Key skills
LeadershipRisk ManagementCommunication
About this role
Role Overview
- Identify, document, and assess security and operational risks across business units
- Maintain a comprehensive and up-to-date enterprise risk register
- Apply a consistent methodology for evaluating risk likelihood, impact, ownership, and treatment
- Partner with risk owners to ensure risks are clearly articulated and appropriately managed
- Ensure risk acceptance, mitigation, and transfer decisions are documented, traceable, and aligned with Fullscript’s risk appetite
- Track remediation efforts and follow up with stakeholders to ensure timely risk reduction
- Produce clear, data-driven risk reporting and dashboards to support leadership and executive decision-making
- Support and manage Fullscript’s third-party risk management program
- Conduct risk assessments for vendors and partners, including onboarding and periodic reviews
- Collaborate with Procurement, Legal, Security, and Engineering to ensure third-party risks are identified and addressed
- Partner with Security, Engineering, IT, Legal, Compliance, and business teams to surface emerging risks
- Act as a trusted partner and advisor on risk-related questions across the organization
- Help drive clarity around risk ownership and accountability
- Help define, document, and refine risk management processes, standards, and procedures
- Contribute to policies and controls that support effective risk governance
- Support audit, compliance, and regulatory activities by providing risk context and evidence
Requirements
- Experience in governance, risk management, compliance, security operations, IT risk, or a related field
- Understanding of security and operational risk concepts and common risk management frameworks
- Ability to assess technical and non-technical risks and translate them into business impact
- Strong analytical and problem-solving skills, with the ability to identify patterns and trends in risk data
- Experience creating clear documentation, reports, and dashboards for technical and non-technical audiences
- Strong verbal and written communication skills
- Ability to work cross-functionally and influence without direct authority
- Willingness to ask questions, seek feedback, and continuously improve processes
- Comfortable operating in a growing, evolving environment where programs are being built and scaled
- Strong situational awareness and judgment when evaluating risk trade-offs
- Ability to support and influence risk decisions with data and context
- Experience with third-party risk management programs (Bonus)
- Familiarity with frameworks such as NIST, ISO 27001, SOC 2, CIS, or HITRUST (Bonus)
- Experience supporting audits or executive and board-level risk reporting (Bonus)
- Background in security operations, compliance, or incident response (Bonus)
Benefits
- Generous PTO and competitive pay
- Fullscript’s RRSP match program for financial health
- Flexible benefits package and workplace wellness program
- Training budget and company-wide learning initiatives
- Discount on Fullscript catalog of products
- Ability to work Wherever You Work Well*