IT GRC and operations professional

IT Governance, Risk, Compliance (GRC) and Operations Professional

Position Overview

The IT GRC and Operations Professional is responsible for supporting the organizations IT governance, risk management programs, compliance initiatives, while ensuring seamless integration with day-to-day IT operational activities. The role ensures that IT and Information Security controls are properly designed, implemented, monitored, and continuously improved to meet internal policies and external regulatory obligations. This position will collaborate closely with cross-functional teams, internal stakeholders, and external auditors to maintain a robust control environment and operational excellence.

Key Responsibilities

1. Governance, Risk, and Compliance

• Develop, implement, and maintain IT governance frameworks (e.g. ITIL, COBIT) aligned with organizational goals and business objectives.
• Support the implementation and maintenance of the Information Security Management System (ISMS) aligned with ISO 27001 and SOC 2.
• Assist in performing regular risk assessments, control testing, gap analysis, and remediation tracking. Provide risk insights to support decision-making for IT projects and operations.
• Maintain and update GRC documentation, including policies, procedures, standards, guidelines, and risk registers.
• Coordinate external audits (SOC 2, ISO 27001, privacy and client audits) and internal audits; manage evidence collection and audit responses.
• Monitor regulatory and industry requirements (GDPR, CCPA, GLBA, NIST etc.) and support the incorporation of compliance obligations into IT operations.
• Evaluate and monitor risks associated with vendors and service providers. Conduct due diligence third party assessments and ensure contractual compliance with security and operational requirements.
• Assist with security and compliance reporting to management and stakeholders.
• Promote a culture of security, compliance, and operational excellence across the organization.

2. IT Operations Integration

• Support IT service delivery and operational processes, including incident management, change management, asset management, and access management.
• Maintain IT infrastructure and service documentation, inventories, system configurations, and SOPs.
• Assist in vulnerability and patch management workflows, including prioritization, testing, deployment, and reporting.
• Demonstrate working knowledge of cloud platforms (e.g., Microsoft 365, Azure, AWS), and system administration activities.
• Track and maintain IT operational metrics and dashboards to support decision-making and operational improvements while ensuring adherence to SLAs, policies and procedures.
• Support IT onboarding/offboarding processes and workflow automation initiatives.
• Assist in change management process to assess risks associated with IT changes.
• Support incident management and problem resolution from a risk and compliance perspective.

3. Security Operations Support

• Assist in monitoring security events, alerts, vulnerabilities, and remediation progress.
• Help review and analyze security logs, access review reports, and other monitoring outputs.
• Support ongoing security and compliance awareness training initiatives, including campaign administration, tracking, and reporting.
• Contribute to the improvement of incident response procedures and help coordinate incident investigations.
• Demonstrate working knowledge of cybersecurity solutions (e.g. network security, DLP, XDR/EDR, SIEM, MDM, encryption etc.)

Qualifications and Experience

• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or a related discipline (or equivalent experience).
• 5+ years of experience in IT governance, risk management, compliance, and operations roles
• Experience supporting ISO 27001, SOC 2, or similar compliance frameworks is preferred.
• Exposure to ITIL practices is an asset.
• Proven experience collaborating with auditors and responding to audit inquiries is an advantage.
• Good understanding of IT controls, risk management methodologies, and compliance frameworks.
• Familiarity with Microsoft 365, Azure AD/Entra ID, cloud platforms, and modern IT infrastructure.
• Proficiency with documentation, reporting, and workflow tools (SharePoint, Confluence, etc.).
• Broad understanding of an ITIL-based business process and technology process. Experience with ITSM tool is a must.
• Project management experience with a focus on risk and compliance projects is a plus.
• Detail-oriented with strong ownership and accountability.
• Exceptional strategic thinking, leading change, problem solving, communication, conflict management and resolution and interpersonal skills with high resilience and drive in achieving objectives and goals
• Excellent communication, documentation and stakeholder management skills.
• Strong time management, ability to prioritize multiple tasks in a fast-paced environment and work well under pressure and meet deadlines, demonstrating high motivation, integrity, and responsibility.
• Ability to work both independently and collaboratively, relevant experience in a multi-cultural work environment fostering a climate of teamwork and collaboration.
• Proficient in both Verbal and Written English as well as good interpersonal skills
• Possession of relevant certifications such as PMP, CISA, CISSP, CRISC or ITIL Foundation are highly desirable.