Governance, Risk, and Compliance (GRC) Lead

Remote

Full Time

WELLSTAR

Mid Level

Who we are

WELL is an innovative technology-enabled healthcare company whose overarching objective is to positively impact health outcomes by leveraging technology to empower and support healthcare practitioners and their patients.

WELL's practitioner enablement platform includes comprehensive end-to-end practice management tools, including virtual care and digital patient engagement capabilities, Electronic Medical Records (EMR), data protection services, and Revenue Cycle Management (RCM) through our DoctorCare solution.

WELL owns and operates Canada's largest network of outpatient medical clinics serving primary and specialized healthcare services and is the provider of a leading multi-national, multi-disciplinary telehealth offering.

The opportunity

WELLSTAR, a majority-owned subsidiary of WELL Health Technologies Corp, is a high-growth SaaS company with a focused objective of reshaping healthcare through digital enablement. Our innovative solutions are designed to streamline care delivery, integrate healthcare systems and improve patient outcomes.

We are seeking a highly motivated and proactive Governance, Risk, and Compliance (GRC) Lead to own and drive our Governance, Risk, and Compliance efforts. Reporting directly to the Business Information Security Officer, you will be the first dedicated member of the GRC team with the opportunity to define the function, shape the roadmap, and eventually grow and lead a team.

This role is ideal for someone who thrives on both execution and vision, rolling up their sleeves to maintain compliance frameworks while also building scalable processes that will support our rapid growth. You will partner with leaders across nine companies (and growing) to embed ISO 27001 and SOC 2 Type 2 standards and will play a critical role in onboarding new acquisitions into WELLSTAR’s compliance program.

This is a remote-friendly role, limited to candidates based in Canada.

What’s in it for you

Impact and exposure. Unlike traditional roles, you will feature as a prominent part of the acquisition process, working with multiple new companies every year. You will partner with executives across multiple business units and subsidiaries, directly influencing the compliance posture of our expanding portfolio.

Growth and ownership. You will have the opportunity to help align the WELL Health Corporate GRC best practices with the WELLSTAR's business units GRC function, and prepare to lead a growing team as company matures.

Mission and purpose. You will be part of a purpose-driven company transforming healthcare delivery through technology while ensuring security and compliance at every level.

Career development. As one of the founding members of the team, you will be positioned for leadership advancement within WELL’s Cybersecurity department, supported by an environment that values initiative and long-term growth.

What you will do:

Maintain. You will oversee WELLSTAR’s ISO 27001 ISMS and SOC 2 Type 2 control framework, ensuring readiness for audits, collecting evidence, and tracking remediation.
Build. You will establish and continuously improve policies, processes, and GRC practices that can scale with our rapid growth.
Enable. You will own the compliance onboarding process for newly acquired entities, designing and executing 12-month roadmaps and ensuring alignment with WELLSTAR standards.
Assess. You will perform gap analyses, risk assessments, and maturity evaluations, and define remediation plans with business unit leaders.
Manage. You will maintain the GRC risk register, coordinate internal control testing, and support third-party risk reviews with security and procurement teams for eight unique business units.
Report. You will track and present GRC KPIs and compliance metrics to leadership, creating dashboards that measure and demonstrate program success.
Educate. You will support awareness campaigns, facilitate employee training, and foster a culture of compliance across the organization.
Adapt. You will monitor changes in regulatory requirements and industry trends, ensuring WELLSTAR’s GRC program remains compliant and forward-looking

What you bring:

The experience. You bring significant experience, 8+ years preferred in GRC, compliance, risk management, or IT audit, with demonstrated success implementing ISO 27001 and SOC 2 Type 2 programs across multi-entity environments.
The technical knowledge. You have deep familiarity with governance and compliance frameworks and have worked with GRC tools such as Anecdotes, Vanta, Drata, OneTrust, or LogicGate. Relevant certifications (CISA, CISM, CRISC, or ISO 27001 Lead Implementer/Auditor) are an asset.
The collaboration. You have experience working cross-functionally with senior stakeholders in business, legal, IT, and security, and can guide diverse teams toward compliance adoption.
The communication. You have strong written and verbal skills, with the ability to translate complex standards into clear, actionable steps for non-technical teams.
The mindset. You have a detail-oriented, proactive, and ownership-driven approach. You are motivated to build something new, grow with the role, and ultimately lead a team.

