Refer Me

Get ReferralsAI ApplyTailor ResumeFor YouPremium
Sign in
Fullscript

Fullscript

Ottawa, Ontario, Canada

201-500 Employees

HealthcareTech

GRC Analyst

Ottawa, ON, CA

Posted on Feb 13, 2026

Full TimeMid LevelRemoteSecurity

Job Description

About Fullscript

We’re an industry-leading health technology company on a mission to help people get better. We started in 2011 with one simple idea. Make it easier for practitioners to access the products they trust so they can deliver better care.

That simple idea grew into a platform that powers every part of care. Today, more than 125,000 practitioners use Fullscript for clinical insights, lab interpretations, patient analytics, education, and access to high-quality supplements. Over 10 million patients rely on Fullscript to stay connected to their care plans and follow through on treatment.

We build tools that make care smarter and more human. Tools that save time, simplify decisions, and help practitioners stay closely connected to the people they care for. When everything they need is in one place, they can focus on what matters most: helping people get better.

This is your invitation.

Bring your ideas, your grit, and your care for people.
Join us and shape the future of care.

Fullscript is currently looking for a GRC Analyst (Risk) to join our growing Security team and help establish and scale foundational risk management practices across the organization. The Security team is responsible for product security, governance, risk, compliance, as well as security operations and incident response.

This role is critical to evolving Fullscript’s risk management approach from an ad hoc, reactive model to a structured, proactive, and measurable enterprise risk program. You will work closely with teams across Fullscript to identify, assess, and track security and operational risks, while providing leadership with clear visibility into the company’s risk posture.

What you'll do

Enterprise Risk Management
Identify, document, and assess security and operational risks across business units
Maintain a comprehensive and up-to-date enterprise risk register
Apply a consistent methodology for evaluating risk likelihood, impact, ownership, and treatment
Partner with risk owners to ensure risks are clearly articulated and appropriately managed

Risk Governance & Decision Support
Ensure risk acceptance, mitigation, and transfer decisions are documented, traceable, and aligned with Fullscript’s risk appetite
Track remediation efforts and follow up with stakeholders to ensure timely risk reduction
Produce clear, data-driven risk reporting and dashboards to support leadership and executive decision-making

Third-Party Risk Management
Support and manage Fullscript’s third-party risk management program
Conduct risk assessments for vendors and partners, including onboarding and periodic reviews
Collaborate with Procurement, Legal, Security, and Engineering to ensure third-party risks are identified and addressed

Cross-Functional Collaboration
Partner with Security, Engineering, IT, Legal, Compliance, and business teams to surface emerging risks
Act as a trusted partner and advisor on risk-related questions across the organization
Help drive clarity around risk ownership and accountability

Program Development & Continuous Improvement
Help define, document, and refine risk management processes, standards, and procedures
Contribute to policies and controls that support effective risk governance
Support audit, compliance, and regulatory activities by providing risk context and evidence



What you bring to the table

Risk & GRC Foundations
Experience in governance, risk management, compliance, security operations, IT risk, or a related field
Understanding of security and operational risk concepts and common risk management frameworks
Ability to assess technical and non-technical risks and translate them into business impact

Analytical & Communication Skills
Strong analytical and problem-solving skills, with the ability to identify patterns and trends in risk data
Experience creating clear documentation, reports, and dashboards for technical and non-technical audiences
Strong verbal and written communication skills

Collaboration & Growth Mindset
Ability to work cross-functionally and influence without direct authority
Willingness to ask questions, seek feedback, and continuously improve processes
Comfortable operating in a growing, evolving environment where programs are being built and scaled

Judgment & Decision-Making
Strong situational awareness and judgment when evaluating risk trade-offs
Ability to support and influence risk decisions with data and context

Bonus if you have
Experience with third-party risk management programs
Familiarity with frameworks such as NIST, ISO 27001, SOC 2, CIS, or HITRUST
Experience supporting audits or executive and board-level risk reporting
Background in security operations, compliance, or incident response

About Fullscript

Fullscript is a digital health platform that helps practitioners build better patient relationships through quality supplementation and intuitive tools for treatment adherence — all at no cost.

Practitioners write online supplement plans where patients order wellness products and find resources to improve their health education. Practitioners control what their patients pay so they can grow their practices, offer deep discounts, or strike a comfortable balance of both. Fullscript’s US catalog...

Job overview

Employment type

Full Time

Experience level

Mid Level

Work type

Remote

Department

Security

Posted

on Feb 13, 2026

About

Job Link

jobs.lever.co

Financials

Type

private

Annual Revenue

$50M-$100M

Market Cap

--

Amount Raised

$267MM+

Subscribe to Refer Me premium to get referred to this role at Fullscript!

Your career is worth investing in.

Get unlimited referrals with Premium.

Upgrade to Premium

Refer Me logo

Refer Me

Referrals

Get Referred

Subscription

© 2026 Crucible Fund LLC. All rights reserved.