Manager, GRC

Posted 2 days ago

AI Interview Copilot

Job Details

Full Time

Location

Toronto, ON

Job Description

Overview
At KPMG, you'll join a team of diverse and dedicated problem solvers, connected by a common cause: turning insight into opportunity for clients and communities around the world.

Our Technology Risk Services team is growing and we are looking for a Manager, GRC to join our team in Toronto. The Technology Risk Services practice provides a variety of services to our clients. The successful candidate will focus primarily on performing IT internal audit and IT risk advisory engagements. They will also be involved with managing engagements and training our junior staff.

What you will do
Architecture and Delivery

Define enterprise GRC target architecture and solution blueprints (data models, taxonomy, control libraries, business hierarchy, workflows, RBAC).
Lead complex use cases: Enterprise/Operational Risk, Resilience, Regulatory Compliance, Policy, IT/Cyber Risk, Vulnerability, Third Party Risk, Audit, Issues/Remediation, Business Continuity, Risk Analytics.
Perform hands-on configuration/customization across enterprise GRC technologies including custom objects, forms, workflows, reporting.

Technical Implementation and Integration

Implement end-to-end cloud solutions: OOTB package deployment, environment provisioning, platform hardening.
Build APIs/data pipelines; design event-driven integrations for continuous control monitoring and real-time risk insights.
Lead data migration/normalization/lineage; enable control testing automation and risk quantification reporting.

Governance, Methodology, and PMO

Establish Agile SDLC, program governance, RAID, and executive dashboards.
Design operating models (RACI, roles/processes, governance committees, three-lines model, control ownership, issue management).
Maintain GRC taxonomy: risk/control libraries, policies, authority documents, obligations mapping, evidence repositories.

Advisory, Enablement, and Change Management

Advise on regulations and frameworks; create compliance mappings and control rationalization.
Deliver enablement (admin/end-user training, playbooks, SOPs, knowledge transfer).
Drive adoption via stakeholder engagement, champions, benefits tracking; define KPIs for risk posture, compliance maturity, efficiency.

Practice Development and Thought Leadership

Develop accelerators, reference architectures, integration patterns, configuration blueprints.
Publish thought leadership, lead demos/POCs, support RFPs/solutioning; mentor junior staff.
Evaluate emerging capabilities (AI/ML analytics, control automation, continuous monitoring) and guide roadmaps.

What you bring to the role

5-10+ years in Risk Management with GRC specialization; proven lead architect/SME on multi-platform engagements.
End-to-end cloud GRC delivery on MetricStream, Archer, ServiceNow IRM/Compliance, AuditBoard (OOTB deployment and deep configuration).
Platform extension expertise:

MetricStream: M7/M9, data model/workflow extensions, integration APIs.
Archer: Application Builder, workflows, data feeds, calculated fields, reporting, packaging.
ServiceNow: IRM, Policy & Compliance, VRM; GlideScript, Flow Designer, ACLs, CMDB, custom apps.
AuditBoard: Controls/testing, evidence, issues, reporting integrations.

Integrations with SIEM, vulnerability scanners (Qualys/Tenable), CMDB/Business Hierarchy, regulatory feeds, ITSM/Jira, data lakes/warehouses, IAM/LDAP/SSO.
Experience installing/configuring MetricStream and ServiceNow OOTB packages; Archer packaging; AuditBoard onboarding.
Identity and access: LDAP/AD, SAML/OAuth/OIDC, role-based access and entitlements.
Technical skills: Java, JavaScript; REST/SOAP, JSON/XML; Python/PowerShell; SQL.
Agile SDLC leadership; PMO-level governance, risk, and benefits tracking.
Certifications: ServiceNow IRM, Archer, MetricStream, AuditBoard.
Knowledge of FAIR risk quantification, BI/analytics (Power BI/Tableau), continuous control monitoring.
Experience with Azure/AWS/GCP and security architectures for GRC integrations.
Executive advisory presence; strong stakeholder management and communication.
Advanced problem-solving and solution architecture; ability to scale complex requirements.
Cross-functional leadership, mentoring, and consensus-building across business, risk, audit, and technology teams.

Providing you with the support you need to be at your best
Our Values, The KPMG Way
Integrity, we do what is right | Excellence, we never stop learning and improving | Courage, we think and act boldly | Together, we respect each other and draw strength from our differences | For Better, we do what matters

KPMG in Canada is a proud equal opportunities employer and we are committed to creating a respectful, inclusive and barrier-free workplace that allows all of our people to reach their full potential. A diverse workforce is key to our success and we believe in bringing your whole self to work. We welcome all qualified candidates to apply and hope you will choose KPMG in Canada as your employer of choice.

Adjustments and accommodations throughout the recruitment process
At KPMG, we are committed to fostering an inclusive recruitment process where all candidates can be themselves and excel. We aim to provide a positive experience and are prepared to offer adjustments or accommodations to help you perform at your best. Adjustments (informal requests), such as extra preparation time or the option for micro breaks during interviews, and accommodations (formal requests), such as accessible communication supports or technology aids, are tailored to individual needs and role requirements. You will have an opportunity to request an adjustment or accommodation at any point throughout the recruitment process. If you require support, please contact KPMG's Employee Relations Service team by calling 1-888-466-4778.

About KPMG

KPMG LLP is the Canadian member firm of KPMG International. We provide Audit, Tax, and Advisory services to many of the public and private business, not-for profit, and public sector organizations in Canada. Nationally, there are 40 offices and over 700 partners and 7,000 employees working together to help Canadian businesses achieve their goals. Leveraging the skills, knowledge and passion of our firm and our people allows us to serve our clients with uncompromising professionalism, cutting through complexity to provide valuable insight—in Canada and around the world. KPMG s.r.l./S.E.N.C.R.L. est le cabinet canadien membre de KPMG International Cooperative (« KPMG International »). Nous offrons des services professionnels en audit et en fiscalité ainsi que des services-conseils à une vaste clientèle composée notamment de sociétés ouvertes et fermées, d’organismes sans but lucratif et d’organisations du secteur public au Canada. KPMG compte 40 bureaux à l’échelle nationale, au sein desquels collaborent plus de 700 associés et 7 000 employés pour aider les sociétés canadiennes à atteindre leurs objectifs. Nous misons sur les compétences et le savoir-faire de notre équipe pour servir nos clients − au Canada et ailleurs dans le monde − avec rigueur et professionnalisme. Notre mission première : simplifier la complexité en proposant des perspectives éclairantes.