Governance, Risk & Compliance Manager
ABOUT EARTHDAILY
EarthDaily is revolutionizing the way we understand and monitor our planet. Through cutting-edge Earth Observation (EO) technology and geospatial analytics, we provide unparalleled insights for industries ranging from agriculture to mining, insurance, and government intelligence. Our mission is to build the world’s most advanced change detection system to capture, analyze, and interpret global shifts in near real-time.
OUR CREW
Our global, distributed team represents a variety of business lines and is made up of business development, sales, marketing and support professionals, data scientists, software engineers, project managers and finance, HR, and IT professionals. We are currently looking for an experienced, Vancouver-based Governance, Risk, & Compliance (GRC) Manager to join our crew!
READY TO LAUNCH?
Do you want to join the IT team of one of the most exciting space companies at the forefront of global change detection/change monitoring? The GRC Manager establishes, maintains, and continuously improves EarthDaily’s governance, risk, and compliance program.This is a Vancouver-based hybrid position, with some in-office work required and occasional travel for audits, team meetings, or vendor assessments.
PREPARE FOR IMPACT!
Reporting directly to the Director, IT, with a dotted-line reporting relationship to the VP, Finance & Internal Controls, this role owns policy lifecycle management, risk documentation, audit readiness, and compliance evidence collection for IT general controls and related IT compliance obligations.
In addition to driving the company’s broader GRC program, including SOC 2, existing compliance certifications, and any future frameworks the business adopts, this position plays a key role in advancing EarthDaily’s IT general controls supporting SOX 302 and 404, IT inputs to disclosure controls, and cybersecurity governance as it relates to public-company readiness. Success requires self-direction, sound judgment, and persistence in driving cross-functional initiatives forward across IT, Finance/Internal Controls, Legal, HR, and Engineering.
Risk Management and Governance
- Own the enterprise risk register, conduct risk assessments, and present findings, mitigation plans, and residual risk levels to decision-makers
- Escalate risk acceptance decisions, security variance approvals, and policy exceptions to the appropriate owner (the Director, IT, the VP, Finance & Internal Controls, or executive leadership) based on risk type and organizational impact
- Identify gaps in processes, documentation, or controls through stakeholder interviews and process walkthroughs, and take ownership of addressing them, developing procedures and templates as needed
- Manage the policy lifecycle across IT and information security policies, and support Finance and Internal Controls in maintaining ICFR-related policies
- Adapt policy templates to reflect organizational realities while coordinating annual reviews, version control, and approval tracking
- Review contractual agreements for GRC-related requirements and ensure compliance obligations are identified, documented, and tracked
- Own the IT general controls (ITGC) component of SOX 302 and 404, including scoping, documentation, management testing, deficiency evaluation, and remediation tracking, partnering with Finance and Internal Controls, who own process- and entity-level controls
- Provide IT inputs to disclosure controls and procedures (DC&P), including IT sub-certification processes that support public-company readiness for executive certification requirements
- Contribute to cybersecurity disclosure readiness aligned with Item 106 of Regulation S-K and Item 1.05 of Form 8-K
- Coordinate periodic tabletop exercises and incident response walkthroughs to validate incident readiness, including readiness for SEC Item 1.05 disclosure timelines, and to test the effectiveness of key controls
- Collect and organize evidence artifacts to support compliance audits, certification efforts, and public-company readiness activities, leveraging GRC tooling and pulling data directly from systems when needed
- Serve as a primary liaison with internal and external auditors and other advisors, coordinating evidence requests, walkthroughs, remediation follow-up, and diligence support
- Manage third-party risk by coordinating vendor security assessments, collecting attestations, and tracking contract security provisions
- Coordinate with regional privacy stakeholders to ensure company-wide alignment on data protection practices
- Monitor business and technology initiatives for compliance, cybersecurity, and controls implications, proactively engaging when projects involve customer data, financially relevant systems, new applications, or third-party integrations
- Coordinate periodic privileged access reviews, user access certifications, and other recurring IT general control activities with IT operations, maintaining evidence of performance for audit and compliance purposes
