Cloud Services GRC Specialist
Thales
Posted: April 7, 2026
Interested in this position?
Create a free account to apply with AI-powered matching
Quick Summary
Thales architects identity management and data protection solutions at the heart of digital security. They verify identities, grant access to digital services, analyze information, and encrypt data to make the connected world more secure.
Required Skills
Job Description
Location: Ottawa, Canada
Thales people architect identity management and data protection solutions at the heart of digital security. Business and governments rely on us to bring trust to the billons of digital interactions they have with people. Our technologies and services help banks exchange funds, people cross borders, energy become smarter and much more. More than 30,000 organizations already rely on us to verify the identities of people and things, grant access to digital services, analyze vast quantities of information and encrypt data to make the connected world more secure.
Ottawa, ON - Hybrid (3 days in office)
Position Summary
We have a current vacancy for a mid-level GRC Specialist to support and strengthen our Cloud Services governance, risk, and compliance program. This role will focus on audit coordination, control management, and risk assessment, with increasing ownership of key processes. You will work closely with cross-functional teams to maintain audit readiness, support certifications, and ensure compliance with internal and external requirements. This role is suited for a mid-level professional looking to deepen their expertise in audit, compliance, and risk management, while taking on greater ownership and contributing to a mature and scalable GRC program.
Essential Functions
Audit & Compliance
• Serve as a primary point of contact for internal and external auditors, supporting audit coordination, evidence collection, and follow-ups.
• Maintain and manage a centralized audit repository, ensuring evidence is accurate, complete, and mapped to relevant control frameworks.
• Coordinate and support internal audits, including performing control testing where appropriate.
• Support external audits and certifications (e.g., ISO 27001, ISO 27017/18, SOC 2, PCI-DSS, FedRAMP).
• Track audit findings and support remediation efforts with stakeholders.
Governance & Control Management
• Maintain and update control frameworks, including mapping controls across multiple standards and requirements.
• Support the maintenance of ISMS documentation, including policies, standards, and procedures aligned with ISO 27001.
• Identify gaps and recommend improvements to controls, policies, and procedures to enhance compliance posture.
• Contribute to the development of compliance metrics, KPIs, and KRIs, and support reporting to management.
Risk Management
• Support risk identification, assessment, and tracking activities, including maintaining the risk register.
• Assist with risk assessments for systems, processes, and new initiatives.
• Participate in third-party/vendor risk management activities, including due diligence and periodic reviews.
Operational Support
• Support the maintenance of key operational processes, including Change Management, Business Continuity (BCP), and Disaster Recovery (DR).
• Review asset management processes to ensure controls are in place and operating effectively.
• Collaborate with engineering, operations, and product teams to ensure compliance requirements are implemented.
• Customer & Business Support
• Support responses to RFPs, security questionnaires, and customer due diligence requests.
• Participate in customer discussions to address compliance and security-related questions.
• Assist in analyzing regulatory and privacy requirements across multiple jurisdictions (e.g., GDPR, CCPA).
Minimum Requirements
Experience & Skills
• 3-5 years of experience in IT compliance, GRC, or information security, preferably in cloud or SaaS environments.
• Hands-on experience supporting or coordinating audits (internal and/or external).
• Working knowledge of information security frameworks such as ISO 27001, ISO 27017/18, SOC 2, PCI-DSS, FedRAMP, CSA, and data privacy regulations (e.g., GDPR, CCPA).
• Intermediate experience in risk management, including risk assessments and remediation tracking.
• Familiarity with cloud environments and security fundamentals (e.g., AWS, Azure, GCP).
• Strong stakeholder management skills and ability to work cross-functionally.
• Good analytical, documentation, and organizational skills.
• Ability to manage multiple tasks and priorities with moderate supervision.
• Strong written and verbal communication skills.
Key Attributes
• Detail-oriented and well-organized
• Proactive and willing to take ownership of assigned areas
• Collaborative team player with a practical mindset
• Eager to learn and grow within the GRC domain
Preferred Qualifications
• Experience with GRC tools (e.g., ServiceNow GRC, RSA Archer, OneTrust, or similar).
• Experience managing complex projects
• Relevant Industry certifications for example CISA, CISM, CRISC, CISSP, CEH
Travel
• Based on the global nature of the business the position may require semi-regular interaction with international colleagues at unconventional hours.
• Occasional international travel in support of audits.
The anticipated TTC range for this role is
128,540.00 - 165,000.00 CAD Annual. The Company reserves the right to ultimately pay more or less than the posted range and offer additional benefits and other compensation, depending on circumstances not related to an applicant’s status protected by local, state, or federal law.
If you’re excited about working with Thales, but not meeting the requirements for this position, we encourage you to join our Talent Community! https://careers.thalesgroup.com/global/en/jointalentcommunity. You can upload your CV and our recruiters can get in touch with any new opportunities that may be of interest to you.
Why Join Us?
Say HI and learn more about working at Thales click here
#LI-MG1
#LI-Hybrid
We use artificial intelligence–enabled tools as part of our recruitment process to support activities such as candidate discovery, résumé matching, and interview scheduling. These tools may help screen and assess applications and recommend potential matches based on the requirements within the job description. All hiring decisions, including candidate evaluation, selection, and disposition, are made by human recruiters. Artificial intelligence does not make hiring decisions on our behalf.
Thales provides an extensive benefits program for all full-time employees working 24 or more hours per week and their eligible dependents, including the following:
• Company paid Extended Health, Dental, HSA, Life, AD&D, Short-term Disability, Cancer Care Program, travel insurance, Employee Assistance Plan and Well-Being program.
• Retirement Savings Plans (RRSP, DCPP, TFSA) with a company contribution and a match to a DCPP, with no vesting period.
• Company paid holidays, vacation days, and paid sick leave.
• Voluntary Life, AD&D, Critical Illness, Long-Term Disability.
• Employee Discounts on home, auto, and gym membership.
Thales is an equal opportunity employer which values diversity and inclusivity in the workplace. Thales is committed to providing accommodations in all parts of the interview process. Applicants selected for an interview who require accommodation are asked to advise accordingly upon the invitation for an interview. We will work with you to meet your needs. All accommodation information provided will be treated as confidential and used only for the purpose of providing an accessible candidate experience.