Capilano University is named after Chief Joe Capilano, an important leader of the Skwxwú7mesh (Squamish) Nation of the Coast Salish Peoples. We respectfully acknowledge that our campuses are located on the territories of the LíỈwat, xʷməθkʷəỷəm (Musqueam), shíshálh (Sechelt), Skwxwú7mesh (Squamish) and SəỈílwətaʔ/Selilwitulh (Tsleil-Waututh) Nations.At CapU we are committed to supporting a campus community that is both diverse and inclusive. We believe that diversity within our workforce is essential in creating both an exceptional student, and employee experience. As part of this ongoing commitment, we strive to ensure that our recruitment campaigns are proudly reflective of the community we serve. We actively seek applications from Indigenous peoples, the 2SLGBTQ+ community, persons with disabilities as well as members of groups that experience discrimination based on race, ethnicity, gender identity, sexual orientation, place of origin, ancestry, and religion as we acknowledge the value each individual brings to the CapU community through their lived experiences.To help us focus our efforts, we ask all applicants, should they wish, to complete a short anonymous questionnaire. The questionnaire results are not connected to you or your application, and do not form part of the selection process. Simply, the goal of collecting this anonymous data is to better understand our organizational reach, while continuously aiming to improve the diversity of our applicant poolAll qualified candidates are encouraged to apply; however, Canadians and permanent residents will be given priority. Should you require accommodations during the hiring process please reach out to Jeremy Orsted, Manager, Talent Acquisition at Competition Number: JR Position Title: Manager, Governance, Risk and ComplianceEmployment Group: AdministratorPosition Status: Regular Full timePosition Start Date: July 1, 2026Position End Date: N/ADepartment: Digital Transformation & CybersecurityLocation: North VancouverSalary Range: The typical salary range for this role falls between $94,443.00 - $138,516.00 per annum, commensurate with experience, education, and internal equity, with future opportunities for performance-based pay and career progression. Additionally, we offer a comprehensive total rewards package, including a defined pension plan, employer paid benefit premiums, and more.Job Description Summary: Reporting to the Director, DTO and Cybersecurity, Digital Technology Services, (DTS) and a part of the Associate Vice President (AVP) DTS leadership team, the Manager, Governance, Risk & Compliance leads the cybersecurity team that provides security auditing and assessments for digital solutions across the university.This role will have the opportunity to influence and drive lasting efforts in the University’s digital transformation, with significant student and employee impact through the management and monitoring of a robust security audit and assessment program across digital solutions. In close alignment with university wide strategy, critical components of this position includes: alignment of the security auditing and assessments program with the Cybersecurity strategy, risk management framework, vulnerability management program, Cybersecurity protection, Cybersecurity access controls, Cybersecurity detection and incident response plan. The role requires a strong focus on building and maintaining relationships both across the CapU community and externally with sector colleagues and vendors.Job Description: KEY RESPONSIBILITIES:In consultation with the Director, DTO and Cybersecurity plans, implements, and manages the security auditing, governance, and assessment program that is guided by developed cybersecurity frameworks, critical security controls and the National Cybersecurity Assessment (NCA) framework. Establishes auditing and assessment processes to ensure all digital solutions follow cybersecurity requirements. Participates and provides the appropriate level of response to security breaches including incident response. Updates auditing and assessment requirements and processes, seeking to consistently improve the program. Working with the centralized security services team, Identifies and selects appropriate cybersecurity monitoring tools relating to auditing and assessments to ensure no gaps exist in security management across the digital ecosystem. Develops patch management schedule to ensure systems are continuously protected. Develops and manages policies and guidelines relating to cybersecurity which all digital solutions must adhere to. Develops DTS policies and manages these in a central repository. Conducts annual reviews of all DTS policies to ensure relevance. Identifies and reports cybersecurity risks through the auditing and assessment program to the Director, DTO and Cybersecurity for appropriate risk management. Develops and guides standards upon which security audits are conducted. Conducts audits to ensure that cybersecurity training compliance is at an adequate level at the university. Updates processes and tools, seeking to consistently improve the program. Works closely with the Manager(s) of cybersecurity programs to ensure that all policies, guidelines, controls relating to cybersecurity and DTS are maintained annually. Reports and represents cybersecurity related incidents and risks to the audit and risk committee and at the board level. Develops and updates security assessment requirements to develop security threat risk assessment (STRA) reports. Manages and continuously follows up on any risks identified and documented in STRA reports to ensure they are mitigated and resolved. Analyzes, investigates, and evaluates emerging cybersecurity technology and software trends, including product road maps, to determine impact on DTS roadmap. Builds working relationships and partnerships across the university community and sector, providing expert advice on committees, initiatives and engaging with external communities of practice. Manages vendor relationships, including development of RFPs, evaluation of proposals, and management of vendor performance, support agreements and licensing. Contributes to team development through engaged mentorship and knowledge sharing to help team members grow their cybersecurity experience and skills. KEY COMPETENCIESJob knowledge: knowledge and experience with cybersecurity best practices; demonstrates proven leadership experience in developing strategies, plans, programs and policies related to the delivery of cybersecurity strategy and operations. Service focus: understands the role of cybersecurity and digital solutions, and how change affects teams and processes; delivers services that align with the DTS roadmap that support the university’s key priorities of exceptional student and employee experience. Result oriented: feels personally committed and accountable to deliver results quickly, accurately, and effectively; uses thoughtful judgement when responding to situations that are not going well and uses foresight to overcome obstacles. Initiating action / taking initiative embraces a continuous improvement mindset in an ongoing effort to improve services and processes; readily acts consistent within departmental or university objectives; volunteers readily and takes independent actions when appropriate. Leadership and supervisory abilities: encourage and supports cross-functional, high-performing teams; attracts and selects the best talent; coaches and inspires people; sets expectations, recognizes achievement, and proactively manages conflict. Problem solving and decision-making: ability to understand complex systems and processes and find diverse solutions to stubborn problems; makes clear, consistent, and transparent decisions; acts with integrity in all decision making. Strategic planning and organizing: Demonstrated capacity to develop and implement strategies, tactical plans, policies, and procedures. Experience managing a cybersecurity program. Employee development: achieve desired organizational results by encouraging and supporting the contribution of others; modeling positive leadership behaviours, including integrity, honesty, a sense of urgency and leading by example.Education/Training And Experience5+ years of relevant professional experience, with 1 years in a recent leadership role with direct responsibility for a cybersecurity program, preferably in a public sector environment. Demonstrated experience in leading a cybersecurity program. Demonstrated experience in conducing audits, assessments and writing STRA reports. A bachelor’s degree Industry relevant designations such as CISSP, CISA, CRISC, ITIL, TOGAF. Experience with the ITIL framework and ITSM best practices, tools, and techniques; ITIL certification is an asset. Demonstrated knowledge of vulnerability and patch management, security auditing and assessment of cloud solutions, and privacy. Broad technical knowledge relating to cybersecurity practices, including patching, firewalls, network configurations, phishing, and software deployment. Demonstrated experience in effectively communicating and presenting cybersecurity audits and assessments to varies levels within an organization. Demonstrated experience in developing STRA reports and reviewing these with a mix of technical and management positions. Completion of a criminal record check.Additional Details: Our standard work week is Monday to Friday, 8:30am – 4:00pm, or dependent on the needs of the department.Posting Detail Information: Hours of Work Per Week: 35Pay Group: AE011Job Open Date: May 23, 2026Job Close Date:#J-18808-Ljbffr