Technology Audit And Compliance Manager

WHO WE ARE
When it comes to health, we're always looking for ways
to push for better. It's why we were founded in the first place. In 1957, our
founder, pharmacist William Wilkinson, witnessed a mother sacrifice her health
by forgoing her own medicine to pay for her sick daughter's prescription. He
knew there had to be a better way. So, he introduced North America's first
prepaid drug plan, and GreenShield was born as a not-for-profit with a mission
to support better health for all Canadians.

We aren't just a health and benefits company. We're
the only not-for-profit social enterprise that brings worlds of coverage and
care together, all in one place.
We're noble challengers, purposefully building a better
way and we need the best people to help us create a more holistic approach that
takes care of the mind and body.

Our mission is to create better health for all
Canadians, and we know that starts with our employees. 

THE
ROLE IN A NUTSHELL

We are seeking an
experienced individual who can bring new knowledge and skills to the Technology
Strategic Planning & Business Management Team and take the lead role in
project managing and executing SOC2 compliance and audits in the areas of
Information Technology and Cybersecurity.

• Lead and coordinate all IT-related audits, including internal, external, and regulatory audits serving as the primary liaison between the IT team and audit stakeholders.
• Manage the end-to-end process of gathering, organizing, and submitting audit evidence across various IT functions, ensuring timely and accurate responses to audit requests.
• Own the project management and execution of our SOC 2 audit process, collaborating with internal teams and external auditors to ensure successful completion and ongoing compliance
• Identify opportunities to streamline audit and compliance processes, implementing best practices to enhance audit readiness and reduce risk exposure.
• Provide regular updates to leadership on audit status, findings, and remediation efforts, facilitating clear and effective communication across technical and non-technical teams.

We're not looking for just anyone. We're looking for a
unique individual with a big brain and a big heart who wants to help us create
better health for all Canadians.

• Minimum post-secondary degree or diploma in computer science, information systems, business, or a related field
• 5+ years of experience in IT auditing, IT risk management, or IT compliance within a Technology forward environment
• Proven experience managing SOC 2 audits or similar compliance frameworks
• Strong project management skills with the ability to manage multiple priorities
• Excellent communication and interpersonal skills
• Familiarity with IT governance frameworks (e.g., COBIT, NIST, ISO 27001)
• Must have had hands on technical experience as part of a technology organization
• Strong understanding of risk-based IT audit methodologies, including planning, execution, and reporting.
• Strong understanding of IT frameworks such as COBIT, NIST, ISO 27001, ITIL, and CIS Controls.
• Familiarity with cybersecurity, cloud technologies (GCP, AWS, Azure), ERP systems, and data analytics tools.
• Familiarity with CSAE 3416, SOC 1/SOC 2, and other assurance reporting frameworks, as well as applicable regulatory requirements (e.g., privacy laws, cybersecurity regulations).
• Ability to identify, assess, and articulate technology-related risks in the context of business and regulatory expectations
• Ability to manage multiple assignments, meet deadlines, and work independently or as part of a team.
• Excellent interpersonal skills with the ability to collaborate and build relationships across IT, risk, compliance, and business functions.
• Excellent verbal and written communication, including the ability to convey complex IT risks and audit findings clearly to both technical and non-technical audiences
• Sound knowledge of the Institute of Internal Auditors Global Internal Audit Standards

THE NICE TO HAVES

• Professional certification(s) such as CIA, CISA, CISSP, CRISC, or CPA (with IT audit focus) preferred.
• Experience working in a regulated environment.
• Experience working in a multi-entity environment with multiple IT infrastructures.
• Previous experience in conducting SOC reviews.

THE CULTURE
We believe a career should be meaningful. Not just a
means to earn a living. Our culture is one where everyone's voice is heard and
valued. Because that's what it takes
to create better health for all. We dare to challenge the status quo. And we're
driven by people who have challenged theirs.  We believe that your
workplace should empower you to be the best version of yourself. That's why we provide a
place where you can be inspired, challenged, and rewarded. 

Where your growth means our growth.
Where your voice is heard and valued.
Where your work has purpose. And purpose matters.

We believe our people are
critical to our overall success. Inclusivity makes us a stronger, smarter and
more informed organization. Being intentionally inclusive of diverse
backgrounds, perspectives and experiences will enhance our company culture to
positively impact how we support our communities. A career at GreenShield isn't just about personal
achievements, it's about making a
difference together.

Here's to Better Health for All

A
FEW MORE DETAILS
Proficiency in English is required
for this position. As part of this role, you will be required to communicate
with colleagues or customers who use English as their primary language.  By requiring English proficiency for this
position, we aim to ensure that our employees can excel in their roles,
collaborate, and communicate effectively, and contribute to the success of our
organization. 

GS supports diversity, equity and
inclusion in our teams and communities, and we value the unique contributions
made by all. Even if your experience doesn't align perfectly to every
requirement, we invite you to apply.   We encourage applications from
all candidates and will accommodate needs under human rights legislation
throughout all stages of the recruitment and selection process. Please let us
know of any accommodation through Information received relating to
accommodation will be addressed confidentially. 

Providing this information gives
GS consent to use your personal information to assess your suitability for
specific positions, future opportunities or for your personnel file. Your
résumé will be held in strict confidence and will be viewed only by the
Organization. Information may be stored outside of Canada and could be used for
aggregate statistical purposes (which uses no personal identification).