Sr Governance, Risk & Compliance Consultant
About the role
Status: Permanent Full Time
Education Level: completion of 4 years of University in computer science.
Base Location: Oshawa, ON
Shift: Days
Travel: 10%
Deadline to Apply: July 10, 2026
Salary Range: $2,751.92 - $3,227.88 Per Week
Electrify your career and help build a brighter tomorrow.
Every generation has a challenge that defines them. At OPG, we are calling on all innovators, disruptors, thought leaders and change-makers. Join us as we work to electrify life in one generation and build a sustainable future powered by our electricity, our ideas, and our people. Join OPG and make history.
Whether you work in the skilled trades or are a business professional, a career at OPG is an opportunity to electrify your life on -- and off -- the job.
Job Overview
Ontario Power Generation (OPG) is looking for a dynamic, strategic and results-driven professional to join our team in the role of Senior Governance, Risk & Compliance Consultant.
Reporting to the Section Head, Information Systems, this position is responsible is responsible to lead and conduct cybersecurity assessments, policy gap analysis, and risk evaluations based on established frameworks such as NIST, ISO, and CIS, while advising business units and subsidiaries on governance, risk, and compliance best practices.
Key Accountabilities
Responsible for creating, maintaining, and enforcing cybersecurity standards, policies, and procedures across the organization. Develops cyber governance frameworks that align with regulatory requirements, industry standards, and organizational risk objectives. Assesses compliance with established cyber standards and identifies gaps, risks, or areas requiring improvement. Assists in developing and maintaining Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) for the Cyber Governance Security Program and initiatives. Provide advisory service to business units on governance, risk, and compliance best practices. Has experience working with GRC tools like ServiceNow IRM, Archer, etc. and helps develop and maintain risk registers and maintain GRC tools to provide oversight for the cybersecurity program Conduct various risk, gap, control, maturity, and compliance assessments based on established security frameworks including but not limited to NIST CSF, CIS, ISO 27001, ISF, CSA N290.7, NERC-CIP, etc. Perform Third party Cyber risk assessments by working with vendors and ensure adherence to Cybersecurity Terms and Conditions using a Risk based approach. Support ICFR activities, including control design assessment, operating effectiveness testing, evidence review, and remediation tracking to ensure compliance and risk mitigation
Qualifications
4 Year University Degree in Computer Science is required. Minimum 6 years of relevant working experience. Demonstrated experience developing, maintaining, and enforcing cybersecurity policies, standards, procedures, and governance frameworks aligned with organizational risk objectives. Strong working knowledge of established cybersecurity frameworks and standards such as NIST CSF, CIS Controls, ISO 27001, ISF, CSA N290.7, NERC-CIP, and related regulatory or compliance requirements. Proven ability to perform risk, gap, control, maturity, third-party, and compliance assessments; identify findings; and recommend practical remediation actions to improve security posture. Experience using GRC or Integrated Risk Management tools such as ServiceNow IRM, Archer, or equivalent platforms to maintain risk registers, track issues, support reporting, and provide program oversight. Strong ability to partner with business, technology, cybersecurity, audit, regulatory, vendor, and executive stakeholders to support governance activities, policy adoption, risk remediation, and committee reporting. Experience developing KPIs, KRIs, executive or Board-level reports, control failure reporting, and program health reporting to support continuous improvement of cybersecurity governance, risk, and compliance programs.
The successful candidate will exhibit uncompromising integrity and commitment to upholding corporate values, and the OPG Code of Business Conduct.
OPG is committed to fostering an inclusive, equitable, and accessible environment. If you require accommodation during the selection process, please contact AODA@opg.com
What makes a career at OPG different?
With operations across Ontario, OPG is one of the most diverse power producers in North America. As the largest generator in Ontario, we meet approximately 50% of the province’s electricity needs, largely from low-carbon sources like nuclear and hydro.
As we work to achieve our vision of Electrifying life in one generation, OPG and our family of companies are also helping advance the development of new low-carbon technologies such as Small Modular Reactors (SMRs), refurbishment projects, and electrification initiatives to help power the growing demands of a growing economy. Join OPG and make history.
Please submit your application online at https://jobs.opg.com/. OPG thanks all those who apply; however, only candidates considered for an interview will be contacted.
Please note: All job postings at OPG are to fill existing vacancies within our organization.
OPG may use artificial intelligence (AI) tools as part of the applicant screening process. However, applications will also be reviewed by a member of our Recruitment team to ensure a fair and thorough assessment.
The base salary range considers many factors including, but not limited to experience, education, and training, including any collective agreement requirements for union represented positions. It is not typical for the salary to be offered near the top of the range, and salary is dependent on numerous factors. For management roles, the base salary range does not represent the total compensation package. The total compensation package for regular full-time management roles includes pay-for-performance programs for annual and medium time periods. Maintaining a high-performance culture and excellence is a core expectation of every member of our leadership team and is rewarded through the established compensation framework.
