Senior Manager - IT Governance Risk and Control

Role: Senior Manager, IT Governance, Risk & ControlRole Type: Senior Individual ContributorStatus: Full TimeReports to: Chief Information OfficerLocation: MarkhamCompensation: $125,000 - $175,000Please note that the compensation range listed includes base salary and potential incentive pay. Incentives such as bonuses are not guaranteed and depend on individual performance and company results. Actual compensation within the range will be determined based on skills, experience, and qualifications.Summary:Enercare is seeking a Senior Manager, IT Governance, Risk & Control (IT GRC) to play a pivotal hands-on role in strengthening the control environment across Information Technology. This is a senior individual contributor position designed for a highly experienced GRC professional who thrives on ownership, accountability, and influence—without people management responsibilities.Operating as a 1B function within the First Line of Defense, this role partners directly with IT leaders, control owners, Internal Audit, and external auditors to ensure risks are identified, controls are effective, and regulatory commitments are met. The role carries enterprise-wide accountability for critical processes, including SOX ITGC, PCI compliance support, and User Access Reviews (UAR).Responsibilities Act as a trusted subject matter expert for IT governance, risk, and control practices across applications, infrastructure, cloud, and operations. Identify, assess, and report on IT risks; maintain the IT risk register and remediation tracking. Support the design, operation, and remediation of SOX IT General Controls (ITGC). Own accountability for the completeness and auditability of the enterprise User Access Review (UAR) process. Ensuring that SOX and audit cycles execute smoothly with high-quality evidence and minimal findings. Guide IT teams through the design and validation of compensating controls. Support PCI DSS and other IT compliance obligations. Act as a primary IT liaison for internal and external audits. Educate and coach IT control owners to strengthen audit readiness and control execution. Partner with IT, Security, Finance, and Internal Audit to continuously improve the IT control environment. Qualifications: 8+ years of experience in IT governance, risk, compliance, or IT audit. Hands-on experience with SOX IT General Controls (ITGC). Experience supporting PCI DSS compliance activities. Proven accountability for User Access Review (UAR) or access certification processes. Strong understanding of IT control frameworks (e.g., COBIT, NIST, ISO 27001). Excellent written and verbal communication skills. Professional certifications such as CISA, CRISC, CISSP, CISM, or CIA is preferred. Experience working within a Three Lines of Defense operating model is preferred. Familiarity with GRC tooling such as ServiceNow IRM, Archer, AuditBoard, or Workiva is preferred.