What you will doArchitecture and Delivery
- Define enterprise GRC target architecture and solution blueprints (data models, taxonomy, control libraries, business hierarchy, workflows, RBAC).
- Lead complex use cases: Enterprise/Operational Risk, Resilience, Regulatory Compliance, Policy, IT/Cyber Risk, Vulnerability, Third Party Risk, Audit, Issues/Remediation, Business Continuity, Risk Analytics.
- Perform hands-on configuration/customization across enterprise GRC technologies including custom objects, forms, workflows, reporting.
Technical Implementation and Integration
- Implement end-to-end cloud solutions: OOTB package deployment, environment provisioning, platform hardening.
- Build APIs/data pipelines; design event-driven integrations for continuous control monitoring and real-time risk insights.
- Lead data migration/normalization/lineage; enable control testing automation and risk quantification reporting.
Governance, Methodology, and PMO
- Establish Agile SDLC, program governance, RAID, and executive dashboards.
- Design operating models (RACI, roles/processes, governance committees, three-lines model, control ownership, issue management).
- Maintain GRC taxonomy: risk/control libraries, policies, authority documents, obligations mapping, evidence repositories.
Advisory, Enablement, and Change Management
- Advise on regulations and frameworks; create compliance mappings and control rationalization.
- Deliver enablement (admin/end-user training, playbooks, SOPs, knowledge transfer).
- Drive adoption via stakeholder engagement, champions, benefits tracking; define KPIs for risk posture, compliance maturity, efficiency.
Practice Development and Thought Leadership
- Develop accelerators, reference architectures, integration patterns, configuration blueprints.
- Publish thought leadership, lead demos/POCs, support RFPs/solutioning; mentor junior staff.
- Evaluate emerging capabilities (AI/ML analytics, control automation, continuous monitoring) and guide roadmaps.
What you bring to the role- 10-15+ years in Risk Management with GRC specialization; proven lead architect/SME on multi-platform engagements.
- End-to-end cloud GRC delivery on MetricStream, Archer, ServiceNow IRM/Compliance, AuditBoard (OOTB deployment and deep configuration).
- Platform extension expertise:
- MetricStream: M7/M9, data model/workflow extensions, integration APIs.
- Archer: Application Builder, workflows, data feeds, calculated fields, reporting, packaging.
- ServiceNow: IRM, Policy & Compliance, VRM; GlideScript, Flow Designer, ACLs, CMDB, custom apps.
- AuditBoard: Controls/testing, evidence, issues, reporting integrations.
- Integrations with SIEM, vulnerability scanners (Qualys/Tenable), CMDB/Business Hierarchy, regulatory feeds, ITSM/Jira, data lakes/warehouses, IAM/LDAP/SSO.
- Experience installing/configuring MetricStream and ServiceNow OOTB packages; Archer packaging; AuditBoard onboarding.
- Identity and access: LDAP/AD, SAML/OAuth/OIDC, role-based access and entitlements.
- Technical skills: Java, JavaScript; REST/SOAP, JSON/XML; Python/PowerShell; SQL.
- Agile SDLC leadership; PMO-level governance, risk, and benefits tracking.
- Certifications: ServiceNow IRM, Archer, MetricStream, AuditBoard.
- Knowledge of FAIR risk quantification, BI/analytics (Power BI/Tableau), continuous control monitoring.
- Experience with Azure/AWS/GCP and security architectures for GRC integrations.
- Executive advisory presence; strong stakeholder management and communication.
- Advanced problem-solving and solution architecture; ability to scale complex requirements.
- Cross-functional leadership, mentoring, and consensus-building across business, risk, audit, and technology teams.
KPMG Ontario Region Pay Range InformationThe expected base salary range for this position is $130,000 to $180,000 and may be eligible for bonus awards. The determination of an applicant's base salary within this range is based on the individual's location, skills & competencies, and unique qualifications. In addition, KPMG offers a comprehensive and competitive Total Rewards program.