GRC Manager

At Miovision, we’re unlocking transportation networks that move you. Our vision and mission is to enable smart, fast, safe communities that simply flow, as we drive the Intelligent Mobility Revolution. Backed by the world’s most advanced traffic AI, Miovision’s innovations in traffic signal planning and operations are making it possible for cities to improve the transportation experience for drivers, cyclists and pedestrians.

Our values drive us. They’re at the core of everything we do. If they align with yours, proceed through the GREEN light!

All in to win: We're driven by a winning mindset, approaching every challenge with intensity, clarity, and speed.

One Miovision: We succeed as one team, uniting diverse talents, building on trust, and putting our shared mission before ego.

Be better every day: We're committed to continuous growth, staying curious, building mastery, and embracing challenges as learning opportunities.

Make it happen: We are proactive and results-driven, taking ownership, acting with urgency, and focusing on solutions that deliver real impact.

Earn the customer: We are deeply customer-centric, focused on earning our customers' partnership every day by delivering exceptional experiences that drive their success.

Position Summary:

Miovision is seeking a seasoned GRC Manager / Risk Officer to lead and mature the company's Enterprise Risk Management (ERM) capability as a strategic enabler of product-led growth and regulated market expansion. Reporting to the Chief Information Security Officer (CISO) and embedded within the Office of Cybersecurity, this role operationalizes Miovision's Unified Risk Management Framework to ensure risk management directly supports revenue growth, go-to-market execution, and on-time product delivery; acting as a trusted advisor to the CISO, executive leadership, and external auditors.

The GRC Manager / Risk Officer will drive implementation and ongoing effectiveness of security and risk controls aligned to ISO/IEC 27001:2022, SOC 2, FAIR, COSO, and NIST, ensuring audit-ready execution across the organization. Partnering with stakeholders across Revenue and GTM, Engineering, Product Delivery, Cloud Operations, IT, Legal, HR, and Finance, this leader translates cybersecurity, technology, regulatory, product, and operational risks into clear, business-relevant insights that inform executive decision-making and accelerate regulated market entry.

This role leads the GRC function, mentors and manages team members, and embeds risk intelligence across Miovision's mission-critical platforms; including Bakugan, Scout X, Miovision One, and I2X—to protect smart mobility solutions, strengthen resilience, and reinforce customer trust. The successful candidate will serve as a strategic risk leader, not a compliance administrator, enabling growth while maintaining robust governance and control.

Key Accountabilities: 

Enterprise & Cyber Risk Leadership

• Lead the implementation and continuous improvement of Miovision’s Unified Risk Management Framework, integrating cybersecurity, technology, operational, privacy, product, and third-party risk into the CTO delivery focus model and quarterly business review (QBR) cadence, ensuring risk insights directly inform delivery prioritization, roadmap decisions, and executive trade-offs.
• Own and maintain the Enterprise Risk Register, including risk identification, assessment and scoring, treatment plan development, control ownership assignment, and executive-level reporting to the CISO, CTO, and executive leadership team.
• Partner with the CISO to define, communicate, and operationalize risk appetite and tolerance levels aligned with business objectives, growth strategy, and regulated market expansion initiatives.
• Embed risk intelligence into product development lifecycles for Bakugan, Scout X, Miovision One, and I2X platforms, ensuring security and compliance requirements are integrated early and balanced against delivery timelines.

Governance, Risk & Compliance (GRC) Program Ownership

• Design, implement, and maintain the GRC program structure, ensuring alignment and harmonization across ISO/IEC 27001:2022, SOC 2, NIST, COSO, and other applicable frameworks to minimize audit fatigue, reduce control duplication, and streamline evidence collection.
• Serve as the primary liaison for external auditors, assessors, penetration testers, and regulators, coordinating audit planning, evidence requests, remediation tracking, and certification readiness activities.
• Lead policy and procedure governance, including development, review, approval workflows, version control, and communication across the organization.
• Manage the risk exception and risk acceptance process, ensuring documented justification, compensating controls, executive approval, and time-bound remediation plans. 
• Oversee GRC tooling strategy and administration, ensuring effective use of platforms for risk tracking, control monitoring, evidence management, and audit readiness.

