Executive Advisor - Governance, Risk and Compliance

Executive Advisor, Governance, Risk and Compliance

Malleum is at the forefront of next-generation cyber defense, partnering with marquee clients across space, aerospace, defense, government, financial services, and critical infrastructure. We're experiencing exceptional growth as demand accelerates for trusted advisors capable of delivering at the intersection of national security, allied intelligence cooperation, and enterprise resilience. Our advisors shape the governance, risk, and compliance programs that underpin cutting-edge defensive technologies, sovereign space capabilities, and allied programs with national security impact – from satellite and launch operations to next-generation defense platforms. If you take pride in shaping how the most consequential organizations govern cyber risk and want your counsel to influence sovereign and allied missions, Malleum is where your leadership meets purpose.

The Opportunity

We're seeking an Executive Advisor, Governance, Risk and Compliance to lead Malleum's most strategic GRC engagements and to help scale our advisory practice across the space, aerospace, and defense sectors. You'll serve as a trusted counsel to CISOs, CIOs, CROs, and boards – translating regulatory complexity into pragmatic, mission-aligned programs. This is a remote position, with travel to client sites – typically Ontario-based – as required. This is a senior leadership role for a recognized GRC practitioner who has stood up enterprise-grade cyber resilience programs, navigated the most demanding compliance regimes, and can mentor the next generation of Malleum advisors.

What You'll Do

• Lead executive-level GRC advisory engagements for clients across space, aerospace, defense, government, and critical infrastructure
• Stand up and mature Cyber Resilience Programs at large enterprises, integrating governance, risk management, business continuity, third-party risk, and incident readiness into a cohesive operating model
• Advise C-suite and board stakeholders on cyber risk posture, regulatory exposure, and strategic investment priorities
• Lead client journeys to CMMC (Cybersecurity Maturity Model Certification) readiness and certification, including scoping, gap assessments, SSP/POAM development, and assessor coordination
• Lead client adoption of the Canadian Program for Cyber Security Certification (CPCSC) for organizations supporting the Government of Canada defense supply chain
• Develop, operationalize, and audit programs aligned with NIST CSF 2.0, NIST 800-53/171, ISO 27001/27005, ITSG-33, SOC 2, and sector-specific frameworks
• Advise space-sector clients on emerging requirements such as Space ISAC guidance, NIST IR 8401 (Satellite Ground Segment), and allied space defense expectations
• Define and implement enterprise risk management frameworks, KRIs/KPIs, risk appetite statements, and board reporting cadences
• Lead third-party / supply-chain risk programs aligned with defense industrial base (DIB) and allied requirements
• Shape Malleum's GRC service offerings, methodologies, accelerators, and intellectual property
• Mentor and develop senior managers, managers, and consultants — building bench strength and a strong delivery culture
• Drive business development: trusted-advisor relationships, account growth, proposals, and thought leadership across the space, aerospace, and defense ecosystem
• Represent Malleum in industry forums, regulator engagements, client briefings, and executive roundtables

What You Bring

• 15+ years of progressive cybersecurity and GRC experience, including senior leadership roles in consulting, industry, or government
• Demonstrated track record standing up and scaling Cyber Resilience Programs for large, complex enterprises — including governance structures, risk frameworks, control libraries, metrics, and operating cadences
• Deep expertise across CMMC (Levels 1–3) and emerging CPCSC requirements, including how each maps to NIST 800-171 / 800-172 and supplier obligations
• Hands-on experience advising clients in space, aerospace, and defense — familiarity with ITAR, CGP, controlled goods, export controls, and allied compliance regimes
• Strong command of NIST CSF 2.0, NIST 800-53/171/172, ISO 27001/27005, ITSG-33, SOC 2, PCI DSS, and relevant privacy regimes (PIPEDA, Quebec Law 25, GDPR)
• Executive presence — proven ability to advise CISOs, CIOs, CFOs, GCs, audit committees, and boards
• Strong commercial acumen — practice building, account growth, proposal leadership, and revenue accountability
• Demonstrated leadership in mentoring, coaching, and developing high-performing GRC teams
• Certifications such as CISSP, CISM, CRISC, CGEIT, CISA, ISO 27001 Lead Auditor/Implementer, or CMMC Registered Practitioner (RP) strongly preferred
• Eligibility for Government of Canada security clearance (Secret or higher); existing clearance highly valued
• Bilingualism (English/French) considered a strong asset
• Bachelor's degree required; advanced degree (MBA, MS in Cybersecurity) preferred

Why Malleum

• Lead GRC programs with genuine national and allied security impact across space, aerospace, and defense
• Shape the strategy and growth of a rapidly scaling advisory practice with direct partner-level visibility
• Work alongside seasoned IR, offensive security, engineering, and program leaders on the most consequential client missions
• Highly competitive executive compensation, performance incentives, and equity-style participation in practice growth
• Continuous learning budget, certification sponsorship, and a platform to publish, speak, and shape industry dialogue

A flat, high-trust culture that rewards judgment, ownership, and mission focus Malleum is an equal opportunity employer. We welcome applications from all qualified candidates and are committed to building a team that reflects the communities and missions we serve.