Executive Advisor - Governance, Risk and Compliance (Cybersecurity)

TL;DR

Executive Advisor - Governance, Risk and Compliance (Cybersecurity): Lead executive-level GRC advisory engagements for space, aerospace, defense, and critical infrastructure clients with an accent on standing up cyber resilience programs and navigating compliance regimes. Focus on CMMC/CPCSC readiness, NIST/ISO frameworks integration, enterprise risk management, and third-party risk programs.

Location: Eligibility for Government of Canada security clearance (Secret or higher) required; existing clearance highly valued. Clients across space, aerospace, defense, government, and critical infrastructure.

Company

Rapidly scaling advisory firm specializing in cyber resilience for high-impact missions in space, aerospace, defense, and allied sectors.

What you will do

• Lead GRC advisory for C-suite and boards on cyber risk, regulatory exposure, and strategic priorities
• Stand up and mature enterprise cyber resilience programs integrating governance, risk, business continuity, and incident readiness
• Guide clients through CMMC and CPCSC certification including gap assessments, SSP/POAM, and assessor coordination
• Develop and audit programs aligned with NIST CSF 2.0, 800-53/171, ISO 27001/27005, ITSG-33, SOC 2, and sector frameworks
• Define enterprise risk frameworks, KRIs/KPIs, risk appetite, and board reporting
• Lead third-party/supply-chain risk programs for defense industrial base
• Shape service offerings, mentor teams, drive business development, and represent in industry forums

Requirements

• 15+ years progressive cybersecurity/GRC experience including senior leadership in consulting, industry, or government
• Track record scaling cyber resilience programs for large enterprises with governance, risk frameworks, and metrics
• Deep expertise in CMMC (Levels 1–3), CPCSC, NIST 800-171/172, and supplier obligations
• Hands-on advising in space/aerospace/defense with ITAR, CGP, export controls knowledge
• Strong command of NIST CSF 2.0, 800-53/171/172, ISO 27001/27005, ITSG-33, SOC 2, PCI DSS, privacy regimes
• Executive presence for advising CISOs/CIOs/CFOs/boards; commercial acumen for practice building/revenue
• Leadership in mentoring GRC teams; certifications like CISSP/CISM/CRISC/CGEIT/CISA/CMMC RP preferred
• Bachelor's required; advanced degree (MBA/MS Cybersecurity) preferred; bilingual English/French asset

Culture & Benefits

• Flat, high-trust culture rewarding judgment, ownership, and mission focus
• Highly competitive executive compensation, performance incentives, equity-style participation
• Continuous learning budget, certification sponsorship, platform for publishing/speaking
• Work with IR, offensive security, engineering leaders on consequential missions
• Equal opportunity employer committed to diverse teams