×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity

Governance, Risk, and Compliance; GRC Specialist

Job in Fredericton, New Brunswick, E3G, Canada
Listing for: Thales
Full Time position
Listed on 2026-02-27
Job specializations:
  • IT/Tech
    Cybersecurity
Job Description & How to Apply Below
Position: Governance, Risk, and Compliance (GRC) Specialist
Location:

Fredericton - Knowledge Park, Canada In fast changing markets, customers worldwide rely on Thales. Thales is a business where brilliant people from all over the world come together to share ideas and inspire each other. In aerospace, transportation, defence, security and space, our architects design innovative solutions that make our tomorrow's possible.

Fredericton, N.B., (CAN.), Hybrid

Position Summary

At Thales, we are proud to work together to imagine innovative solutions that contribute to building a future that is safer, greener and more inclusive. A future that we can all trust. But these technologies don’t just come from anywhere. At Thales, it all starts with Human Intelligence. That is why our ambition is to create the best possible experience for you.

We strive to create the conditions that enable your growth, to facilitate your work-life balance and daily work, and to broaden your prospects.

In Canada, Thales is relied on to innovate for customers with high-stakes goals, critical missions and big ambitions. Our commitment to mastering digital capabilities in Canada strengthens the nation’s economy – through high-technology jobs, investments in domestic research and technology, and solutions for the aerospace, defense, digital identity and security sectors.

Driven by purpose, values, innovation, and a commitment to building a future we can all trust, Thales Canada seeks to increase digital trust and resilience, offering integrated digital solutions to organizations, mission critical systems and critical infrastructure in both the commercial and the defense community.

Thales has a vacancy for an Intermediate level Governance, Risk, and Compliance (GRC) Specialist to deliver advisory and hands-on execution across CPCSC, CMMC, ISO 2700x, and other compliance frameworks. This role will lead readiness assessments, design and improve control of environments, guide clients through audits/certifications, and translate complex requirements into pragmatic, business-aligned roadmaps. This role is ideal for a consultant who is comfortable working directly with stakeholders, facilitating workshops, and building sustainable GRC solutions built on customer intimacy.

Key Areas of Responsibility

Advisory and Client Engagement

  • Lead discovery sessions, stakeholder interviews, and workshops to understand business context, scope, and compliance objectives.
  • Translate regulatory and framework requirements into actionable program plans, control designs, and implementation roadmaps.
  • Present findings and recommendations to technical and executive audiences; prepare high-quality client deliverables.

    • Framework Readiness and Implementation

  • CPCSC:
    Conduct gap assessments, control mapping, and remediation planning against the applicable CPCSC requirements (or equivalent regional compliance scheme). Provide guidance on scoping, data flows, and evidence requirements.
  • CMMC (v2):
    Perform NIST SP 800-171/CMMC readiness assessments; develop SSPs and POA&Ms; define enclaves and scoping; establish evidence collection processes; support clients through RPO/RP-led journeys.
  • ISO 27001/27002 (2700x family):
    Build or mature ISMS programs; conduct risk assessments; develop the Statement of Applicability; support internal audits and management reviews; prepare for external certification.

    • Control Design, Testing, and Continuous Improvement

  • Design and document policies, standards, procedures, and control narratives aligned to applicable frameworks.
  • Build crosswalks/control catalogs across CPCSC, CMMC, ISO 27001/27002, and related frameworks (e.g., NIST 800-53).
  • Perform control testing, sampling, and evidence reviews; track remediation and validate closure.
  • Define and operationalize KRIs/KPIs and compliance metrics dashboards.

    • Risk Management and Security Governance

  • Facilitate formal risk assessments and treatment plans using recognized methods (ISO 27005, NIST 800-30, FAIR optional).
  • Advise on secure configurations, IAM, vulnerability and patch management, logging/monitoring, and incident response alignment with compliance needs.
  • Support third-party/vendor risk assessments and continuous monitoring activities.

    • Audit and Certification…

    Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
    To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
     
     
     
    Search for further Jobs Here:
    (Try combinations for better Results! Or enter less keywords for broader Results)
    Location
    Increase/decrease your Search Radius (miles)

    Job Posting Language
    Employment Category
    Education (minimum level)
    Filters
    Education Level
    Experience Level (years)
    Posted in last:
    Salary
    Advanced Search