Governance, Risk, and Compliance

Who we are

At WELLSTAR, we are committed to reshaping Canadian healthcare by leveraging technology to address the administrative burdens that pull physicians away from their true calling—patient care. Our mission is focused on supporting providers and patients, shifting the emphasis back to quality, time, and positive outcomes. With a comprehensive suite of technology solutions, we have successfully helped thousands of providers adopt and benefit from modern, interoperable technologies that improve patient outcomes and system efficiency.

Whether you are in research and development, administration, communications, operations leadership, or technology, joining us now is a chance to play a critical role in transforming the way healthcare is managed and experienced in Canada.

The opportunity

WELLSTAR, a majority-owned subsidiary of WELL Health Technologies Corp, is a high-growth SaaS company with a focused objective of reshaping healthcare through digital enablement. Our innovative solutions are designed to streamline care delivery, integrate healthcare systems and improve patient outcomes.

We are seeking a highly motivated and proactive Governance, Risk, and Compliance (GRC) Lead to own and drive our Governance, Risk, and Compliance efforts. Reporting directly to the Business Information Security Officer, you will be the first dedicated member of the GRC team with the opportunity to define the function, shape the roadmap, and eventually grow and lead a team.

This role is ideal for someone who thrives on both execution and vision, rolling up their sleeves to maintain compliance frameworks while also building scalable processes that will support our rapid growth. You will partner with leaders across nine companies (and growing) to embed ISO 27001 and SOC 2 Type 2 standards and will play a critical role in onboarding new acquisitions into WELLSTAR's compliance program.

This job posting is for existing vacancy that is a remote-friendly role, limited to candidates based in Canada.

This job posting is for existing vacancy.

What's in it for you

Impact and exposure. Unlike traditional roles, you will feature as a prominent part of the acquisition process, working with multiple new companies every year. You will partner with executives across multiple business units and subsidiaries, directly influencing the compliance posture of our expanding portfolio.

Growth and ownership. You will have the opportunity to help align the WELL Health Corporate GRC best practices with the WELLSTAR's business units GRC function, and prepare to lead a growing team as company matures.

Mission and purpose. You will be part of a purpose-driven company transforming healthcare delivery through technology while ensuring security and compliance at every level.

Career development. As one of the founding members of the team, you will be positioned for leadership advancement within WELL's Cybersecurity department, supported by an environment that values initiative and long-term growth.

What you will do:

• Maintain. You will oversee WELLSTAR's ISO 27001 ISMS and SOC 2 Type 2 control framework, ensuring readiness for audits, collecting evidence, and tracking remediation.
• Build. You will establish and continuously improve policies, processes, and GRC practices that can scale with our rapid growth.
• Enable. You will own the compliance onboarding process for newly acquired entities, designing and executing 12-month roadmaps and ensuring alignment with WELLSTAR standards.
• Assess. You will perform gap analyses, risk assessments, and maturity evaluations, and define remediation plans with business unit leaders.
• Manage. You will maintain the GRC risk register, coordinate internal control testing, and support third-party risk reviews with security and procurement teams for eight unique business units.
• Report. You will track and present GRC KPIs and compliance metrics to leadership, creating dashboards that measure and demonstrate program success.
• Educate. You will support awareness campaigns, facilitate employee training, and foster a culture of compliance across the organization.
• Adapt. You will monitor changes in regulatory requirements and industry trends, ensuring WELLSTAR's GRC program remains compliant and forward-looking.

What you bring:

• The experience. You bring significant experience, 8+ years preferred in GRC, compliance, risk management, or IT audit, with demonstrated success implementing ISO 27001 and SOC 2 Type 2 programs across multi-entity environments.
• The technical knowledge. You have deep familiarity with governance and compliance frameworks and have worked with GRC tools such as Anecdotes, Vanta, Drata, OneTrust, or LogicGate. Relevant certifications (CISA, CISM, CRISC, or ISO 27001 Lead Implementer/Auditor) are an asset.
• The collaboration. You have experience working cross-functionally with senior stakeholders in business, legal, IT, and security, and can guide diverse teams toward compliance adoption.
• The communication. You have strong written and verbal skills, with the ability to translate complex standards into clear, actionable steps for non-technical teams.
• The mindset. You have a detail-oriented, proactive, and ownership-driven approach. You are motivated to build something new, grow with the role, and ultimately lead a team.

Why join us?

WELLSTAR is a leading healthcare technology company dedicated to reshaping healthcare through digital enablement. We provide a comprehensive, holistic solution for healthcare providers across Canada, with over 40% of practitioners currently using our products and services. Our solutions serve primary care physicians, specialist physicians, health systems, and public sector organizations through a complete suite of solutions, including billing and practice management systems, electronic medical records (EMRs), digital health applications, and digital health network solutions.

As a majority-owned subsidiary of WELL Health, WELLSTAR continues to drive innovation and transformation in the Canadian healthcare landscape, reducing administrative burden and empowering providers to deliver better patient outcomes through advanced technology solutions.

What you can expect from our interview process:

• A virtual interview with a Talent Advisor discussing your interest in the role and the company. The conversation will be recorded using BrightHire, an AI-powered video interview tool. More details will be shared when you are invited to interview
• A virtual interview with the Business Information Security Officer.
• A virtual interview with the Chief Information Security Officer and VP, Enterprise Risk.
• Meet and greet with the team - Senior Director of Security Architecture and Director of Privacy.

Compensation

The salary range for this position is $130,000-$150,000. The salary will be determined based on several factors, including the candidate's experience, qualifications, skills, and the needs of the organization. At WELLSTAR, we are committed to fair and equitable compensation and aim to provide a competitive salary that reflects the value and expertise of the successful candidate.

Apply now.

Interested in applying but worried you don't have it all? At WELLSTAR, we know not everyone gains their experience following a traditional path. If you share our values, want to make a difference in healthcare technology solutions, and meet 70% of the qualifications, we encourage you to apply. Express your interest here.

WELLSTAR is committed to supporting a diverse, inclusive, and accessible workplace. We welcome and celebrate the diversity of applicants and team members across ability, race, gender identity, sexual orientation, and perspective. We strive to create an inclusive workplace where differences are celebrated and fuel our success. Accommodations are available upon request for candidates participating in all aspects of the selection process.

2E0m7gdXIx