Sr Project Manager - Data Governance
About the role
Project Manager - Data Governance (Independent Contractor)
Location: Hybrid Downtown Toronto (2-3 days onsite)
Length of project related mandate length: 12 months Estimated level of effort: 37.5 hours per week
About CIRO
As a self-regulatory organization, our mission is to promote healthy capital markets by regulating fairly and effectively so that investors are protected and confident investing in their futures. At the we are committed to setting high regulatory standards for the investment.
The Opportunity
This is a business to business contract opportunity intended for individuals operating through their own incorporated business. The successful contractor will provide services under the terms of a professional services agreement.
The deliverables from the mandate will strengthen CIRO’s ability to anticipate, withstand, and recover from cyber threats. CIRO’s resilience programs align with Canadian regulatory frameworks, protect investor confidence, and support the stability of capital markets.
Areas of Delivery
1: Data Governance Workstream Strategy 2: Integrated Project Plan 3: Purview Implementation and Configuration 4: Enterprise Data Classification 5: Governance Framework and Operating Artifacts 6: Stakeholder Engagement and Decision Support 7: Reporting and Readiness Assessment 8: Change Management and Adoption Package
Scope of Services
The contractor is expected to perform activities such as
Lead the Data Management and Data Governance workstreams as part of the cyber resilience initiative, ensuring alignment with CIRO’s policy, privacy, security, and regulatory obligations. Development and management an integrated project plan covering scope, milestones, dependencies, deliverables, risks, issues, resourcing, testing, change management, and operational handoff. Coordination and implementation of Purview capabilities, including data discovery, scanning, sensitivity labels, classification rules, DLP, audit, reporting, and governance controls. Enterprise data classification across Microsoft 365, SharePoint, OneDrive, Teams, file shares, databases, cloud repositories, and other priority data stores. Partner with data owners, stewards, custodians, Information Security, Privacy, Legal, Risk, IT, and business teams to confirm priorities, requirements, remediation needs, and decision points. Development of classification taxonomies, label structures, data handling rules, operating procedures, playbooks, runbooks, and adoption materials. Facilitation of workshops, working groups, and stakeholder reviews to resolve blockers, secure sign-offs, and align delivery sequencing across workstreams. Establishment of reporting to track progress, risks, issues, dependencies, scan coverage, classification accuracy, remediation status, adoption, and readiness for transition to operations. Support for change management through communications, training, FAQs, stakeholder briefings, and business readiness activities. Coordination testing, tuning, validation, and post-implementation monitoring to ensure Purview controls reduce data protection risk while minimizing business disruption.
Required skills and experience
7+ years of IT Program or Project management experience in Data Governance Programs and implementing Data Governance tools Strong knowledge of Canadian regulatory frameworks (e.g., OSFI’s Technology and Cyber Risk Management Guidelines, CSA rules, CIRO requirements). Familiarity with global standards such as NIST Cybersecurity, AI, Data Privacy Framework, ISO 27001, and the EU’s Digital Operational Resilience Act (DORA) for cross-border alignment. Proven ability to manage complex, multi-stakeholder programs in regulated environments. Bachelor’s degree in Information Technology, Finance, Risk Management, or equivalent relevant experience.
Competencies
Deep understanding of the intersection between Data Governance and Canadian financial regulation. Strategic thinker with the ability to translate regulatory requirements into actionable resilience programs. Strong communication skills to engage regulators, executives, and technical teams. Collaborative mindset with a focus on building trust across regulatory and industry stakeholders.
Contractor Requirements
To be considered, contractors should: Be incorporated and legally authorized to conduct business in Canada Carry appropriate liability insurance Be responsible for all applicable taxes, statutory remittances, and business expenses Be able to enter into a professional services/consulting agreement Provide professional references upon request
Not the right fit? Search for Project Manager jobs in Toronto, Ontario, Canada
About CIRO / OCRI
L’Organisme canadien de réglementation des investissements (OCRI) est déterminé à protéger les investisseurs, à assurer une réglementation efficace et uniforme et à renforcer la confiance des Canadiens dans la réglementation financière et les personnes qui s’occupent de leurs placements.
The Canadian Investment Regulatory Organization (CIRO) is committed to the protection of investors, providing efficient and consistent regulation, and building Canadians’ trust in financial regulation and the people managing their investments.
