Director, Governance, Risk and Compliance (GRC)

At Momentum Financial Services Group, we help people move forward by reimagining how money works for those who need it most. With more than 40 years of experience, we’re the team behind Money Mart—Canada’s largest non-bank branch network—and a leader in financial solutions for underserved communities.

From short-term loans to money transfers and prepaid cards, we power the products, technology, and operations that connect over a million customers a year to the money they need, when they need it.

At MFSG, we come together across teams and departments to create something bigger than ourselves: solutions that remove barriers and give people access to money they might not get anywhere else. Whether you're solving problems, building systems, or shaping strategy, your work fuels real support for real people.

Compensation Philosophy: Our strategy is simple—we aim to match the market. We regularly review industry standards to ensure our total rewards package is competitive and fair. This commitment helps us attract and retain talented individuals who share our purpose.

Discretionary Annual Bonus: Enjoy the opportunity for a discretionary bonus based on individual performance and company success.

Comprehensive Benefits: Our benefits include health and dental plans with 100% of the premiums covered. We also offer an Employee Assistance Program to support your mental well-being and provide resources for personal challenges.

Retirement Plans: Plan for your future with our robust retirement savings options, ensuring you’re set for the long haul.

Hybrid Work Environment: Experience the best of both worlds with our hybrid work model, allowing you to balance remote work with in-office. When you're at our corporate head office, enjoy a relaxed and collaborative environment featuring breakout rooms for brainstorming and unwinding, plus a variety of snacks to keep you energized throughout the day.

Perks and Rewards: Enjoy reimbursement for tuition assistance and professional development, discounts through Perkopolis and participate in our rewards and recognition programs to celebrate your contributions.

We’re seeking a Director, Governance, Risk and Compliance (GRC) to lead and operate MFSG’s cybersecurity governance, cyber risk management, compliance, and data governance functions. This is a highly hands-on senior individual contributor role responsible for strengthening governance frameworks, overseeing cyber risk activities, supporting regulatory compliance, and driving risk-informed decision-making across the organization.

• Own and operate the enterprise cyber risk management framework
• Maintain cybersecurity, technology, and data risk registers
• Conduct cyber risk assessments across business processes, systems, vendors, and strategic initiatives
• Define and track key risk indicators (KRIs), metrics, and remediation activities
• Support post-incident risk reviews and continuous improvement efforts

• Support internal and external audits, regulatory reviews, and customer due diligence requests
• Validate control effectiveness and coordinate audit evidence collection
• Manage cybersecurity policy governance and exception management processes
• Ensure alignment with industry frameworks including NIST, ISO 27001, privacy regulations, and financial sector requirements

• Partner with data governance, privacy, legal, and compliance teams to manage information risk
• Oversee data governance activities including classification, retention, protection, access governance, and recovery controls
• Support vendor and third-party risk assessments and remediation efforts

• Prepare executive-level cyber risk reporting and governance updates
• Present risk trends, control gaps, remediation progress, and emerging risks to leadership
• Influence business, technology, and control owners to drive risk reduction activities
• Build strong relationships across cybersecurity, IT, legal, compliance, enterprise risk, and operational teams

• Develop and mature cybersecurity governance programs, policies, standards, and procedures
• Improve GRC processes, workflows, and governance effectiveness
• Personally execute critical deliverables in a hands-on leadership capacity
• Balance business objectives with practical, risk-based governance and security controls

• 10+ years of experience in information security, cybersecurity, technology risk, or IT controls
• At least 5 years of direct GRC experience, including 3+ years in a leadership capacity
• Experience within banking, fintech, insurance, payments, wealth management, or another regulated financial services environment
• Proven success operating as a senior individual contributor with ownership of risk assessments, governance documentation, executive reporting, and remediation tracking
• Strong understanding of enterprise cyber risk management, governance, and compliance practices
• Extensive experience with data governance risk management, privacy controls, and information asset protection
• Experience managing cyber risk registers, risk reviews, issue management, and remediation programs
• Strong knowledge of Canadian financial sector regulatory expectations, operational resilience principles, and privacy obligations
• Excellent communication skills with the ability to translate technical issues into clear business risk language

• Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, Risk Management, or a related field, or equivalent practical experience
• Experience supporting audits, regulatory reviews, customer security assessments, and control testing activities
• Strong understanding of identity and access management, data protection, cloud security, vulnerability management, incident response, third-party risk, and business continuity

• Experience within a Canadian regulated financial institution or fintech organization
• Professional certifications such as CISSP, CISM, CRISC, CGEIT, or ISO 27001 Lead Implementer/Auditor
• Experience implementing or enhancing GRC platforms, workflow automation, and reporting dashboards
• Familiarity with PCI DSS, SOC 2, cloud control frameworks, and privacy control frameworks
• Experience mapping controls across multiple regulatory and compliance frameworks

Ready to lead cybersecurity governance and influence enterprise risk decisions across a growing organization? Join us and help strengthen the security, resilience, and compliance foundation of MFSG.

MFSG is committed to accommodating applicants up to the point of undue hardship during the recruitment, assessment and selection process. If you are selected for an interview, please notify MFSG if you require accommodation in respect of the materials or procedures used at any time during this process. If you require accommodation, MFSG will work with you to determine how to meet your needs.

Please note: The salary range, inclusive of bonus, for this position is between C$175,000 to C$ 190,000.