Manager, IT Governance, Risk and Compliance
About the role
Hybrid: Markham, Ontario
Job Description Job Overview The Manager, IT Governance, Risk and Compliance is the IT owner for ICFR, PCI-DSS, NIST Cybersecurity Framework (CSF) 2.0, and Third-Party Risk Management (TPRM). This hands-on leadership role delivers IT controls, evidence, remediation, policy governance, the IT Security Risk Register, and the full TPRM lifecycle while partnering with Finance, Payments, Security, Procurement, and Legal.
Salary Range: $125,000-$135,000
Duties Essential Duties
- Act as the primary IT point of contact for internal and external audit partners on ICFR/ITGC, PCI-DSS, and NIST CSF 2.0 audits.
- Own the IT General Controls (ITGC) portion of the annual ICFR program: scoping, documentation, evidence, walkthroughs, testing support, and remediation.
- Manage the PCI-DSS IT compliance program (Requirements 1–12, A1–A3), including evidence, QSA support, and remediation.
- Lead IT-side implementation and maturity of NIST CSF 2.0 across all six functions.
- Develop, maintain, and govern all IT policies, standards, procedures, and process documentation aligned with ICFR, PCI, and NIST CSF.
- Own and maintain the IT Security Risk Register (identification, assessment, treatment plans, monitoring, and reporting).
- Lead the IT Third-Party Risk Management (TPRM) program: vendor risk assessments, due diligence, ongoing monitoring, contract reviews, scoring, and off-boarding for all technology and cloud vendors in scope for ICFR, PCI, or NIST.
- Coordinate and deliver evidence and responses during internal/external audits and regulatory reviews.
- Track and drive remediation of IT-related findings from audits and TPRM assessments.
- Maintain centralized IT controls library and automated evidence repository.
- Perform regular control self-assessments and continuous monitoring.
- Report compliance status, risk register, and TPRM metrics to IT leadership, Finance, Procurement, and the Audit Committee.
- Stay current on regulatory changes and translate them into actionable IT and vendor requirements.
- Other tasks as assigned.
Skills, Experience, Education, Certifications
- 8+ years of progressive IT governance, risk, compliance, or audit experience.
- Minimum 4 years in a leadership role.
- Direct, hands-on experience delivering IT evidence and remediation for ICFR/ITGC, PCI-DSS, NIST CSF, and Third-Party Risk Management programs.
- Proven ability to work successfully with internal/external audit partners and vendors.
- Professional certification required (one or more): CISA, CISM, CRISC, CISSP-ISSAP, PCIP, or equivalent.
- Strong policy, process documentation, and risk register management skills.
- Hands-on experience running a TPRM program and using vendor risk platforms
Competencies
- Mastery of ICFR/ITGC, PCI-DSS, NIST CSF 2.0, and TPRM
- Policy and process documentation excellence
- IT risk register and vendor risk lifecycle ownership
- Audit coordination and evidence delivery
- Cross-functional partnership (Finance, Security, Payments, Procurement, Legal)
- Calm execution under tight audit and vendor review timelines
This posting is for an existing vacancy.
As part of the application process, AI may be used to assist with screening, or assessing job applicants .
About Pet Valu
As Canada’s largest pet retailer, we’re dedicated to strengthening the bond between Devoted Pet Lovers and their pets. From guiding new pet parents to creating a lifetime of memorable moments, love lives here™ in everything we do.
With nearly 50 years of animal care expertise, Pet Valu has grown to a network of 800+ neighbourhood stores across Canada, delivering knowledgeable customer care and premium products to support every pet’s journey. Our modern corporate office and state-of-the-art distribution centers allow us to efficiently serve these communities, ensuring consistency and top-quality service at every location.
Pet Valu is committed to fostering an open, equitable and inclusive workplace culture. Central to this is our aspiration to have our corporate ACE and franchisee staff reflect the diversity of the devoted pet lovers and neighbourhoods we serve. To demonstrate our commitment, we conduct a search for diverse candidates for all senior leadership positions, as well as potential director nominees for election to our Board.
We’re also proud to support local pet rescues and charities through our Companions for Change™ program, which has so far raised over $31 million, sponsored 200+ Dog Guides teams, and helped find forever homes for over 47,000 pets.
Headquartered in Markham, Ontario, Pet Valu trades on the Toronto Stock Exchange (TSX: PET). Find open opportunities on our careers page at petvalu.ca/careers.
