Senior Manager GRC

KPMG

$130K — $180K *
Business Services
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • 10-15+ years in Risk Management with GRC specialization.
  • Proven lead architect/SME on multi-platform engagements.
  • End-to-end cloud GRC delivery experience with platforms like MetricStream and ServiceNow.
  • Technical skills in programming languages such as Java and Python, as well as understanding REST/SOAP and SQL.
  • Certifications in ServiceNow IRM, Archer, MetricStream, or AuditBoard.

Responsibilities

  • Define enterprise governance, risk, and compliance (GRC) target architecture and blueprints.
  • Lead complex risk management use cases across various domains such as cyber risk and regulatory compliance.
  • Implement cloud solutions and customize GRC technologies for clients.
  • Drive advisory services, creating mappings, and control rationalization for compliance.
  • Develop accelerators, reference architectures, and lead demonstrations or proofs of concept.

Benefits

  • Inclusive and barrier-free workplace fostering diverse workforce.
  • Opportunities for personal and professional growth through ongoing learning.
  • Supportive environment encouraging respect and collaboration among team members.
Full Job Description
What you will do

Architecture and Delivery
  • Define enterprise GRC target architecture and solution blueprints (data models, taxonomy, control libraries, business hierarchy, workflows, RBAC).
  • Lead complex use cases: Enterprise/Operational Risk, Resilience, Regulatory Compliance, Policy, IT/Cyber Risk, Vulnerability, Third Party Risk, Audit, Issues/Remediation, Business Continuity, Risk Analytics.
  • Perform hands-on configuration/customization across enterprise GRC technologies including custom objects, forms, workflows, reporting.

Technical Implementation and Integration
  • Implement end-to-end cloud solutions: OOTB package deployment, environment provisioning, platform hardening.
  • Build APIs/data pipelines; design event-driven integrations for continuous control monitoring and real-time risk insights.
  • Lead data migration/normalization/lineage; enable control testing automation and risk quantification reporting.

Governance, Methodology, and PMO
  • Establish Agile SDLC, program governance, RAID, and executive dashboards.
  • Design operating models (RACI, roles/processes, governance committees, three-lines model, control ownership, issue management).
  • Maintain GRC taxonomy: risk/control libraries, policies, authority documents, obligations mapping, evidence repositories.

Advisory, Enablement, and Change Management
  • Advise on regulations and frameworks; create compliance mappings and control rationalization.
  • Deliver enablement (admin/end-user training, playbooks, SOPs, knowledge transfer).
  • Drive adoption via stakeholder engagement, champions, benefits tracking; define KPIs for risk posture, compliance maturity, efficiency.

Practice Development and Thought Leadership
  • Develop accelerators, reference architectures, integration patterns, configuration blueprints.
  • Publish thought leadership, lead demos/POCs, support RFPs/solutioning; mentor junior staff.
  • Evaluate emerging capabilities (AI/ML analytics, control automation, continuous monitoring) and guide roadmaps.

What you bring to the role

  • 10-15+ years in Risk Management with GRC specialization; proven lead architect/SME on multi-platform engagements.
  • End-to-end cloud GRC delivery on MetricStream, Archer, ServiceNow IRM/Compliance, AuditBoard (OOTB deployment and deep configuration).
  • Platform extension expertise:
    • MetricStream: M7/M9, data model/workflow extensions, integration APIs.
    • Archer: Application Builder, workflows, data feeds, calculated fields, reporting, packaging.
    • ServiceNow: IRM, Policy & Compliance, VRM; GlideScript, Flow Designer, ACLs, CMDB, custom apps.
    • AuditBoard: Controls/testing, evidence, issues, reporting integrations.
  • Integrations with SIEM, vulnerability scanners (Qualys/Tenable), CMDB/Business Hierarchy, regulatory feeds, ITSM/Jira, data lakes/warehouses, IAM/LDAP/SSO.
  • Experience installing/configuring MetricStream and ServiceNow OOTB packages; Archer packaging; AuditBoard onboarding.
  • Identity and access: LDAP/AD, SAML/OAuth/OIDC, role-based access and entitlements.
  • Technical skills: Java, JavaScript; REST/SOAP, JSON/XML; Python/PowerShell; SQL.
  • Agile SDLC leadership; PMO-level governance, risk, and benefits tracking.
  • Certifications: ServiceNow IRM, Archer, MetricStream, AuditBoard.
  • Knowledge of FAIR risk quantification, BI/analytics (Power BI/Tableau), continuous control monitoring.
  • Experience with Azure/AWS/GCP and security architectures for GRC integrations.
  • Executive advisory presence; strong stakeholder management and communication.
  • Advanced problem-solving and solution architecture; ability to scale complex requirements.
  • Cross-functional leadership, mentoring, and consensus-building across business, risk, audit, and technology teams.

KPMG Ontario Region Pay Range Information

The expected base salary range for this position is $130,000 to $180,000 and may be eligible for bonus awards. The determination of an applicant's base salary within this range is based on the individual's location, skills & competencies, and unique qualifications. In addition, KPMG offers a comprehensive and competitive Total Rewards program.

Similar Jobs

More Jobs at KPMG

More Business Services Jobs

Find similar Senior Manager GRC jobs: