Skip to main content
Back to jobs

Manager, IT Governance, Risk and Compliance

External
petvalu logoPetvalu · 0001 – Markham Office
$125K–$135K/yrContractHybridToday
AccessibilityComplianceDocumentationLeadershipRisk Management
Cover LetterConnect

Prepare for this interview

Elite

AI-generated questions, company research, and talking points tailored to this role

Benefits

The targeted salary range for this position is $125,000 - $135,000 annually. The final offer will be based on factors such as market location, relevant skills, experience and internal equity.Ready to join the team?Why work for us?At Pet Valu, our people are at the heart of everything we do. We're passionate about creating an environment where you feel supported, included, and empowered to grow - both personally and professionally. Some of the perks of working with us include:Hybrid, Flexible Work OptionsComprehensive health and dental benefitsEmployee Share Purchase Plan with company matchingLearning and Development support tailored to youAn inclusive, collaborative culture where your voice mattersFun company events that keep us connectedPreferred rates for car rentals, hotels, phone plans and gym discountsGenerous employee discounts on our productsPet Valu is an equal opportunity employer committed to inclusion and accessibility. Accommodations are available upon request for candidates taking part in all aspects of the recruitment and selection process, in accordance with the Accessibility for Ontarians with Disabilities Act (AODA).At Pet Valu, we are committed to transparency and fairness in our hiring practices. This posting is for an existing vacancy. Pet Valu may use AI enabled technology to assist in the recruiHealth insuranceDental insuranceFlexible scheduleEquity / stock options

Additional Information

Hybrid: Markham, Ontario Job Description: Position: Manager, IT Governance, Risk and Compliance Type: Full-Time | Permanent | Hybrid Location: Markham, ON Reports to : Director, Security and Infrastructure, IT Job Overview The Manager, IT Governance, Risk and Compliance is the IT owner for ICFR, PCI-DSS, NIST Cybersecurity Framework (CSF) 2.0, and Third-Party Risk Management (TPRM). This hands-on leadership role delivers IT controls, evidence, remediation, policy governance, the IT Security Risk Register, and the full TPRM lifecycle while partnering with Finance, Payments, Security, Procurement, and Legal. Essential Duties Act as the primary IT point of contact for internal and external audit partners on ICFR/ITGC, PCI-DSS, and NIST CSF 2.0 audits. Own the IT General Controls (ITGC) portion of the annual ICFR program: scoping, documentation, evidence, walkthroughs, testing support, and remediation. Manage the PCI-DSS IT compliance program (Requirements 1-12, A1-A3), including evidence, QSA support, and remediation. Lead IT-side implementation and maturity of NIST CSF 2.0 across all six functions. Develop, maintain, and govern all IT policies, standards, procedures, and process documentation aligned with ICFR, PCI, and NIST CSF. Own and maintain the IT Security Risk Register (identification, assessment, treatment plans, monitoring, and reporting). Lead the IT Third-Party Risk Management (TPRM) program: vendor risk assessments, due diligence, ongoing monitoring, contract reviews, scoring, and off-boarding for all technology and cloud vendors in scope for ICFR, PCI, or NIST. Coordinate and deliver evidence and responses during internal/external audits and regulatory reviews. Track and drive remediation of IT-related findings from audits and TPRM assessments. Maintain centralized IT controls library and automated evidence repository. Perform regular control self-assessments and continuous monitoring. Report compliance status, risk register, and TPRM metrics to IT leadership, Finance, Procurement, and the Audit Committee. Stay current on regulatory changes and translate them into actionable IT and vendor requirements. Other tasks as assigned. Skills, Experience, Education, Certifications 8+ years of progressive IT governance, risk, compliance, or audit experience. Minimum 4 years in a leadership role. Direct, hands-on experience delivering IT evidence and remediation for ICFR/ITGC , PCI-DSS , NIST CSF , and Third-Party Risk Management programs. Proven ability to work successfully with internal/external audit partners and vendors. Professional certification required (one or more): CISA, CISM, CRISC, CISSP-ISSAP, PCIP, or equivalent. Strong policy, process documentation, and risk register management skills. Hands-on experience running a TPRM program and using vendor risk platforms Competencies Mastery of ICFR/ITGC, PCI-DSS, NIST CSF 2.0, and TPRM Policy and process documentation excellence IT risk register and vendor risk lifecycle ownership Audit coordination and evidence delivery Cross-functional partnership (Finance, Security, Payments, Procurement, Legal) Calm execution under tight audit and vendor review timelines

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at petvalu? Share your experience

Interested in this role?

Apply on the company's website.

Cover LetterConnect