Similar jobs you might like
Manager, IT Governance, Risk and Compliance
About the role
Hybrid: Markham, Ontario
Job Description Job Overview The Manager, IT Governance, Risk and Compliance is the IT owner for ICFR, PCI-DSS, NIST Cybersecurity Framework (CSF) 2.0, and Third-Party Risk Management (TPRM). This hands-on leadership role delivers IT controls, evidence, remediation, policy governance, the IT Security Risk Register, and the full TPRM lifecycle while partnering with Finance, Payments, Security, Procurement, and Legal.
Salary Range: $125,000-$135,000
Duties Essential Duties
- Act as the primary IT point of contact for internal and external audit partners on ICFR/ITGC, PCI-DSS, and NIST CSF 2.0 audits.
- Own the IT General Controls (ITGC) portion of the annual ICFR program: scoping, documentation, evidence, walkthroughs, testing support, and remediation.
- Manage the PCI-DSS IT compliance program (Requirements 1–12, A1–A3), including evidence, QSA support, and remediation.
- Lead IT-side implementation and maturity of NIST CSF 2.0 across all six functions.
- Develop, maintain, and govern all IT policies, standards, procedures, and process documentation aligned with ICFR, PCI, and NIST CSF.
- Own and maintain the IT Security Risk Register (identification, assessment, treatment plans, monitoring, and reporting).
- Lead the IT Third-Party Risk Management (TPRM) program: vendor risk assessments, due diligence, ongoing monitoring, contract reviews, scoring, and off-boarding for all technology and cloud vendors in scope for ICFR, PCI, or NIST.
- Coordinate and deliver evidence and responses during internal/external audits and regulatory reviews.
- Track and drive remediation of IT-related findings from audits and TPRM assessments.
- Maintain centralized IT controls library and automated evidence repository.
- Perform regular control self-assessments and continuous monitoring.
- Report compliance status, risk register, and TPRM metrics to IT leadership, Finance, Procurement, and the Audit Committee.
- Stay current on regulatory changes and translate them into actionable IT and vendor requirements.
- Other tasks as assigned.
Skills, Experience, Education, Certifications
- 8+ years of progressive IT governance, risk, compliance, or audit experience.
- Minimum 4 years in a leadership role.
- Direct, hands-on experience delivering IT evidence and remediation for ICFR/ITGC, PCI-DSS, NIST CSF, and Third-Party Risk Management programs.
- Proven ability to work successfully with internal/external audit partners and vendors.
- Professional certification required (one or more): CISA, CISM, CRISC, CISSP-ISSAP, PCIP, or equivalent.
- Strong policy, process documentation, and risk register management skills.
- Hands-on experience running a TPRM program and using vendor risk platforms
Competencies
- Mastery of ICFR/ITGC, PCI-DSS, NIST CSF 2.0, and TPRM
- Policy and process documentation excellence
- IT risk register and vendor risk lifecycle ownership
- Audit coordination and evidence delivery
- Cross-functional partnership (Finance, Security, Payments, Procurement, Legal)
- Calm execution under tight audit and vendor review timelines
This posting is for an existing vacancy.
As part of the application process, AI may be used to assist with screening, or assessing job applicants .
About Pet Valu
As Canada’s largest pet retailer, we’re dedicated to strengthening the bond between Devoted Pet Lovers and their pets. From guiding new pet parents to creating a lifetime of memorable moments, love lives here™ in everything we do.
With nearly 50 years of animal care expertise, Pet Valu has grown to a network of 800+ neighbourhood stores across Canada, delivering knowledgeable customer care and premium products to support every pet’s journey. Our modern corporate office and state-of-the-art distribution centers allow us to efficiently serve these communities, ensuring consistency and top-quality service at every location.
Pet Valu is committed to fostering an open, equitable and inclusive workplace culture. Central to this is our aspiration to have our corporate ACE and franchisee staff reflect the diversity of the devoted pet lovers and neighbourhoods we serve. To demonstrate our commitment, we conduct a search for diverse candidates for all senior leadership positions, as well as potential director nominees for election to our Board.
We’re also proud to support local pet rescues and charities through our Companions for Change™ program, which has so far raised over $31 million, sponsored 200+ Dog Guides teams, and helped find forever homes for over 47,000 pets.
Headquartered in Markham, Ontario, Pet Valu trades on the Toronto Stock Exchange (TSX: PET). Find open opportunities on our careers page at petvalu.ca/careers.