Job Description

Overview:
Reporting to the Manager, Cybersecurity & IT Governance, Risk and Compliance, the IT Governance, Risk & Compliance (GRC) Officer is accountable for the daily oversight and coordination of the IT GRC function. This position ensures the consistent execution of IT risk management, compliance monitoring, and governance practices across the IT Division.
Serving as a subject matter expert (SME) and operational lead, the Officer supports the implementation of frameworks, policies, and controls that align with corporate objectives and regulatory obligations. The role also contributes to task coordination and quality assurance across GRC deliverables.
The Officer leads and coordinates project-related activities, assisting team members with risk assessments, control evaluations, and compliance monitoring to ensure alignment with internal standards, external requirements, and strategic objectives. This includes enabling comprehensive visibility of IT risk across the organisation.
Responsibilities:

• Lead the planning and execution of IT risk assessments across the IT and business units and technology domains.
• Ensure assessments are aligned with the enterprise risk management framework and identify key risks, control gaps, and mitigation strategies.
• Oversee the design and execution of control testing procedures to evaluate the effectiveness of IT controls.
• Ensure timely remediation of deficiencies and maintain documentation to support audit readiness.
• Maintain and update the integrated IT Risk Register, ensuring risks are accurately documented, categorized, and prioritized.
• Monitor compliance with internal policies, regulatory requirements (e.g., FIPPA, PHIA), and industry standards (e.g., ISO 27001, NIST, PCI-DSS, ITIL).
• Coordinate periodic reviews and assessments to ensure ongoing adherence.
• Function as the primary liaison for internal and external audits related to IT risk, compliance, and governance.
• Collaborate with stakeholders to ensure timely and effective resolution of audit issues and continuous improvement of audit readiness.
• Lead the implementation of third-party risk management processes.
• Review vendor risk assessments and ensure appropriate controls are in place for outsourced services and cloud providers.
• Develop and maintain dashboards and reports on key risk indicators (KRIs), compliance status, and control effectiveness.
• Support the development and maintenance of GRC documentation and ensure it is accessible and up to date.
• Work closely with cybersecurity, legal, privacy, and enterprise risk teams to ensure a coordinated approach to risk management.
• Serve as the primary point of contact for stakeholders during compliance and risk management project lifecycles.
• Develop and manage project plans, timelines, and deliverables for key compliance initiatives (e.g., ISO 27001 certification, internal assessments).
• Support the implementation and maintenance of the IT governance framework to ensure alignment between IT strategies and business objectives.
• Facilitate the application of governance principles across IT initiatives, ensuring consistency, accountability, and transparency in decision-making.
• Lead the operational management of IT policies, standards, and procedures. This includes drafting, reviewing, updating, and coordinating the approval process.
• Ensure policies are accessible, clearly communicated, and regularly reviewed for relevance and compliance with evolving regulatory and organizational requirements.
• Ensure that IT policies and standards are aligned with recognized frameworks such as COBIT, ISO 27001, and NIST.
• Collaborate with cybersecurity, legal, and compliance teams to ensure policies reflect best practices and regulatory obligations.
• Develop and maintain dashboards and reports that track policy compliance, governance maturity, and control effectiveness.
• Provide regular updates to IT leadership and contribute to enterprise governance reporting.
• Provides SME-level mentorship, regular feedback and uses coaching techniques as a means for development of junior team members.
• Lead the development and execution of a structured IT knowledge management strategy that supports the capture, organization, and dissemination of critical information across the IT functions.
• Oversee the maintenance and continuous improvement of centralized knowledge repositories to ensure IT teams have access to accurate, up-to-date, and searchable documentation, including SOPs, technical standards, process flows, and FAQs.
• Implement processes for the creation, review, approval, and retirement of IT knowledge assets.
• Evaluate and recommend tools and platforms that enhance knowledge capture, collaboration, and retrieval.
• Ensure integration with existing ITSM, GRC, and collaboration platforms to streamline access and usage.

Qualifications:
Education and Experience

• University degree or four-year college diploma in Computer Science, Business or similar discipline or a related discipline from a recognized university or college.
• Seven years of experience in Information Technology, IT Risk & Compliance Management and/or Cybersecurity.

OR

• A two-year diploma in a relevant field from an accredited institution.
• Nine years of experience in Information Technology, IT Risk & Compliance Management and/or Cybersecurity.

In addition to:

• A professional certification or equivalent from a recognized education institution or company relevant to audit or risk, including:

• Certified in Risk and Information Systems Control (CRISC)
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)
• Certified in Governance of Enterprise IT (CGEIT)
• Demonstrated record of related continuing education in the field.

Conditions of Employment:
Applicants are required to provide a criminal record check as part of the recruitment process Employee Benefits:
Health benefits
We offer a comprehensive health benefits program that includes:

• flexible health, dental and vision plans
• health spending account
• travel health coverage
• other extended health benefits such as ambulance, massage and physiotherapy

Financial security
In an effort to support financial security, we offer:

• registered pension plan
• group, dependent, and optional life insurance coverage
• critical illness insurance
• sick leave to cover short-term disability
• long-term disability

Wellness
We offer programs that focus on how to better achieve a balance between work and personal commitments, as well as maintain a healthy workplace culture. This includes:

• vacation entitlement
• flexible work arrangement for eligible positions
• maternity, parental and adoptive leaves
• bereavement and family responsibility leaves
• employee and family assistance program
• mental-health programming
• lunch-and-learn offerings
• discounted gym memberships and wellness account

Diversity and inclusion
Manitoba Public Insurance believes that diversity and inclusion strengthens us. We consider ourselves to be a barrier-free organization where individual values, beliefs and practices are respected and appreciated for the diversity they bring to our work life.
Employee recognition
It's important to recognize our employees for their contributions. Not only do we recognize employees as they achieve milestone years in their careers, we also have several outlets for leaders and peers to reward each other for work well done.
Professional development
We want our employees to grow, which is why we offer support in keeping their skills up-to-date. We offer in-house training, professional development and an educational assistance program.
Safety and health
In an effort to encourage a safe and healthy work environment, we offer various safety, health and workplace policies and programs along with technical expertise and assistance to support employee activities in safety and health.

Skills Required