total Rewards program.
Providing you with the support you need to be at your bestOur Values, The KPMG WayIntegrity, we do what is right |
Excellence, we never stop learning and improving |
Courage, we think and act boldly |
Together, we respect each other and draw strength from our differences |
For Better, we do what matters