Careers / ELDR Advisory
ELDR Advisory

GRC Specialist

Design and implement Governance, Risk and Compliance frameworks for regulated institutions across financial services, healthcare, and enterprise technology.

Level: Mid-Senior (5–10 Years) Type: Full-Time · Hybrid Location: Toronto, Ontario, Canada

About the Role

ELDR's Advisory practice builds the governance infrastructure that allows regulated institutions to operate with confidence — satisfying audit requirements, managing operational risk, and meeting the expectations of regulators, boards, and institutional counterparties. The GRC Specialist is a core delivery role, responsible for assessing, designing, and implementing GRC frameworks that are defensible, operational, and proportionate to each client's risk environment. You will work across ISO 27001, SOC 2, NIST, SOX, PCI DSS, and sector-specific compliance regimes with financial institutions, technology companies, and public sector entities.

Responsibilities

  • Lead GRC programme assessments, gap analyses, and remediation roadmaps for clients across financial services, technology, and regulated industries
  • Design and implement control frameworks aligned with ISO 27001, SOC 2, NIST 800-53, SOX, PCI DSS, HIPAA, and applicable regulatory requirements
  • Author governance documentation — policies, standards, procedures, control narratives, Statements of Applicability, and risk registers — to audit-ready standard
  • Conduct risk assessments using structured methodologies and translate findings into risk treatment plans and management reporting
  • Support clients through external audits, certification processes, and regulatory examinations by preparing evidence packages and facilitating assessor interactions
  • Advise on GRC platform configuration and optimisation — ServiceNow GRC, Archer, OneTrust, or comparable systems
  • Contribute to the development of ELDR's governance methodology and internal knowledge base

Requirements

  • 5–10 years of experience in GRC, information security governance, internal audit, or enterprise risk management
  • Hands-on expertise with multiple compliance frameworks — ISO 27001, SOC 2, NIST 800-53, SOX, PCI DSS, and/or HIPAA
  • Demonstrated ability to produce audit-ready governance documentation and manage evidence repositories
  • Experience supporting external audit, certification, or regulatory examination processes
  • Strong analytical and written communication skills; ability to translate technical risks into business language
  • Undergraduate degree required; graduate qualification in risk management, information security, law, or business preferred

Preferred Qualifications

  • Certifications: CISA, CISM, CISSP, CRISC, ISO 27001 Lead Auditor/Implementer, or equivalent
  • Experience with GRC platform implementation or administration
  • Familiarity with Canadian federal and provincial privacy regulations — PIPEDA, Quebec Law 25
  • Prior Big 4 or specialised GRC consulting background

What We Offer

  • Broad exposure to GRC mandates across multiple industries and regulatory regimes
  • Collaborative working environment with experienced advisory practitioners
  • Hybrid model from Toronto with periodic client travel
  • Certification support and professional development investment
Apply for this role

GRC Specialist

Division ELDR Advisory
Level Mid-Senior (5–10 Years)
Type Full-Time · Hybrid
Location Toronto, Ontario, Canada
Apply via Email

Send your CV and a brief covering statement to careers@eldrinc.com with the role title in the subject line. ELDR reviews applications on a rolling basis.

View all open roles