Why join us?

Healthcare is our sector, and we know that for WELL to be a winning team, we must provide an open environment to prioritize health and wellbeing and multiple resources to discuss mental, physical, and psychological needs openly. From the CEO to the newest hire, everyone comes together as part of our culture of respect, openness, support, and communication. We unite to empower each other to be the best we can be.

We recognize that the best way to serve our diverse patient communities is by reflecting that diversity. With almost 65% of our team members identifying as female and 70% of our leadership identifying as a visible minority, we are proud of our diverse, equitable and inclusive organization.

What you can expect from our interview process:

A virtual interview with a Talent Advisor discussing your interest in the role and the company.
A virtual interview with the Business Information Security Officer.
A virtual interview with the Chief Information Security Officer and VP, Enterprise Risk.
Meet and greet with the team - Senior Director of Security Architecture and Director of Privacy.

Apply now.

Interested in applying but worried you don't have it all? At WELL, we know not everyone gains their experience following a traditional path. If you share our values, want to make a difference in healthcare technology solutions, and meet 70% of the qualifications, we encourage you to apply. Express your interest here.

WELL is committed to supporting a diverse, inclusive, and accessible workplace. We welcome and celebrate the diversity of applicants and team members across ability, race, gender identity, sexual orientation, and perspective. We strive to create an inclusive workplace where differences are celebrated and fuel our success – this is the WELL Way! Accommodations are available on request for candidates taking part in all aspects of the selection process.

#LI-Remote
#LI-DNI

Apply for this position

Required*

Apply with Indeed

First Name*

Last Name*

Email Address*

Phone*

Address

Resume*

We've received your resume. Click here to update it.

Attach resume or Paste resume

Attach resume as .pdf, .doc, .docx, .odt, .txt, or .rtf (limit 5MB) or Paste resume

Paste your resume here or Attach resume file

Help us maintain an inclusive culture.

We want anyone, anywhere to have the same chance and opportunity to build a life they love and that they are proud of. We are proactive in creating a belonging environment that anyone can be a part of. Thoughtful, data-driven decision-making is core to this success. We ask these questions to strengthen our practices by using data to identify and mitigate unconscious bias in our hiring process.

If you choose to answer them, the responses are ONLY used in aggregate to help us identify areas for improvement in our processes. Your responses, or your choice to prefer not to say, will not be associated with your application and will not in any way be used in the hiring decision. For one, that’s illegal, and we’re really not into breaking the law. Keep being awesome, and thank you for considering work at WELL Health Technologies.

1.) Indigenous peoples: Based on the definition below, are you an Indigenous person?
"Indigenous peoples" means First Nations, Inuit or Métis peoples of Canada.*

2.) Persons with disabilities: Based on the definition below, are you a person with a disability?
"Persons with disabilities" are individuals who have a long-term or recurring physical, mental, sensory, psychiatric, or learning impairment, and who consider themselves to be disadvantaged in employment by reason of that impairment, or believe that an employer or potential employer is likely to consider them to be disadvantaged in employment by reason of that impairment. This includes persons whose functional limitations owing to their impairment have been accommodated in their current job or workplace.*

3.) Members of visible minorities: Based on the definition below, are you a member of a visible minority?
"Members of visible minorities" are persons, other than Indigenous peoples, who are non-Caucasian in race or non-white in colour, regardless of birthplace.*

4.) To which gender identity do you most identify?*

5.) What are your salary expectations?*

6.) Are you legally eligible to work in Canada on an ongoing basis?*

7.) Preferred Name*

8.) Do you have a CISA, CISM or similar certification?*

9.) How many years of GRC experience do you hold within GRC?*

Human Check*

Submit Application