Director, Governance, Risk and Compliance

Union/Affiliation: Administrative Professional Excluded Staff Pay range: $142,552 to $184,473 annually SFU Department Descr: Information Security Position Grade: 16 # of openings: 1 Biweekly Hours: 72

Who We Are

Simon Fraser University is a leading research university, advancing an inclusive and sustainable future. Our purpose – the essence of SFU – is to create and connect knowledge, learning and community for deeper understanding and meaningful impact. We are committed to fostering excellence, innovation, belonging and community in all that we do.

The Director, Governance, Risk and Compliance (GRC) at Simon Fraser University is a senior leadership role responsible for shaping and overseeing the University’s cybersecurity governance, risk, and compliance framework. Reporting to the Chief Information Security Officer, the Director drives the development and execution of strategies that safeguard SFU’s digital assets, ensure compliance with privacy and security legislation, and align with institutional priorities and evolving threats. The role provides oversight for security policies, risk management, IT disaster recovery, incident response, training, and compliance programs, while fostering a culture of security awareness across the university. Additionally, the Director leads the GRC team, collaborates with internal and external stakeholders, and ensures SFU’s cybersecurity practices are aligned with frameworks such as NIST, PCI-DSS, and FIPPA.

About the Role

The Director, Governance, Risk and Compliance (GRC) provides strategic direction, planning and oversight for the University’s information security governance, risk management, and compliance program. Reporting to the Chief Information Security Officer (CISO), the Director is responsible for advancing the maturity of the University’s information security program by aligning GRC initiatives with institutional priorities and an evolving threat landscape. The role oversees all matters related to information security governance, risk and compliance including the development and implementation of University-wide information security procedures, standards, guidelines, controls, and processes; information security architecture; cybersecurity risk management and mitigation; IT disaster recovery planning and security incident response; security assessments; information security awareness training; and compliance with privacy and other legislative requirements. The Director plays a pivotal role in facilitating critical issue resolutions, ensuring the confidentiality, integrity, and availability of the University’s digital information and electronic systems, and embedding GRC within the broader information security strategy to maintain alignment with legislative and regulatory requirements. Working in close partnership with stakeholders across the University the Director promotes a culture of security awareness and shared responsibility. The position also provides leadership to the GRC team, ensuring operational excellence, financial stewardship, and the ongoing development of team capabilities in support of University objectives.

Full