Overview

At KPMG, you’ll join a team of diverse and dedicated problem solvers, connected by a common cause: turning insight into opportunity for clients and communities around the world.

Our Technology Risk Services team is growing and we are looking for a Manager, GRC to join our team in Toronto. The Technology Risk Services practice provides a variety of services to our clients. The successful candidate will focus primarily on performing IT internal audit and IT risk advisory engagements. They will also be involved with managing engagements and training our junior staff.

What you will do

Architecture and Delivery

• Define enterprise GRC target architecture and solution blueprints (data models, taxonomy, control libraries, business hierarchy, workflows, RBAC).
• Lead complex use cases: Enterprise/Operational Risk, Resilience, Regulatory Compliance, Policy, IT/Cyber Risk, Vulnerability, Third Party Risk, Audit, Issues/Remediation, Business Continuity, Risk Analytics.
• Perform hands-on configuration/customization across enterprise GRC technologies including custom objects, forms, workflows, reporting.

Technical Implementation and Integration

• Implement end-to-end cloud solutions: OOTB package deployment, environment provisioning, platform hardening.
• Build APIs/data pipelines; design event-driven integrations for continuous control monitoring and real-time risk insights.
• Lead data migration/normalization/lineage; enable control testing automation and risk quantification reporting.

Governance, Methodology, and PMO

• Establish Agile SDLC, program governance, RAID, and executive dashboards.
• Design operating models (RACI, roles/processes, governance committees, three-lines model, control ownership, issue management).
• Maintain GRC taxonomy: risk/control libraries, policies, authority documents, obligations mapping, evidence repositories.

Advisory, Enablement, and Change Management

• Advise on regulations and frameworks; create compliance mappings and control rationalization.
• Deliver enablement (admin/end-user training, playbooks, SOPs, knowledge transfer).
• Drive adoption via stakeholder engagement, champions, benefits tracking; define KPIs for risk posture, compliance maturity, efficiency.

Practice Development and Thought Leadership

• Develop accelerators, reference architectures, integration patterns, configuration blueprints.

• Publish thought leadership, lead demos/POCs, support RFPs/solutioning; mentor junior staff.

• Evaluate emerging capabilities (AI/ML analytics, control automation, continuous monitoring) and guide roadmaps.

What you bring to the role

• 5–10+ years in Risk Management with GRC specialization; proven lead architect/SME on multi-platform engagements.
• End-to-end cloud GRC delivery on MetricStream, Archer, ServiceNow IRM/Compliance, AuditBoard (OOTB deployment and deep configuration).
• Platform extension expertise:
  • MetricStream: M7/M9, data model/workflow extensions, integration APIs.
  • Archer: Application Builder, workflows, data feeds, calculated fields, reporting, packaging.
  • ServiceNow: IRM, Policy & Compliance, VRM; GlideScript, Flow Designer, ACLs, CMDB, custom apps.
  • AuditBoard: Controls/testing, evidence, issues, reporting integrations.
• Integrations with SIEM, vulnerability scanners (Qualys/Tenable), CMDB/Business Hierarchy, regulatory feeds, ITSM/Jira, data lakes/warehouses, IAM/LDAP/SSO.
• Experience installing/configuring MetricStream and ServiceNow OOTB packages; Archer packaging; AuditBoard onboarding.
• Identity and access: LDAP/AD, SAML/OAuth/OIDC, role-based access and entitlements.
• Technical skills: Java, JavaScript; REST/SOAP, JSON/XML; Python/PowerShell; SQL.
• Agile SDLC leadership; PMO-level governance, risk, and benefits tracking.
• Certifications: ServiceNow IRM, Archer, MetricStream, AuditBoard.
• Knowledge of FAIR risk quantification, BI/analytics (Power BI/Tableau), continuous control monitoring.
• Experience with Azure/AWS/GCP and security architectures for GRC integrations.
• Executive advisory presence; strong stakeholder management and communication.
• Advanced problem-solving and solution architecture; ability to scale complex requirements.
• Cross-functional leadership, mentoring, and consensus-building across business, risk, audit, and technology teams.

Providing you with the support you need to be at your best

Our Values, The KPMG Way

Integrity , we do what is right | Excellence , we never stop learning and improving | Courage , we think and act boldly | Together , we respect each other and draw strength from our differences | For Better , we do what matters

KPMG in Canada is a proud equal opportunities employer and we are committed to creating a respectful, inclusive and barrier-free workplace that allows all of our people to reach their full potential. A diverse workforce is key to our success and we believe in bringing your whole self to work. We welcome all qualified candidates to apply and hope you will choose KPMG in Canada as your employer of choice.

Adjustments and accommodations throughout the recruitment process

At KPMG, we are committed to fostering an inclusive recruitment process where all candidates can be themselves and excel. We aim to provide a positive experience and are prepared to offer adjustments or accommodations to help you perform at your best. Adjustments (informal requests), such as extra preparation time or the option for micro breaks during interviews, and accommodations (formal requests), such as accessible communication supports or technology aids, are tailored to individual needs and role requirements. You will have an opportunity to request an adjustment or accommodation at any point throughout the recruitment process. If you require support, please contact KPMG’s Employee Relations Service team by calling 1-888-466-4778.