WELL Health Technologies Corp. (TSX: WELL)

GRC Lead

WELL Health Technologies Corp. (TSX: WELL)

full-time

Posted on:

Origin:  • 🇨🇦 Canada

Visit company website
AI Apply
Apply

Job Level

Senior

Tech Stack

Cyber Security

About the role

  • Oversee WELLSTAR’s ISO 27001 ISMS and SOC 2 Type 2 control framework, ensuring readiness for audits, collecting evidence, and tracking remediation
  • Establish and continuously improve policies, processes, and GRC practices
  • Own compliance onboarding process for newly acquired entities, designing and executing 12-month roadmaps
  • Perform gap analyses, risk assessments, and maturity evaluations, and define remediation plans with business unit leaders
  • Maintain the GRC risk register, coordinate internal control testing, and support third-party risk reviews
  • Track and present GRC KPIs and compliance metrics to leadership, creating dashboards
  • Support awareness campaigns, facilitate employee training, and foster a culture of compliance
  • Monitor changes in regulatory requirements and industry trends
  • Report directly to the Business Information Security Officer and partner with leaders across nine companies

Requirements

  • 8+ years preferred in GRC, compliance, risk management, or IT audit
  • Demonstrated success implementing ISO 27001 and SOC 2 Type 2 programs across multi-entity environments
  • Deep familiarity with governance and compliance frameworks
  • Experience with GRC tools such as Anecdotes, Vanta, Drata, OneTrust, or LogicGate
  • Relevant certifications (CISA, CISM, CRISC, or ISO 27001 Lead Implementer/Auditor) are an asset
  • Experience working cross-functionally with senior stakeholders in business, legal, IT, and security
  • Strong written and verbal communication skills
  • Detail-oriented, proactive, and ownership-driven mindset
  • Candidates must be based in Canada
  • Legal eligibility to work in Canada (question in application)