GRC Analyst chez Fullscript
Fullscript · Canada · Remote
About Fullscript
We’re an industry-leading health technology company on a mission to help people get better. We started in 2011 with one simple idea. Make it easier for practitioners to access the products they trust so they can deliver better care.
That simple idea grew into a platform that powers every part of care. Today, more than 125,000 practitioners use Fullscript for clinical insights, lab interpretations, patient analytics, education, and access to high-quality supplements. Over 10 million patients rely on Fullscript to stay connected to their care plans and follow through on treatment.
We build tools that make care smarter and more human. Tools that save time, simplify decisions, and help practitioners stay closely connected to the people they care for. When everything they need is in one place, they can focus on what matters most: helping people get better.
This is your invitation.
Bring your ideas, your grit, and your care for people.
Join us and shape the future of care.
Fullscript is currently looking for a GRC Analyst (Risk) to join our growing Security team and help establish and scale foundational risk management practices across the organization. The Security team is responsible for product security, governance, risk, compliance, as well as security operations and incident response.
This role is critical to evolving Fullscript’s risk management approach from an ad hoc, reactive model to a structured, proactive, and measurable enterprise risk program. You will work closely with teams across Fullscript to identify, assess, and track security and operational risks, while providing leadership with clear visibility into the company’s risk posture.
What you'll do
Enterprise Risk Management
∙ Identify, document, and assess security and operational risks across business units
∙ Maintain a comprehensive and up-to-date enterprise risk register
∙ Apply a consistent methodology for evaluating risk likelihood, impact, ownership, and treatment
∙ Partner with risk owners to ensure risks are clearly articulated and appropriately managed
Risk Governance & Decision Support
∙ Ensure risk acceptance, mitigation, and transfer decisions are documented, traceable, and aligned with Fullscript’s risk appetite
∙ Track remediation efforts and follow up with stakeholders to ensure timely risk reduction
∙ Produce clear, data-driven risk reporting and dashboards to support leadership and executive decision-making
Third-Party Risk Management
∙ Support and manage Fullscript’s third-party risk management program
∙ Conduct risk assessments for vendors and partners, including onboarding and periodic reviews
∙ Collaborate with Procurement, Legal, Security, and Engineering to ensure third-party risks are identified and addressed
Cross-Functional Collaboration
∙ Partner with Security, Engineering, IT, Legal, Compliance, and business teams to surface emerging risks
∙ Act as a trusted partner and advisor on risk-related questions across the organization
∙ Help drive clarity around risk ownership and accountability
Program Development & Continuous Improvement
∙ Help define, document, and refine risk management processes, standards, and procedures
∙ Contribute to policies and controls that support effective risk governance
∙ Support audit, compliance, and regulatory activities by providing risk context and evidence
What you bring to the table
Risk & GRC Foundations
∙ Experience in governance, risk management, compliance, security operations, IT risk, or a related field
∙ Understanding of security and operational risk concepts and common risk management frameworks
∙ Ability to assess technical and non-technical risks and translate them into business impact
Analytical & Communication Skills
∙ Strong analytical and problem-solving skills, with the ability to identify patterns and trends in risk data
∙ Experience creating clear documentation, reports, and dashboards for technical and non-technical audiences
∙ Strong verbal and written communication skills
Collaboration & Growth Mindset
∙ Ability to work cross-functionally and influence without direct authority
∙ Willingness to ask questions, seek feedback, and continuously improve processes
∙ Comfortable operating in a growing, evolving environment where programs are being built and scaled
Judgment & Decision-Making
∙ Strong situational awareness and judgment when evaluating risk trade-offs
∙ Ability to support and influence risk decisions with data and context
Bonus if you have
∙ Experience with third-party risk management programs
∙ Familiarity with frameworks such as NIST, ISO 27001, SOC 2, CIS, or HITRUST
∙ Experience supporting audits or executive and board-level risk reporting
∙ Background in security operations, compliance, or incident response
What we can offer you
- Generous PTO and competitive pay
- Fullscript’s RRSP match program for financial health
- Flexible benefits package and workplace wellness program
- Training budget and company-wide learning initiatives
- Discount on Fullscript catalog of products
- Ability to work Wherever You Work Well*
Our Wherever You Work Well philosophy means Fullscript teammates get to pick their own office - whether that’s in-office, at home, or a bit of both 🐶🏡
Compensation range
The salary range for this role is between $100,000 and $120,000 CAD. Fullscript shares salary ranges to support transparency and help candidates make informed decisions. The range shown reflects base salary only and does not include stock options, wellness stipends, or other benefits that are part of Fullscript’s total rewards package.
Final compensation depends on experience, skills, and location. We review pay regularly to stay aligned with market data and internal equity. Benefits and total rewards may vary by region.
Why Fullscript
Great work happens when people feel supported, trusted, and inspired. At Fullscript, we stay curious and keep finding smarter ways to make care better. We grow together, take on new challenges, and focus on impact. We put people first, work as a team, and leave egos at the door.
What to Know Before You Apply
We’re grateful for the interest in joining Fullscript. To make sure your application reaches our hiring team, please apply directly through our careers page. We’re not able to respond to individual messages about open roles on email or social channels.
Fullscript is an equal opportunity employer committed to creating an inclusive workplace. Accommodations are available upon request at [email protected].
All offers are contingent on successful background checks conducted in compliance with federal, state, and provincial laws.
We use AI tools to support parts of the hiring process, including screening and reviewing responses. Final hiring decisions are always made by people and follow all applicable privacy and employment laws in Canada and the U.S.
Learn More
@fullscriptHQ on instagram
