WHO WE ARE

When it comes to health, we’re always looking for ways to push for better. It’s why we were founded in the first place. In 1957, our founder, pharmacist William Wilkinson, witnessed a mother sacrifice her health by forgoing her own medicine to pay for her sick daughter’s prescription. He knew there had to be a better way. So, he introduced North America’s first prepaid drug plan, and GreenShield was born as a not-for-profit with a mission to support better health for all Canadians.
We aren’t just a health and benefits company. We’re the only not-for-profit social enterprise that brings worlds of coverage and care together, all in one place.
We’re noble challengers, purposefully building a better way and we need the best people to help us create a more holistic approach that takes care of the mind and body.
Our mission is to create better health for all Canadians, and we know that starts with our employees.

WHO WE’RE LOOKING FOR

We’re looking for a highly organized individual who can make an immediate impact. The successful candidate must have strong business acumen, be innovative, be a problem solver, be comfortable communicating with individuals at all levels of the organization and is adaptable to changing circumstances. Specifically, we’re looking for someone with:

• Minimum post-secondary degree in Information Technology, Computer Sciences or equivalent. Masters degree desirable.
• 5-10 years of professional experience in Insurance or related Financial sector, working in information technology, information risk and/or IT governance and controls
• Experience that demonstrates the ability to identify, evaluate, and quantify information risks across systems, processes, and third-party relationships.
• Deep understanding of Canadian regulations such as OSFI guidelines, PIPEDA, and provincial privacy laws.
• Experience with frameworks like ISO 27001, NIST, SOC and CIS controls.
• Strong knowledge of data classification, retention policies, and secure data handling practices.
• Experience in developing and testing response plans for cyber incidents and operational disruptions.
• Ability to interpret risk metrics, dashboards, and audit findings to inform decision-making.
• Demonstrated ability to collaborate with IT, security, legal, compliance, data governance, privacy and business units to embed risk awareness.
• Translating technical risk concepts into business language for executives.
• Ability to “roll up the sleeves” and get involved at a detailed level in order to ensure accurate risk management reporting and compliance with all regulations.
• Highly developed planning, organizing and negotiating skills; can manage multiple tasks, meet deadlines and respond to changing priorities.
• Strong personal integrity and work ethic; takes responsibility; likes to be held accountable for results.
• It would be highly desirable to hold one or more of the following certifications:Certificate of Cloud Security KnowledgeCertified Information Systems Security Professional (CISSP)Certified in Risk and Information Systems Control (CRISC)

The primary responsibilities and authorities for this position include, but are not limited to:

• Support oversight for the design, implementation, and monitoring of GreenShield’s information risk management controls across the company.
• Support the establishment of standards for the execution of information risk programs within the lines of business, including oversight over the execution of risk and control self-assessments and the reporting of incidents.
• Support the oversight of programs that monitor, measure, analyze and report on information and technology risk (e.g. cyber security, third party risk, advanced analytics and data, etc.) exposures across all business areas.
• Assist the business with the identification of key information and technology risks and mitigating controls in their business units, as well as monitoring their action plans to address mitigation.
• Support the evolution of technology key risk indicators, escalation limits/thresholds and escalation processes, and ensure they adapt to the changing business and regulatory expectations.
• Ensure operational risks are identified, assessed and managed to remain within GreenShield’s risk appetite throughout the implementation and operationalizing of strategic initiatives.
• Aggregate and analyze risk events and root causes reported by the business to recommend improvements to prevent/mitigate reoccurrence.
• Perform oversight of enterprise compliance with data, AI, technology, information security, third party management, business continuity, and other risk related policies.
• Monitor regulatory developments related to information and technology risk management.
• Participate in Canadian Life and Health Insurance Agency (CLHIA), and industry related discussions of particular interest to GreenShield.
• Provide risk related guidance and advice to senior management, other departments, and represent Risk Management on various committees.
• Embrace GreenShield’s Mission and Values.