Security Compliance Analyst

Position Type:
Permanent

If you're looking for a fulfilling career that can make a real difference in your life, and the lives of others, you've come to the right place.

As a national health solutions partner, we put people first in everything we do - and that begins with our team of 8,000+ professionals who bring a cross-section of diverse life experiences and career expertise to Medavie. By collaborating and innovating together, our employees are creating industry-leading solutions in insurance, primary care and emergency medical services that impact millions of lives in Canada each year.

Our mission is to improve the wellbeing of Canadians so that every life can be lived to the fullest - and it's reflected in our award-winning culture. We celebrate individuality and value the diverse perspectives and skills our employees contribute. We go beyond providing competitive pay and comprehensive benefits to offer opportunities for personal and professional growth, flexible work options, meaningful experiences, and supportive leadership. Medavie is where employees can be their best selves, feel they belong, and achieve their full potential. Be part of it by applying for a position with us today.

Step into a pivotal role where your expertise in cybersecurity and compliance will directly shape the security framework of a forward-thinking organization. As our Security Compliance Analyst, you'll be a key player in safeguarding our systems, ensuring regulatory alignment, and fostering a culture of accountability and resilience.

This is more than a checklist role-you'll be driving initiatives, influencing policy, and collaborating across departments to build a secure and compliant future.

What You'll Be Doing

• Risk & Compliance Assessments: Conduct IT and security risk assessments, identify vulnerabilities, and implement effective mitigation strategies.
• Audit & Control Excellence: Lead internal audits, support external assessments (SOC 2, ISO 27001, NIST CSF), and ensure control effectiveness.
• Vulnerability Oversight: Monitor and report on system vulnerabilities, working closely with IT teams to ensure timely remediation.
• Policy & Awareness Development: Help shape and maintain security policies, and support training initiatives to promote compliance awareness.
• Vendor Risk Management: Evaluate third-party vendors for security risks and support our third-party risk management (TPRM) program.
• Audit Coordination: Act as the primary liaison for SOC 2 audits and ITGC reviews, ensuring smooth and timely execution.
• Reporting & Special Projects: Prepare security reports and contribute to strategic security initiatives.

What You Bring to the Table

• Degree or diploma in IT, Cybersecurity, or a related field.
• 5+ years of experience in security compliance, IT audit, or risk management.
• At least one recognized certification is required: CISA, CRISC, CISM, CISSP, ISO 27001 Implementer, or equivalent.
• Deep understanding of ITGCs, risk assessments, and compliance frameworks.
• Experience with GRC tools (e.g., Resolver) and third-party risk evaluations.
• Strong communication skills and the ability to engage with technical and executive stakeholders.
• Bilingualism is a plus!

#CBM1

#LI-VS1

We believe our employees should reflect the communities we serve and welcome applications from candidates of all backgrounds. To provide the best experience possible, we will support you with accommodations or adjustments at any stage of the recruitment process. Simply inform our Recruitment team of your needs. We are committed to making sure recruitment, retention, advancement, and compensation are fair and accessible while following all relevant human rights and privacy laws . We appreciate everyone who has shown interest in this position. Only those selected for an interview will be contacted.

If you experience any technical issues throughout the application process, please email: Medavie.Recruitment@medavie.ca .