Location: Ottawa, Canada Ottawa, ON - Hybrid (3 days in office) Position Summary We have a current vacancy for a mid-level GRC Specialist to support and strengthen our Cloud Services governance, risk, and compliance program. This role will focus on audit coordination, control management, and risk assessment, with increasing ownership of key processes. You will work closely with cross-functional teams to maintain audit readiness, support certifications, and ensure compliance with internal and external requirements. This role is suited for a mid-level professional looking to deepen their expertise in audit, compliance, and risk management, while taking on greater ownership and contributing to a mature and scalable GRC program. Audit & Compliance Serve as a primary point of contact for internal and external auditors, supporting audit coordination, evidence collection, and follow-ups. Maintain and manage a centralized audit repository, ensuring evidence is accurate, complete, and mapped to relevant control frameworks. Coordinate and support internal audits, including performing control testing where appropriate. Support external audits and certifications (e.g., ISO 27001, ISO 27017/18, SOC 2, PCI-DSS, FedRAMP). Track audit findings and support remediation efforts with stakeholders. Governance & Control Management Maintain and update control frameworks, including mapping controls across multiple standards and requirements. Support the maintenance of ISMS documentation, including policies, standards, and procedures aligned with ISO 27001. Identify gaps and recommend improvements to controls, policies, and procedures to enhance compliance posture. Contribute to the development of compliance metrics, KPIs, and KRIs, and support reporting to management. Risk Management Support risk identification, assessment, and tracking activities, including maintaining the risk register. Assist with risk assessments for systems, processes, and new initiatives. Participate in third‑party/vendor risk management activities, including due diligence and periodic reviews. Operational Support Support the maintenance of key operational processes, including Change Management, Business Continuity (BCP), and Disaster Recovery (DR). Review asset management processes to ensure controls are in place and operating effectively. Collaborate with engineering, operations, and product teams to ensure compliance requirements are implemented. Customer & Business Support Support responses to RFPs, security questionnaires, and customer due diligence requests. Participate in customer discussions to address compliance and security‑related questions. Assist in analyzing regulatory and privacy requirements across multiple jurisdictions (e.g., GDPR, CCPA). Minimum Requirements 3‑5 years of experience in IT compliance, GRC, or information security, preferably in cloud or SaaS environments. Hands‑on experience supporting or coordinating audits (internal and/or external). Working knowledge of information security frameworks such as ISO 27001, ISO 27017/18, SOC 2, PCI‑DSS, FedRAMP, CSA, and data privacy regulations (e.g., GDPR, CCPA). Intermediate experience in risk management, including risk assessments and remediation tracking. Familiarity with cloud environments and security fundamentals (e.g., AWS, Azure, GCP). Strong stakeholder management skills and ability to work cross‑functionally. Good analytical, documentation, and organizational skills. Ability to manage multiple tasks and priorities with moderate supervision. Strong written and verbal communication skills. Key Attributes Detail‑oriented and well‑organized Proactive and willing to take ownership of assigned areas Collaborative team player with a practical mindset Eager to learn and grow within the GRC domain Preferred Qualifications Experience with GRC tools (e.g., ServiceNow GRC, RSA Archer, OneTrust, or similar). Experience managing complex projects Relevant Industry certifications for example CISA, CISM, CRISC, CISSP, CEH Travel Based on the global nature of the business the position may require semi‑regular interaction with international colleagues at unconventional hours. Occasional international travel in support of audits. Compensation: The anticipated TTC range for this role is 128,540.00 - 165,000.00 CAD Annual. The Company reserves the right to ultimately pay more or less than the posted range and offer additional benefits and other compensation, depending on circumstances not related to an applicant’s status protected by local, state, or federal law. Benefits Company paid Extended Health, Dental, HSA, Life, AD&DD, Short‑term Disability, Cancer Care Program, travel insurance, Employee Assistance Plan and Well‑Being program. Retirement Savings Plans (RRSP, DCPP, TFSA) with a company contribution and a match to a DCPP, with no vesting period. Company paid holidays, vacation days, and paid sick leave. Voluntary Life, AD&DD, Critical Illness, Long‑Term Disability. Employee Discounts on home, auto, and gym membership. Thales is an equal opportunity employer which values diversity and inclusivity in the workplace. Thales is committed to providing accommodations in all parts of the interview process. Applicants selected for an interview who require accommodation are asked to advise accordingly upon the invitation for an interview. We will work with you to meet your needs. All accommodation information provided will be treated as confidential and used only for the purpose of providing an accessible candidate experience. #J-18808-Ljbffr