ERM & Cross-Functional Enablement

• Embed risk management as a delivery prerequisite, partnering with Engineering, Product Delivery, and Revenue teams to gate product releases and go-to-market execution, ensuring milestones and regulated-market commitments are met securely and on schedule.
• Support customer security reviews, RFP responses, vendor security assessments, and customer audit requests, clearly articulating Miovision's risk posture, control maturity, and compliance certifications to build customer confidence and competitive differentiation.
• Drive risk visibility by proactively identifying, assessing, and communicating systemic and emerging risks; including threat landscape shifts, regulatory changes, supply chain dependencies, and geopolitical factors—to inform strategic decision-making, resource allocation, and business resilience planning.
• Facilitate cross-functional risk forums and working groups to ensure alignment between Cybersecurity, Engineering, Product, IT, Legal, Privacy, and Revenue teams on risk priorities, remediation timelines, and shared accountability for enterprise risk outcomes.

People & Program Leadership

• Build, lead, and mentor the GRC team, establishing clear priorities, performance expectations, career development pathways, and succession planning to develop high-performing risk and compliance professionals capable of scaling with Miovision's growth.
• Design and operationalize scalable GRC workflows and operating rhythms, including quarterly risk assessments, monthly control testing cycles, continuous monitoring processes, audit coordination playbooks, and reporting cadences that drive consistency and efficiency.
• Drive GRC tooling strategy and implementation, including platform selection, configuration, evidence management automation, risk register maintenance, control tracking, and dashboard/reporting capabilities to enhance audit readiness and reduce manual effort.
• Champion a culture of shared accountability for risk across the organization through training programs, risk awareness campaigns, security champions networks, and embedding risk considerations into business processes, product development, and operational decision-making.
• Foster continuous improvement and innovation within the GRC function, staying current on emerging risk frameworks, regulatory developments, industry best practices, and technology trends to enhance program maturity and business value.

• 8 - 10 years of progressive experience in GRC, cyber risk, enterprise risk, audit, or compliance roles.
• Demonstrated people leadership experience, including managing teams and cross-functional initiatives.
• Proficiency with GRC platforms and compliance management tools
• Strong working knowledge of four (4) or more :  ISO 27001, SOC 2, NIST (CSF / RMF / 800-53), FedRAMP, FAIR, and COSO enterprise risk concepts.
• Proven ability to build and operate risk registers, control frameworks, and executive reporting.
• Experience operating in SaaS, cloud, or critical-infrastructure-adjacent environments strongly preferred.
• Ability to communicate effectively with executives, auditors, engineers, and non-technical stakeholders.
• Highly organized, curious, and eager to learn
• Understanding of network security, application security, and infrastructure security concepts
• Analytical mindset with attention to detail and accuracy
• Strong problem-solving and critical thinking skills

 One or more of the following professional certifications:

• CRISC (Certified in Risk and Information Systems Control)
• CISM (Certified Information Security Manager)
• CISSP (Certified Information Systems Security Professional)
• CISA (Certified Information Systems Auditor)
• CGRC (Certified GRC Professional)
• ISO 27001 Lead Implementer/Lead Auditor

• Comprehensive Coverage: Your well-being is covered from day one with comprehensive health benefits, 24/7 virtual healthcare access, and dedicated wellness programs.
• Financial Future: Build for tomorrow with our 401K Matching Plan and share in the company's success through our Variable Incentive Plan.
• Time to Recharge: Truly unplug with our unique Mio-Days and flexible vacation policy.
• Work & Life Support: We support you with flexible work options, an internet subsidy, a remote work allowance, and enhanced leave for new parents.

Sound like your next adventure? Apply now and let's start building together!

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, colour, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. Please indicate if you require accommodation on your application, and our team will work with you to meet your accessibility needs.

PLEASE BE AWARE OF FRAUD: Applicants interested in applying for roles at Miovision should apply directly via the details provided on our careers page. We communicate directly with applicants and will not request banking information, payment, or fees during any point of the recruitment process. We do not conduct interviews via text message. If you suspect that a third party is impersonating Miovision or requesting payment for recruitment on behalf of Miovision, please alert us via recruitment@miovision.com.

To all recruitment agencies: Miovision does not accept agency solicitation or resumes. Please do not forward resumes to our HR alias e-mail address, to any Miovision employee, or to other Miovision e-mail addresses. Miovision will not pay any fees related to unsolicited resumes.