Security GRC Lead - Remote

Overview

As the Security GRC Lead at nesto, you will be responsible for designing, executing, and continuously improving the governance, risk, and compliance programs across the enterprise, ensuring alignment with financial and data protection regulations.

In Short

• Own and evolve information security governance frameworks.
• Ensure complete documentation of policy lifecycle.
• Collaborate with Legal, Compliance, and Privacy teams.
• Lead external audits and certifications (SOC 1, SOC 2, ISO 27001).
• Develop and maintain an audit readiness program.
• Coordinate internal stakeholders for evidence collection.
• Manage the enterprise risk register and facilitate assessments.
• Support third-party risk management.
• Develop Business Continuity and Disaster Recovery plans.
• Manage GRC platform for control mapping and improvement.

Requirements

• 5+ years in GRC, audit, risk management, or cybersecurity.
• Experience with SOC 2, ISO 27001, and external audits.
• Strong knowledge of risk assessment methodologies.
• Familiarity with GRC platforms like Vanta.
• Excellent project management skills.
• Ability to communicate with technical and executive audiences.
• Bilingualism (French/English) preferred.

Benefits

• Opportunity to shape the mortgage industry experience.
• Exclusive employee mortgage program.
• Generous time-off policy (4 weeks vacation).
• Fully paid premium benefits plan from day one.
• Annual health and wellness budget.
• Temporary international work program.
• Hybrid work opportunity.
• Dog-friendly offices in downtown Montreal.