Similar Jobs
Sr Project Manager - Data Governance
About the role
Project Manager - Data Governance (Independent Contractor)
Location: Hybrid Downtown Toronto (2-3 days onsite)
Length of project related mandate length: 12 months Estimated level of effort: 37.5 hours per week
About CIRO
As a self-regulatory organization, our mission is to promote healthy capital markets by regulating fairly and effectively so that investors are protected and confident investing in their futures. At the we are committed to setting high regulatory standards for the investment.
The Opportunity
This is a business to business contract opportunity intended for individuals operating through their own incorporated business. The successful contractor will provide services under the terms of a professional services agreement.
The deliverables from the mandate will strengthen CIRO’s ability to anticipate, withstand, and recover from cyber threats. CIRO’s resilience programs align with Canadian regulatory frameworks, protect investor confidence, and support the stability of capital markets.
Areas of Delivery
1: Data Governance Workstream Strategy 2: Integrated Project Plan 3: Purview Implementation and Configuration 4: Enterprise Data Classification 5: Governance Framework and Operating Artifacts 6: Stakeholder Engagement and Decision Support 7: Reporting and Readiness Assessment 8: Change Management and Adoption Package
Scope of Services
The contractor is expected to perform activities such as
Lead the Data Management and Data Governance workstreams as part of the cyber resilience initiative, ensuring alignment with CIRO’s policy, privacy, security, and regulatory obligations. Development and management an integrated project plan covering scope, milestones, dependencies, deliverables, risks, issues, resourcing, testing, change management, and operational handoff. Coordination and implementation of Purview capabilities, including data discovery, scanning, sensitivity labels, classification rules, DLP, audit, reporting, and governance controls. Enterprise data classification across Microsoft 365, SharePoint, OneDrive, Teams, file shares, databases, cloud repositories, and other priority data stores. Partner with data owners, stewards, custodians, Information Security, Privacy, Legal, Risk, IT, and business teams to confirm priorities, requirements, remediation needs, and decision points. Development of classification taxonomies, label structures, data handling rules, operating procedures, playbooks, runbooks, and adoption materials. Facilitation of workshops, working groups, and stakeholder reviews to resolve blockers, secure sign-offs, and align delivery sequencing across workstreams. Establishment of reporting to track progress, risks, issues, dependencies, scan coverage, classification accuracy, remediation status, adoption, and readiness for transition to operations. Support for change management through communications, training, FAQs, stakeholder briefings, and business readiness activities. Coordination testing, tuning, validation, and post-implementation monitoring to ensure Purview controls reduce data protection risk while minimizing business disruption.
Required skills and experience
7+ years of IT Program or Project management experience in Data Governance Programs and implementing Data Governance tools Strong knowledge of Canadian regulatory frameworks (e.g., OSFI’s Technology and Cyber Risk Management Guidelines, CSA rules, CIRO requirements). Familiarity with global standards such as NIST Cybersecurity, AI, Data Privacy Framework, ISO 27001, and the EU’s Digital Operational Resilience Act (DORA) for cross-border alignment. Proven ability to manage complex, multi-stakeholder programs in regulated environments. Bachelor’s degree in Information Technology, Finance, Risk Management, or equivalent relevant experience.
Competencies
Deep understanding of the intersection between Data Governance and Canadian financial regulation. Strategic thinker with the ability to translate regulatory requirements into actionable resilience programs. Strong communication skills to engage regulators, executives, and technical teams. Collaborative mindset with a focus on building trust across regulatory and industry stakeholders.
Contractor Requirements
To be considered, contractors should: Be incorporated and legally authorized to conduct business in Canada Carry appropriate liability insurance Be responsible for all applicable taxes, statutory remittances, and business expenses Be able to enter into a professional services/consulting agreement Provide professional references upon request
Not the right fit? Search for Project Manager jobs in Toronto, Ontario, Canada
About CIRO / OCRI
L’Organisme canadien de réglementation des investissements (OCRI) est déterminé à protéger les investisseurs, à assurer une réglementation efficace et uniforme et à renforcer la confiance des Canadiens dans la réglementation financière et les personnes qui s’occupent de leurs placements.
The Canadian Investment Regulatory Organization (CIRO) is committed to the protection of investors, providing efficient and consistent regulation, and building Canadians’ trust in financial regulation and the people managing their investments.