Governance, Risk & Compliance Manager

ABOUT EARTHDAILY
EarthDaily is revolutionizing the way we understand and monitor our planet. Through cutting-edge Earth Observation (EO) technology and geospatial analytics, we provide unparalleled insights for industries ranging from agriculture to mining, insurance, and government intelligence. Our mission is to build the world’s most advanced change detection system to capture, analyze, and interpret global shifts in near real-time.

OUR CREW
Our global, distributed team represents a variety of business lines and is made up of business development, sales, marketing and support professionals, data scientists, software engineers, project managers and finance, HR, and IT professionals. We are currently looking for an experienced, Vancouver-based Governance, Risk, & Compliance (GRC) Manager to join our crew!

READY TO LAUNCH?
Do you want to join the IT team of one of the most exciting space companies at the forefront of global change detection/change monitoring? The GRC Manager establishes, maintains, and continuously improves EarthDaily’s governance, risk, and compliance program.This is a Vancouver-based hybrid position, with some in-office work required and occasional travel for audits, team meetings, or vendor assessments.


PREPARE FOR IMPACT!
Reporting directly to the Director, IT, with a dotted-line reporting relationship to the VP, Finance & Internal Controls, this role owns policy lifecycle management, risk documentation, audit readiness, and compliance evidence collection for IT general controls and related IT compliance obligations.

In addition to driving the company’s broader GRC program, including SOC 2, existing compliance certifications, and any future frameworks the business adopts, this position plays a key role in advancing EarthDaily’s IT general controls supporting SOX 302 and 404, IT inputs to disclosure controls, and cybersecurity governance as it relates to public-company readiness. Success requires self-direction, sound judgment, and persistence in driving cross-functional initiatives forward across IT, Finance/Internal Controls, Legal, HR, and Engineering.

Risk Management and Governance

• Own the enterprise risk register, conduct risk assessments, and present findings, mitigation plans, and residual risk levels to decision-makers
• Escalate risk acceptance decisions, security variance approvals, and policy exceptions to the appropriate owner (the Director, IT, the VP, Finance & Internal Controls, or executive leadership) based on risk type and organizational impact
• Identify gaps in processes, documentation, or controls through stakeholder interviews and process walkthroughs, and take ownership of addressing them, developing procedures and templates as needed

• Manage the policy lifecycle across IT and information security policies, and support Finance and Internal Controls in maintaining ICFR-related policies
• Adapt policy templates to reflect organizational realities while coordinating annual reviews, version control, and approval tracking
• Review contractual agreements for GRC-related requirements and ensure compliance obligations are identified, documented, and tracked

• Bachelor’s degree in Information Security, Computer Science, Business Administration, Accounting, or related field; relevant professional experience and certifications may substitute for formal education
• Relevant professional certifications such as CISA, CRISC, CISSP, CISM, or CGRC are preferred; familiarity with SOX/ICFR (e.g., through co-sourced internal audit experience or a CPA-track background) is an asset
• 5+ years of experience in IT security, risk management, compliance, or audit roles
• 3+ years of direct experience with GRC programs, policy management, or audit preparation
• Demonstrated experience working with industry-recognized security and compliance frameworks such as SOC 2, NIST CSF, or ISO 27001, plus working experience with SOX/ICFR controls
• Experience serving as a liaison with external auditors or supporting certification efforts
• Working familiarity with SOX Sections 302 and 404 and IT general controls, ideally through prior support of SOX programs, internal audit testing, or public-company readiness activities

• Experience working with GRC platforms such as Vanta, Drata, or ServiceNow GRC
• Background in IT administration or technical operations, with comfort navigating system admin consoles and pulling reports independently; familiarity with scripting languages is an asset but not required
• Experience supporting compliance in high-growth or regulated environments, including IPO readiness, SEC cybersecurity disclosure support, or publicly traded companies
• Experience in technology, SaaS, or data-intensive industries

• Strong knowledge of common security and compliance frameworks such as SOC 2, NIST, and ISO 27001, and a practical understanding of how these frameworks intersect with IT general controls and public-company readiness expectations
• Working knowledge of the COSO 2013 Internal Control – Integrated Framework and the application of SOX 302 and 404 to IT general controls, including how control deficiencies are identified, rated, and tracked through remediation
• Working knowledge of identity and access management platforms such as Okta or Azure AD, including the ability to navigate admin consoles, pull user populations, assess privileged access, and support periodic access review processes
• Comfortable pulling configuration details, audit logs, and compliance-relevant data from SaaS platforms and organizing them into complete, audit-ready evidence packages
• Working knowledge of risk assessment methodologies and risk register management
• Familiarity with privacy regulations such as GDPR and CCPA, and with cloud security concepts across SaaS, IaaS, and identity platforms
• Self-sufficient and highly organized, with the ability to manage multiple concurrent workstreams and operate independently with minimal oversight
• Excellent written and verbal communication, including the ability to convey compliance requirements clearly to technical and non-technical audiences and prepare concise updates for senior management
• Resourceful, persistent, and resilient, with the ability to follow up, escalate when necessary, and drive initiatives forward across competing priorities
• Builds credibility and productive working relationships across IT, Legal, Finance, Internal Controls, Engineering, and business teams, balancing sound governance with practical execution

• Competitive compensation, full benefits and flexible time off 
• Be part of a meaningful mission as part of one of Canada’s most innovative space companies that are developing sustainable solutions for our planet
• Work from home opportunities (hybrid)
• Great work environment, team and one of the best office locations in Vancouver (right over the water in the Vancouver Convention Centre) 
• Company subsidized lunches, lunch & learns and Friday afternoon social hours