OPG is committed to employment equity. As such, we encourage applicants from equity-seeking communities (Indigenous Peoples, racialized persons, persons with disabilities, and women). We strongly believe that alleviating the under-representation of equity-seeking individuals will create a stronger OPG team and allow us to better serve the needs of our diverse communities.
In order to fulfill the above-mentioned purpose, priority in hiring may be given to qualified persons who self-identify as a member of equity-seeking groups as identified in the application process. This initiative constitutes a special program under the Human Rights Code/Canadian Human Rights Act.
Not the right fit? Search for Governance, Risk & Compliance Consultant jobs in Oshawa, Ontario, Canada
About Ontario Power Generation
At Ontario Power Generation (OPG), our power is changing the world as we strive to electrify life in one generation. As the province’s largest clean power generator, OPG operates one of North America’s most diverse generating fleets. We are now advancing several clean energy innovations, including Small Modular Reactors, low-carbon hydrogen, and energy storage, to help set Ontario and the world on the path to an electrified future, where more aspects of life – from cars to homes and industries – are powered by clean electricity. As part of this vision, we’re also focused on becoming a net-zero company by 2040 and enabling a net-zero economy by 2050. We have already made major strides to a sustainable future. In 2014, OPG burned its last piece of coal to make electricity, which represented one of the world’s single-largest climate change-specific actions. Today, through the dedication of more than 9,500 employees, OPG generates almost half of the electricity that Ontario’s homes, schools, hospitals, and businesses rely on each day. We are committed to ensuring our energy production is reliable, safe, and environmentally sustainable for Ontarians today and for the future. In Ontario, our diverse fleet includes two nuclear stations, 66 hydroelectric stations, two thermal generating stations, one solar facility, and four combined-cycle gas generating stations, which are operated by our subsidiary, Atura Power. Additionally, we own two other nuclear generating stations in Ontario, which are leased on a long-term basis to Bruce Power L.P. In the United States, OPG owns and operates 85 hydroelectric stations in 18 states through our subsidiary, Eagle Creek Renewable Energy. Some of the actions OPG is taking now to prepare for our electric future include the ongoing refurbishment and upgrades of our hydro fleet, refurbishment of our Darlington Nuclear Generating Station, which will secure 30 more years of clean, reliable, low-cost power.
Similar Jobs
Sr Governance, Risk & Compliance Consultant
About the role
Status: Permanent Full Time
Education Level: completion of 4 years of University in computer science.
Base Location: Oshawa, ON
Shift: Days
Travel: 10%
Deadline to Apply: July 10, 2026
Salary Range: $2,751.92 - $3,227.88 Per Week
Electrify your career and help build a brighter tomorrow.
Every generation has a challenge that defines them. At OPG, we are calling on all innovators, disruptors, thought leaders and change-makers. Join us as we work to electrify life in one generation and build a sustainable future powered by our electricity, our ideas, and our people. Join OPG and make history.
Whether you work in the skilled trades or are a business professional, a career at OPG is an opportunity to electrify your life on -- and off -- the job.
Job Overview
Ontario Power Generation (OPG) is looking for a dynamic, strategic and results-driven professional to join our team in the role of Senior Governance, Risk & Compliance Consultant.
Reporting to the Section Head, Information Systems, this position is responsible is responsible to lead and conduct cybersecurity assessments, policy gap analysis, and risk evaluations based on established frameworks such as NIST, ISO, and CIS, while advising business units and subsidiaries on governance, risk, and compliance best practices.
Key Accountabilities
Responsible for creating, maintaining, and enforcing cybersecurity standards, policies, and procedures across the organization. Develops cyber governance frameworks that align with regulatory requirements, industry standards, and organizational risk objectives. Assesses compliance with established cyber standards and identifies gaps, risks, or areas requiring improvement. Assists in developing and maintaining Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) for the Cyber Governance Security Program and initiatives. Provide advisory service to business units on governance, risk, and compliance best practices. Has experience working with GRC tools like ServiceNow IRM, Archer, etc. and helps develop and maintain risk registers and maintain GRC tools to provide oversight for the cybersecurity program Conduct various risk, gap, control, maturity, and compliance assessments based on established security frameworks including but not limited to NIST CSF, CIS, ISO 27001, ISF, CSA N290.7, NERC-CIP, etc. Perform Third party Cyber risk assessments by working with vendors and ensure adherence to Cybersecurity Terms and Conditions using a Risk based approach. Support ICFR activities, including control design assessment, operating effectiveness testing, evidence review, and remediation tracking to ensure compliance and risk mitigation
Qualifications
4 Year University Degree in Computer Science is required. Minimum 6 years of relevant working experience. Demonstrated experience developing, maintaining, and enforcing cybersecurity policies, standards, procedures, and governance frameworks aligned with organizational risk objectives. Strong working knowledge of established cybersecurity frameworks and standards such as NIST CSF, CIS Controls, ISO 27001, ISF, CSA N290.7, NERC-CIP, and related regulatory or compliance requirements. Proven ability to perform risk, gap, control, maturity, third-party, and compliance assessments; identify findings; and recommend practical remediation actions to improve security posture. Experience using GRC or Integrated Risk Management tools such as ServiceNow IRM, Archer, or equivalent platforms to maintain risk registers, track issues, support reporting, and provide program oversight. Strong ability to partner with business, technology, cybersecurity, audit, regulatory, vendor, and executive stakeholders to support governance activities, policy adoption, risk remediation, and committee reporting. Experience developing KPIs, KRIs, executive or Board-level reports, control failure reporting, and program health reporting to support continuous improvement of cybersecurity governance, risk, and compliance programs.
