Hey!
I'm a CISSP (sorry, customers made me get it) who has been doing mostly GRC work in medium sized businesses for over a decade. I've been deeply involved in building security programs for my organization, with a focus on building security processes rather than trying to bolt on security.
I've had internal people complain they don't think the security team does anything, with auditors impressed by how far ahead of expectations we were, because our processes were seamless enough to not be noticed internally.
I'd love to talk if you need someone.
I'm in Waterloo Ontario but prefer remote. You need to be able to hire a Canadian, though I don't care where you are.