Wait, What Do You Do?

<h2><strong>About AlayaCare </strong></h2> <p>At AlayaCare, we’re more than just a fast-growing SaaS company, we’re a team of people passionate about transforming home healthcare. Our cloud-based platform empowers care providers around the world to deliver better outcomes for their clients.   </p> <p>With 550+ employees across Canada, the US, Australia, and Brazil, we’re united by a shared mission and a strong culture of transparency, growth, and human connection. Whether you're early in your career or a seasoned expert, AlayaCare offers the opportunity to grow your impact, your skills, and your career.</p> <h2><strong>About the Role</strong></h2> <p>We are seeking a <strong>GRC Manager</strong> to join our Security team. Reporting to the Director, Information Security and Privacy, you will be responsible for leading and evolving AlayaCare’s security governance, risk management, privacy, and regulatory compliance programs within a modern B2B SaaS environment. This role combines subject-matter expertise with practical experience operating GRC programs at scale, ensuring that security and compliance practices effectively support business objectives.</p> <p>As a key member of the team, you will have the chance to collaborate closely with colleagues across Engineering, IT, Legal, Privacy, and other internal stakeholders to strengthen the company’s governance, risk, and compliance capabilities. Key areas of focus include supporting security certifications and audits, improving risk visibility, enhancing vendor assurance practices, and building scalable control processes that enable the organization to grow confidently while meeting customer and regulatory requirements.</p> <p>What makes the role interesting is that it sits at the intersection of engineering and governance. This position will influence how security, privacy, and compliance enable the company’s continued growth and innovation in the healthcare technology space</p> <h2><strong>What You’ll Do</strong></h2> <ul> <li>Lead the ongoing maturity of the company’s compliance programs and certifications (e.g., SOC 1/2, HITRUST, HIPAA, ISO 27001/27701), ensuring continuous readiness rather than point-in-time audit preparation.</li> <li>Contribute to defining and executing the multi-year strategy and roadmap for Governance, Risk, and Compliance across the organization.</li> <li>Serve as the primary point of coordination for external auditors, assessors, and customer security due diligence activities.</li> <li>Partner with Engineering and IT leadership to embed controls directly into cloud and DevOps workflows, reducing manual compliance overhead through automation.</li> <li>Design scalable control frameworks that align security, privacy, and engineering practices with regulatory and contractual requirements.</li> <li>Establish and maintain a company-wide risk management program, including risk assessments, risk registers, prioritization frameworks, and executive reporting.</li> <li>Lead third-party and vendor risk management activities, including security reviews, ongoing monitoring, and contractual safeguards.</li> <li>Oversee policy governance to ensure policies and standards remain clear, actionable, and aligned with business realities.</li> <li>Develop, write and maintain policies, procedures and documentation to support compliance initiatives.</li> <li>Define and track KPIs and metrics to measure security posture, compliance health, and risk trends, and communicate insights to senior leadership.</li> <li>Support Sales and Customer Success by enabling fast, accurate responses to RFPs, security questionnaires, and enterprise trust reviews.</li> <li>Encourage a culture of shared ownership by supporting and guiding control owners and stakeholders across departments.</li> <li>Continuously identify opportunities to simplify, automate, and improve the GRC operating model.</li> </ul> <h2><strong>What You Bring to the Team</strong></h2> <ul> <li>Bachelor’s or advanced degree in cybersecurity, computer science, or related fields.</li> <li>8-10+ years of hands-on experience leading and scaling GRC or compliance programs in a SaaS or cloud-first environment</li> <li>Experience owning external audits and certifications end-to-end (e.g., SOC 1, SOC 2, ISO 27001, HITRUST, HIPAA).</li> <li>Solid understanding of modern cloud and DevOps environments (AWS preferred) and how security and compliance controls apply to SaaS architectures.</li> <li>Experience implementing and optimizing GRC or evidence automation platforms (e.g., Vanta, Drata, or similar).</li> <li>Strong knowledge of risk management methodologies and the ability to translate technical risk into business impact.</li> <li>Experience with GRC engineering practices, automation, or AI-assisted compliance workflows.</li> <li>Demonstrated ability to influence cross-functional stakeholders and drive alignment without direct authority.</li> <li>Strong program management skills with the ability to manage multiple initiatives in parallel.</li> <li>Excellent written and verbal communication skills, with the ability to simplify complex security and compliance topics.</li> <li>Hands-on mindset, comfortable operating across both strategy and execution.</li> <li>Familiarity with emerging governance areas such as AI governance, data governance, or modern regulatory frameworks.</li> <li>Comfortable participating in customer-facing security and compliance discussions, including audits, due diligence calls, and trust reviews.</li> <li>Interest in evolving traditional compliance practices toward a more automated, engineering-driven approach.</li> <li>Bilingual in French and English</li> </ul> <h3><strong>Nice-to-haves</strong></h3> <ul> <li>Experience working in healthcare or other highly regulated industries.</li> <li>Experience with HITRUST (i1 or r2) or similar healthcare-focused compliance frameworks.</li> <li>Experience integrating privacy regulations (e.g., PHIPA, HIPAA, PIPEDA, GDPR) into technical and operational controls.</li> <li>Experience building or operating Trust Centers or customer-facing security assurance programs.</li> <li>Background working in fast-growing SaaS startups or scale-ups.</li> </ul> <h2><strong>Why Join AlayaCare?  </strong></h2> <h3><strong>Work With Purpose  </strong></h3> <p>At AlayaCare, you’ll help build technology that empowers care providers and improves outcomes for patients and families. Every line of code and every customer interaction contributes to making care more connected, accessible, and human.  </p> <h3><strong>Grow in a High-Trust Culture  </strong></h3> <p>We believe in transparency, feedback, and assuming positive intent. Here, you’ll feel safe to share your ideas and career goals, and be supported to achieve them through mentorship, career mobility, and a promote-from-within philosophy.  </p> <h3><strong>Balance That Works for You  </strong></h3> <p>We value flexibility and well-being. From “Wellness Fridays” to volunteer time off, to flexible vacation, we make sure you have the space to recharge, contribute to your community, and live your best life.  </p> <h3><strong>Benefits That Matter  </strong></h3> <ul> <li>Equity in a well-funded, scaling company.  </li> <li>Comprehensive health benefits, telemedicine, and lifestyle spending accounts.  </li> <li>Parental leave top-up and family support programs.  </li> </ul> <h3><strong>Inclusive by Design  </strong></h3> <p>We celebrate diverse perspectives and foster belonging through our DEIB initiatives. Employee-led events, summits, and social activities, both in-person and virtual, create meaningful connections across our global teams.  </p> <h3><strong>Location and Work Model</strong></h3> <p>This role is based in Montreal. At AlayaCare, our hybrid model includes 2 set in-office collaboration days/week, and it is expected that team members are present in the office on those days to foster connection, innovation, and teamwork.  </p> <h3><strong>Ready to Join Us?  </strong></h3> <p>Apply today and be part of a company that makes a real difference in the future of home and community care. Not the right role for you? Share this posting with someone who might be a great fit.  </p> <p>AlayaCare uses AI tools during our hiring process to support fair, consistent, and objective decision-making. Some initial screening steps may be automated to help identify qualified candidates. If your application is declined automatically, you may request a human review.  </p> <p><em>We’re committed to creating a workplace where everyone belongs. If you require accommodation during the application process, please reach out to </em><a href="mailto:careers@alayacare.com"><em>careers@alayacare.com</em></a><em>. </em></p>

GRC Manager (Automation)