Cyber Governance, Risk and Compliance specialist

Requisition ID:  174847 

Career Group:  Corporate Office Careers 

Job Category:  IT Cyber Security Technology & Ops 

Travel Requirements:  0 - 10%

Job Type:  Full-Time


Country: Canada (CA) 

Province: Ontario; Alberta; British Columbia; Nova Scotia  

City: Mississauga / Calgary / Vancouver / Stellarton

Location: Tahoe Office, Calgary Office, Dartmouth Office, King St. Office, Vancouver Office 

Postal Code: L4W 0C7 


Our family of 134,000 employees and franchise affiliates share a collective passion for delivering exceptional shopping experiences and amazing food to all our customers. Our mission is to nurture the things that make life better – great experiences, families, communities, and our employees. We are a family nurturing families.  


A proudly Canadian company, we started in a small town in Nova Scotia but we are now in communities of all sizes across this great country. With over 1500 stores in all 10 provinces, you may know us as Sobeys, Safeway, IGA, Foodland, FreshCo, Thrifty Foods, Lawtons Drug Stores or another of our great banners but we are all one extended family. 


All career opportunities will be open a minimum of 5 business days from the date of posting.



Sobeys is full of exciting opportunities and we are always looking for bright new talent to join our team! We currently have a full-time opportunity for an Cyber Security Specialist - GRC. This role can be based out of one our main offices including: Stellarton, NS; Mississauga, ON; Alberta, AB.

Job Description


As a Cyber Governance, Risk and Compliance specialist at Sobeys you will be:

• Assist in developing the IT Vendor Risk Management Program that ensures IT vendors relationships are build and evaluated based on vendor Tiering, criticality of their products, services and risk identification to determine impact on Sobeys’ standardized vendor management and TPRM policies and standards.
• Maintain the IT Vendor Risk Management Program lifecycle by maintaining policies/processes/workflows, build cross boarder partnerships with procurement/legal/IT management, establishing vendor performance reviews, addressing security, privacy, confidentiality and integrity issues and overall risk management.
• Contribute to the review of internal processes and activities and assist in identifying potential opportunities for improvement.
• Identify and document all third-party risks in the IT Risk register in alignment with the IT Risk management program
• Manage the communications process with vendors, utilizing various communication forums with internal and externally facing audiences. Ensuring internal communication alignment and protocol with internal stakeholders for consistent vendor messaging and interactions
• Perform cyber risk assessment and evaluation based on their operations, controls, risk and compliance profile that will include but not limited to – Security assessment; privacy impact assessment, business resiliency assessment; financial risk assessment; digital risk assessment (fit with Enterprise Architecture & IT strategy
• Conduct periodic business reviews (Annual/Quarterly) in collaboration with all relevant SMEs to ensure that vendors are performing in accordance with existing and agreed requirements, service levels/targets, contract budgets and regulatory obligations and assess alignment with Sobeys’ IT Risk appetite and culture. Manage and report vendor performance and IT risk from an aggregated view.
• Work in collaboration with procurement and legal SMEs to assist with developing contracts and insert appropriate IT Risk related legal and commercial protections language, and establish clear contract change control processes.
• Influence risk management culture and behavior to reduce risk to foster a strong technology risk management posture throughout the enterprise and promote information and technology risk awareness across the organization.
• Assist in the development and provide training to enhance awareness of IT Risk Management across the organization.
• Assist to develop appropriate strategies and action plans to effectively respond to IT risk and areas of opportunities.
• Perform any ad-hoc tasks as assigned to support the Manager IT GRC regarding all aspects of Enterprise and IT Risk Management.


This is an outstanding opportunity to join a leading Canadian company with a clear vision of their future in Cyber Security.  Are you ready to be part of this success story? #cyberatsobeys #DigitalatSobeys #LI-Hybrid  #Sobeys

Job Requirements


Your experience and resume will show us:

• Bachelor’s degree in computer science or IT Business Management or related studies.
• 3 - 5 years of experience in vendor/contract management and/or project management in an Information Technology Procurement function is preferred.
• Experience working in a global IT Service environment with vendor relationship/portfolio management experience.
• Experience working with the Legal team and other stakeholders review and approve MSAs and contracts.
• In-depth IT operations knowledge; Data center hardware, Software management, Compliance.
• Experience with Payment Card Industry would be an asset.
• Knowledgeable in using GRC tools (OneTrust, Resolver, Tugboat, ServiceNow, Archer, etc).
• Working knowledge of Risk Management standard and frameworks (NIST, ISO, COSO, etc.)
• Hold a professional certification (CRISC, CIA, CISA, CISM, etc).
• Excellent knowledge of IT Controls, IT Security, and strong knowledge of ISO27001, NIST CSF and COBIT.
• A high level of proficiency with MS Excel, MS Word, Visio, MS Outlook and SharePoint.
• Takes initiative and ownership to address challenges and escalate where necessary to ensure progress of assigned activities.
• Strong analytical capabilities, critical thinker, problem solver, innovator, and collaborative team player.
• Ability to learn and absorb new content quickly, and the ability to navigate ambiguity.
• Strong organization and time management skills.
• Ability to interact effectively and comfortably with senior management and build strong collaborative relationships with various lines of business.
• Strong work ethics, works with integrity and values company policies.

We offer teammates competitive total compensation packages that will vary by role and location. Some websites share our job opportunities and may provide salary estimates without our knowledge. These estimates are based on similar jobs and postings for general comparison, but these numbers are not provided by or monitored for accuracy by our organization. We look forward to discussing the specific compensation details relevant to this role with candidates who are selected to move forward in the recruitment process.

Sobeys is committed to accommodating applicants with disabilities throughout the hiring process and will work with applicants requesting accommodation at any stage of this process.


While all responses are appreciated only those being considered for interviews will be acknowledged.

We appreciate the interest from the Staffing industry however respectfully request no calls or unsolicited resumes from Agencies.