The successful candidate will exhibit uncompromising integrity and commitment to upholding corporate values, and the OPG Code of Business Conduct.
OPG is committed to fostering an inclusive, equitable, and accessible environment. If you require accommodation during the selection process, please contact AODA@opg.com
What makes a career at OPG different?
With operations across Ontario, OPG is one of the most diverse power producers in North America. As the largest generator in Ontario, we meet approximately 50% of the province’s electricity needs, largely from low-carbon sources like nuclear and hydro.
As we work to achieve our vision of Electrifying life in one generation, OPG and our family of companies are also helping advance the development of new low-carbon technologies such as Small Modular Reactors (SMRs), refurbishment projects, and electrification initiatives to help power the growing demands of a growing economy. Join OPG and make history.
Please submit your application online at https://jobs.opg.com/. OPG thanks all those who apply; however, only candidates considered for an interview will be contacted.
Please note: All job postings at OPG are to fill existing vacancies within our organization.
OPG may use artificial intelligence (AI) tools as part of the applicant screening process. However, applications will also be reviewed by a member of our Recruitment team to ensure a fair and thorough assessment.
The base salary range considers many factors including, but not limited to experience, education, and training, including any collective agreement requirements for union represented positions. It is not typical for the salary to be offered near the top of the range, and salary is dependent on numerous factors. For management roles, the base salary range does not represent the total compensation package. The total compensation package for regular full-time management roles includes pay-for-performance programs for annual and medium time periods. Maintaining a high-performance culture and excellence is a core expectation of every member of our leadership team and is rewarded through the established compensation framework.
OPG is committed to employment equity. As such, we encourage applicants from equity-seeking communities (Indigenous Peoples, racialized persons, persons with disabilities, and women). We strongly believe that alleviating the under-representation of equity-seeking individuals will create a stronger OPG team and allow us to better serve the needs of our diverse communities.
In order to fulfill the above-mentioned purpose, priority in hiring may be given to qualified persons who self-identify as a member of equity-seeking groups as identified in the application process. This initiative constitutes a special program under the Human Rights Code/Canadian Human Rights Act.
Not the right fit? Search for Governance, Risk & Compliance Consultant jobs in Oshawa, Ontario, Canada
About Ontario Power Generation
At Ontario Power Generation (OPG), our power is changing the world as we strive to electrify life in one generation. As the province’s largest clean power generator, OPG operates one of North America’s most diverse generating fleets. We are now advancing several clean energy innovations, including Small Modular Reactors, low-carbon hydrogen, and energy storage, to help set Ontario and the world on the path to an electrified future, where more aspects of life – from cars to homes and industries – are powered by clean electricity. As part of this vision, we’re also focused on becoming a net-zero company by 2040 and enabling a net-zero economy by 2050. We have already made major strides to a sustainable future. In 2014, OPG burned its last piece of coal to make electricity, which represented one of the world’s single-largest climate change-specific actions. Today, through the dedication of more than 9,500 employees, OPG generates almost half of the electricity that Ontario’s homes, schools, hospitals, and businesses rely on each day. We are committed to ensuring our energy production is reliable, safe, and environmentally sustainable for Ontarians today and for the future. In Ontario, our diverse fleet includes two nuclear stations, 66 hydroelectric stations, two thermal generating stations, one solar facility, and four combined-cycle gas generating stations, which are operated by our subsidiary, Atura Power. Additionally, we own two other nuclear generating stations in Ontario, which are leased on a long-term basis to Bruce Power L.P. In the United States, OPG owns and operates 85 hydroelectric stations in 18 states through our subsidiary, Eagle Creek Renewable Energy. Some of the actions OPG is taking now to prepare for our electric future include the ongoing refurbishment and upgrades of our hydro fleet, refurbishment of our Darlington Nuclear Generating Station, which will secure 30 more years of clean, reliable, low-cost power.