The Security GRC team plays a critical role in adhering to security frameworks and creating space for risk mitigation and oversight. We want to ensure that Wealthsimple maintains a secure operational environment by implementing and monitoring controls designed to protect information, systems and infrastructure.
We are looking to expand the Security GRC team with a Manager, Security Compliance to lead our SOX and ICFR compliance program. This role will be instrumental in ensuring Wealthsimple meets its regulatory obligations around internal controls over financial reporting while building a scalable compliance function.
You will focus on owning and maturing our SOX and ICFR compliance program and have the opportunity to expand your scope to oversee the broader compliance function, including SOC 1& 2, PCI DSS, and NIST frameworks and leading a team of specialists. You'll work closely with teams across Security, Finance, Legal, Product, and Engineering to ensure controls are designed, implemented, and operating effectively.
In this role, you'll have the opportunity to- Own and manage the IT general controls (ITGCs) component of the ICFR compliance program while supporting the build out of the ITGCs & IT Application controls (ITAC) for the SOX program from the ground up, leveraging existing frameworks and controls where applicable
- Partner with Finance, IT, and business stakeholders to identify and document key controls over financial reporting, ensuring controls are designed and in place ahead of audit cycles
- Ensure ITGCs and ITACs supporting financial systems are properly documented and operating as intended
- Serve as the primary point of contact for external auditors, coordinating evidence requests, walkthroughs, and finding remediation
- Build and maintain a controls inventory with clear ownership, documentation standards, and readiness status
- Work cross-functionally with control owners to ensure gaps are identified early and remediation plans are in place before audit periods
- Develop and report on compliance readiness and control health to senior leadership
- Drive continuous improvement in the efficiency and effectiveness of the SOX Compliance system (AuditBoard) and related technologies
- Maintain current knowledge of emerging risks, industry trends, and regulatory changes relevant to the business and the audit profession
- Expand ownership to include SOC 1&2, PCI DSS, and NIST compliance programs, building a unified compliance function
- Lead a small team of compliance specialists, providing mentorship, prioritization, and ensuring alignment across the aforementioned compliance initiatives
What you'll bring- 6-8 years of experience in IT audit, compliance, or security assurance, with deep expertise in SOX/ICFR compliance (preferably in financial services or fintech)
- Strong understanding of COSO framework, ITGCs, ITACs, and control design principles
- Experience working with external auditors on SOX engagements, particularly in a coordination or liaison capacity
- Proven ability to lead and manage a team, ensuring that audit deliverables are met efficiently and on time.
- Working knowledge of SOC, PCI DSS, and/or NIST frameworks is a strong asset
- Proven ability to manage multiple compliance workstreams and competing priorities
- Strong stakeholder management and communication skills with ability to influence across technical and non-technical teams
- Experience with GRC tools and control management platforms
- Self-directed professional who can build programs from the ground up and drive initiatives to completion
- Relevant certifications preferred (CISA, CISSP, CPA, CIA, or equivalent)