- Generate compliance metrics, remediation status, and readiness reports, presenting findings, risks, and recommendations to the Director, IT, the VP, Finance & Internal Controls, and executive leadership in a clear, decision-useful manner
- Bachelor’s degree in Information Security, Computer Science, Business Administration, Accounting, or related field; relevant professional experience and certifications may substitute for formal education
- Relevant professional certifications such as CISA, CRISC, CISSP, CISM, or CGRC are preferred; familiarity with SOX/ICFR (e.g., through co-sourced internal audit experience or a CPA-track background) is an asset
- 5+ years of experience in IT security, risk management, compliance, or audit roles
- 3+ years of direct experience with GRC programs, policy management, or audit preparation
- Demonstrated experience working with industry-recognized security and compliance frameworks such as SOC 2, NIST CSF, or ISO 27001, plus working experience with SOX/ICFR controls
- Experience serving as a liaison with external auditors or supporting certification efforts
- Working familiarity with SOX Sections 302 and 404 and IT general controls, ideally through prior support of SOX programs, internal audit testing, or public-company readiness activities
- Experience working with GRC platforms such as Vanta, Drata, or ServiceNow GRC
- Background in IT administration or technical operations, with comfort navigating system admin consoles and pulling reports independently; familiarity with scripting languages is an asset but not required
- Experience supporting compliance in high-growth or regulated environments, including IPO readiness, SEC cybersecurity disclosure support, or publicly traded companies
- Experience in technology, SaaS, or data-intensive industries
- Strong knowledge of common security and compliance frameworks such as SOC 2, NIST, and ISO 27001, and a practical understanding of how these frameworks intersect with IT general controls and public-company readiness expectations
- Working knowledge of the COSO 2013 Internal Control – Integrated Framework and the application of SOX 302 and 404 to IT general controls, including how control deficiencies are identified, rated, and tracked through remediation
- Working knowledge of identity and access management platforms such as Okta or Azure AD, including the ability to navigate admin consoles, pull user populations, assess privileged access, and support periodic access review processes
- Comfortable pulling configuration details, audit logs, and compliance-relevant data from SaaS platforms and organizing them into complete, audit-ready evidence packages
- Working knowledge of risk assessment methodologies and risk register management
- Familiarity with privacy regulations such as GDPR and CCPA, and with cloud security concepts across SaaS, IaaS, and identity platforms
- Self-sufficient and highly organized, with the ability to manage multiple concurrent workstreams and operate independently with minimal oversight
- Excellent written and verbal communication, including the ability to convey compliance requirements clearly to technical and non-technical audiences and prepare concise updates for senior management
- Resourceful, persistent, and resilient, with the ability to follow up, escalate when necessary, and drive initiatives forward across competing priorities
- Builds credibility and productive working relationships across IT, Legal, Finance, Internal Controls, Engineering, and business teams, balancing sound governance with practical execution
Base Salary Range: $130,000 to $150,000 CAD annually
The range is based on Vancouver, BC-derived compensation for this role. Individual placement in the range is determined based on many factors, including experience, skills, and qualifications. The top end of the range is typically reserved for individuals that meet or exceed all required qualifications and show demonstrated experience and expertise in all responsibilities of the role.
OUR SPACE
We’d love to welcome you to our world of software for space. We have a shared passion for building production critical systems that generate near real-time views of Earth from satellites that power real-world applications like disaster mitigation, environmental monitoring and crop yield improvements.
This is a hybrid role, with some ongoing, in-office work and collaboration required, and occasional travel for audits, team meetings, or vendor assessments.
WHY EARTHDAILY ANALYTICS?
- Competitive compensation, full benefits and flexible time off
- Be part of a meaningful mission as part of one of Canada’s most innovative space companies that are developing sustainable solutions for our planet
- Work from home opportunities (hybrid)
- Great work environment, team and one of the best office locations in Vancouver (right over the water in the Vancouver Convention Centre)
- Company subsidized lunches, lunch & learns and Friday afternoon social hours