MANAGER, INFORMATION RISK MANAGEMENT (HYBRID)

WHO WE ARE
When it comes to health, we’re always looking for waysto push for better. It’s why we were founded in the first place. In 1957, our founder, pharmacist William Wilkinson, witnessed a mother sacrifice her health by forgoing her own medicine to pay for her sick daughter’s prescription. He knew there had to be a better way. So, he introduced North America’s first prepaid drug plan, and GreenShield was born as a not-for-profit with a mission to support better health for all Canadians.

We aren’t just a health and benefits company. We’re the only not-for-profit social enterprise that brings worlds of coverage and care together, all in one place.
We’re noble challengers, purposefully building a better way and we need the best people to help us create a more holistic approach that takes care of the mind and body.

Our mission is to create better health for all Canadians, and we know that starts with our employees.

THE ROLE IN A NUTSHELL

The primary responsibilities and authorities for this position include, but are not limited to:

• Support oversight for the design, implementation, and monitoring of GreenShield’s information risk management controls across the company.
• Support the establishment of standards for the execution of information risk programs within the lines of business, including oversight over the execution of risk and control self-assessments and the reporting of incidents.
• Support the oversight of programs that monitor, measure, analyze and report on information and technology risk ( cyber security, third party risk, advanced analytics and data, etc.) exposures across all business areas.
• Assist the business with the identification of key information and technology risks and mitigating controls in their business units, as well as monitoring their action plans to address mitigation.
• Support the evolution of technology key risk indicators, escalation limits/thresholds and escalation processes, and ensure they adapt to the changing business and regulatory expectations.
• Ensure operational risks are identified, assessed and managed to remain within GreenShield’s risk appetite throughout the implementation and operationalizing of strategic initiatives.
• Aggregate and analyze risk events and root causes reported by the business to recommend improvements to prevent/mitigate reoccurrence.
• Perform oversight of enterprise compliance with data, AI, technology, information security, third party management, business continuity, and other risk related policies.
• Monitor regulatory developments related to information and technology risk management.
• Participate in Canadian Life and Health Insurance Agency (CLHIA), and industry related discussions of particular interest to GreenShield.
• Provide risk related guidance and advice to senior management, other departments, and represent Risk Management on various committees.
• Embrace GreenShield’s Mission and Values.

We’re looking for a highly organized individual who can make an immediate impact. The successful candidate must have strong business acumen, be innovative, be a problem solver, be comfortable communicating with individuals at all levels of the organization and is adaptable to changing circumstances. Specifically, we’re looking for someone with:

• Minimum post-secondary degree in Information Technology, Computer Sciences or equivalent. Masters degree desirable.
• 5-10 years of professional experience in Insurance or related Financial sector, working in information technology, information risk and/or IT governance and controls
• Experience that demonstrates the ability to identify, evaluate, and quantify information risks across systems, processes, and third-party relationships.
• Deep understanding of Canadian regulations such as OSFI guidelines, PIPEDA, and provincial privacy laws.
• Experience with frameworks like ISO 27001, NIST, SOC and CIS controls.
• Strong knowledge of data classification, retention policies, and secure data handling practices.
• Experience in developing and testing response plans for cyber incidents and operational disruptions.
• Ability to interpret risk metrics, dashboards, and audit findings to inform decision-making.
• Demonstrated ability to collaborate with IT, security, legal, compliance, data governance, privacy and business units to embed risk awareness.
• Translating technical risk concepts into business language for executives.
• Ability to “roll up the sleeves” and get involved at a detailed level in order to ensure accurate risk management reporting and compliance with all regulations.
• Highly developed planning, organizing and negotiating skills; can manage multiple tasks, meet deadlines and respond to changing priorities.
• Strong personal integrity and work ethic; takes responsibility; likes to be held accountable for results.
• It would be highly desirable to hold one or more of the following certifications:
  Certificate of Cloud Security Knowledge
  Certified Information Systems Security Professional (CISSP)
  Certified in Risk and Information Systems Control (CRISC)

THE CULTURE
We believe a career should be meaningful. Not just a means to earn a living. Our culture is one where everyone's voice is heard and valued. Because that’s what it takes to create better health for all. We dare to challenge the status quo. And we’re driven by people who have challenged theirs. We believe that your workplace should empower you to be the best version of yourself. That’s why we provide a place where you can be inspired, challenged, and rewarded.

Where your growth means our growth.
Where your voice is heard and valued.
Where your work has purpose. And purpose matters.

We believe our people are critical to our overall success. Inclusivity makes us a stronger, smarter and more informed organization. Being intentionally inclusive of diverse backgrounds, perspectives and experiences will enhance our company culture to positively impact how we support our communities. A career at GreenShield isn’t just about personal achievements, it's about making a difference together.

Here’s to Better Health for All!

A FEW MORE DETAILS
Proficiency in English is required for this position. As part of this role, you will be required to communicate with colleagues or customers who use English as their primary language. By requiring English proficiency for this position, we aim to ensure that our employees can excel in their roles, collaborate, and communicate effectively, and contribute to the success of our organization.

GS supports diversity, equity and inclusion in our teams and communities, and we value the unique contributions made by all. Even if your experience doesn’t align perfectly to every requirement, we invite you to apply. We encourage applications from all candidates and will accommodate needs under human rights legislation throughout all stages of the recruitment and selection process. Please let us know of any accommodation through . Information received relating to accommodation will be addressed confidentially.

Providing this information gives GS consent to use your personal information to assess your suitability for specific positions, future opportunities or for your personnel file. Your résumé will be held in strict confidence and will be viewed only by the Organization. Information may be stored outside of Canada and could be used for aggregate statistical purposes (which uses no personal identification).