About the role
Xplore Inc. is Canada’s fibre, 5G and satellite broadband company for rural living. Xplore is committed to the relentless pursuit of an improved broadband experience for all Canadians. Xplore is building a world-class fibre optic and 5G wireless network to enable innovative broadband services for better every day rural living, for today and future generations.
We are seeking a Senior Analyst, GRC, Privacy & Third-Party Risk to join our growing team. Based in the Markham, ON office, this role is responsible for designing, operating, and continuously improving Xplore’s security-focused governance, risk, and compliance program.
This role is deeply embedded in the business and technology environment and focuses on practical risk management, not theoretical compliance. The successful candidate will lead audit readiness, control testing, policy and procedure development, privacy and third-party risk assessments, and ongoing risk monitoring across security, data, technology and operational risk domains.
This role is best suited for an experienced security GRC operator who prefers to remain an individual contributor and values ownership, depth, and impact in their work.
Key responsibilities include:
- Audit readiness, control testing, evidence coordination, and control owner support (PCI DSS SAQ, SGES/ITAC, SOC-aligned controls)
- Risk identification, assessment, tracking, and maintenance of enterprise risk register and KPIs
- Policy, procedure, and standard development, review, and lifecycle management
- Privacy risk assessments, data classification support, DPIA-lite reviews, and collaboration with Legal
- Third-party and dealer risk assessments, assurance review, and ongoing monitoring
- Environmental scanning, baseline assessments, business impact analysis (BIA) support
- Disaster recovery planning support, testing (TTX), and control validation
- Training, awareness, and control owner enablement
The ideal candidate will possess:
- 15+ years progressive experience in security GRC operations, risk management, compliance program execution, privacy risk and third-party risk
- Strong working knowledge of security-focused GRC operating models
- Hands-on experience with control testing, evidence management, and remediation
- Deep understanding of security controls, not just frameworks
- Practical experience with data classification, access controls, logging, monitoring, and incident response
- Ability to translate regulatory and framework requirements into operational controls
- Comfortable operating in regulated, audit-driven environments without over-engineering
- Preferred Framework Experience (Implementation and/or Audit Support) includes:
- PCI DSS (v4.0 strongly preferred)
- SOC 2 Trust Services Criteria
- ISO/IEC 27001
- Canadian privacy legislation (PIPEDA / CPPA)
- SGES / ITAC (Lawful Intercept controls)
- Experience in SaaS, regulated technology environments, telecommunications, financial services is an asset
Conditions of Employment:
As a condition of employment and in order to comply with industry related data security standards, this position is subject to the successful completion of a Criminal Background Check. Details will be supplied to applicants as they move through the selection process.
Xplore is committed to creating an accessible environment and will accommodate disabilities during the selection process. Please let your recruiter know during the selection process of any accommodation needs.
About Xplore
Xplore English language study travel programmes are run by Xplore and designed with our students in mind – we are bound to provide the right study abroad programme for you and your students.
Choose a student travel experience from a wide range of language immersion, culture exchange, high school study programmes and a range of destinations.
About the role
Xplore Inc. is Canada’s fibre, 5G and satellite broadband company for rural living. Xplore is committed to the relentless pursuit of an improved broadband experience for all Canadians. Xplore is building a world-class fibre optic and 5G wireless network to enable innovative broadband services for better every day rural living, for today and future generations.
We are seeking a Senior Analyst, GRC, Privacy & Third-Party Risk to join our growing team. Based in the Markham, ON office, this role is responsible for designing, operating, and continuously improving Xplore’s security-focused governance, risk, and compliance program.
This role is deeply embedded in the business and technology environment and focuses on practical risk management, not theoretical compliance. The successful candidate will lead audit readiness, control testing, policy and procedure development, privacy and third-party risk assessments, and ongoing risk monitoring across security, data, technology and operational risk domains.
This role is best suited for an experienced security GRC operator who prefers to remain an individual contributor and values ownership, depth, and impact in their work.
Key responsibilities include:
- Audit readiness, control testing, evidence coordination, and control owner support (PCI DSS SAQ, SGES/ITAC, SOC-aligned controls)
- Risk identification, assessment, tracking, and maintenance of enterprise risk register and KPIs
- Policy, procedure, and standard development, review, and lifecycle management
- Privacy risk assessments, data classification support, DPIA-lite reviews, and collaboration with Legal
- Third-party and dealer risk assessments, assurance review, and ongoing monitoring
- Environmental scanning, baseline assessments, business impact analysis (BIA) support
- Disaster recovery planning support, testing (TTX), and control validation
- Training, awareness, and control owner enablement
The ideal candidate will possess:
- 15+ years progressive experience in security GRC operations, risk management, compliance program execution, privacy risk and third-party risk
- Strong working knowledge of security-focused GRC operating models
- Hands-on experience with control testing, evidence management, and remediation
- Deep understanding of security controls, not just frameworks
- Practical experience with data classification, access controls, logging, monitoring, and incident response
- Ability to translate regulatory and framework requirements into operational controls
- Comfortable operating in regulated, audit-driven environments without over-engineering
- Preferred Framework Experience (Implementation and/or Audit Support) includes:
- PCI DSS (v4.0 strongly preferred)
- SOC 2 Trust Services Criteria
- ISO/IEC 27001
- Canadian privacy legislation (PIPEDA / CPPA)
- SGES / ITAC (Lawful Intercept controls)
- Experience in SaaS, regulated technology environments, telecommunications, financial services is an asset
Conditions of Employment:
As a condition of employment and in order to comply with industry related data security standards, this position is subject to the successful completion of a Criminal Background Check. Details will be supplied to applicants as they move through the selection process.
Xplore is committed to creating an accessible environment and will accommodate disabilities during the selection process. Please let your recruiter know during the selection process of any accommodation needs.
About Xplore
Xplore English language study travel programmes are run by Xplore and designed with our students in mind – we are bound to provide the right study abroad programme for you and your students.
Choose a student travel experience from a wide range of language immersion, culture exchange, high school study programmes and a range of destinations.