Risk & Privacy Coordinator

GroupHEALTH View all jobs

  • Surrey, BC
  • $70,000-80,000 per year
  • Permanent
  • Full-time
  • 6 days ago
Description :Risk & Privacy CoordinatorAbout GroupHEALTHAt GroupHEALTH, we’re proud of the work we do – but it’s how we do it that truly sets us apart. We’re a fast-moving, ever-evolving, stable organization with deep roots and a bold vision: to transform the way Canadians experience benefits. We combine agility with long-term stability to create meaningful impact.Here, you’ll find more than just a job. You’ll find a purpose-driven, people-first culture where kindness, collaboration, and curiosity thrive. Whether you’ve been here fifteen years or fifteen days, you’ll notice right away – our people are genuinely invested in one another’s success and delivering exceptional experiences to our clients and plan members.About the RoleThe Risk & Privacy Coordinator supports the day-to-day execution of privacy and risk management programs across the GroupHEALTH Family of Companies. In this role, you’ll help ensure personal and sensitive information is handled with integrity and consistency by coordinating operational activities that strengthen privacy, compliance, and reduce organizational risk.You’ll play an important part in safeguarding stakeholder trust by supporting incident response, maintaining documentation and records, assisting with risk assessments, and helping embed privacy and risk awareness into day-to-day operations.This is a remote role within Canada, with preference given to candidates located in the Metro Vancouver, BC and Barrie, ON areas.What to Expect in Your First 3 MonthsFirst 30 Days:
  • Learn the GroupHEALTH Family of Companies structure, lines of business, and key stakeholders.
  • Build an understanding of the privacy and risk management framework, including policies, procedures, monitoring, testing, and reporting.
  • Become familiar with where records, trackers, and supporting documentation are maintained.
  • Begin learning key program areas including privacy inquiries, DSAR/access requests, retention records, contract administration, and training coordination.
First 60 Days:
  • Establish routines and tools to support operational responsibilities such as intake documentation, reporting inputs, tracker updates, and action item follow-up.
  • Start contributing to privacy, compliance, and risk coordination activities with increasing independence.
  • Support ongoing program administration by helping maintain current, accurate records and documentation.
First 90 Days:
  • Confidently support the coordination of incidents, complaints, exceptions, privacy inquiries, and access requests.
  • Help ensure risk and privacy program tracking is accurate, organized, and dependable for leaders and stakeholders.
  • Contribute to reporting, training support, and cross-functional coordination that strengthens privacy, compliance, and risk culture across the organization.
What You'll Do
  • Support the administration of privacy, compliance, and risk management frameworks, including policies, procedures, monitoring, testing, and reporting.
  • Participate in regulatory compliance, privacy, and risk management activities by communicating requirements, assessing gaps, and organizing responsibilities across
  • business areas.
  • Assist with the review of business risks, support mitigation planning, and maintain related documentation including corporate risk registers.
  • Coordinate internal control testing, internal audit follow-up, and external audit activities.
  • Support AML/ATF, complaints handling, ethics and fraud monitoring, and privacy reporting processes.
  • Coordinate the intake, documentation, and escalation of incidents, complaints, and exceptions related to privacy and compliance.
  • Assist with privacy, compliance, and risk-related training initiatives for employees, contractors, and other stakeholders.
  • Produce and maintain quarterly operational reports, dashboards, and compliance/risk reporting.
  • Support DSAR/access request processing and privacy-related inquiries.
  • Maintain data retention records and support remediation efforts related to data sprawl.
  • Assist with contract management, including liaising with business areas, finalizing contract documents, ensuring legislative alignment, and maintaining accurate
  • contract records.
  • Collaborate across departments to promote a strong risk, privacy, and compliance culture.
  • Perform other duties as required.
What We’re Looking For
  • Post-secondary degree from an accredited university.
  • 1+ years of privacy administration experience or relevant exposure is an asset.
  • Knowledge of privacy legislation, legal and regulatory requirements, internal audit, and risk management concepts and controls.
  • Understanding of industry best practices and professional standards related to privacy and risk.
  • Canadian Privacy Certification and/or Risk Certification such as AAPP, CIPP/C, or RIMS CRM is an asset.
  • Strong computer skills, including high proficiency with Microsoft Office and SharePoint.
  • Ability to produce accurate documentation and reporting with minimal supervision.
  • Strong organizational skills and attention to detail.
  • Ability to prioritize competing demands and work effectively under tight deadlines in a fast-paced environment.
  • Strong written and verbal communication skills.
  • Ability to maintain confidentiality and exercise sound judgment.
Critical CompetenciesYou will succeed in this role if you are:
  • An Effective Communicator – You communicate clearly, positively, and respectfully. You build strong working relationships through tact and diplomacy and can navigate sensitive situations and conversations with professionalism.
  • A Team Player – You work collaboratively with others to achieve individual, team, department, and organizational goals. You value diverse perspectives and contribute to shared success.
  • Organized – You invest time in planning, stay focused on priorities, and manage your work efficiently to meet deadlines in a fast-paced environment.
  • Privacy & Regulatory Aware – You understand key privacy principles and regulatory obligations and apply them when triaging requests, maintaining records, and supporting business decisions.
  • Risk Minded – You recognize operational risk signals, connect them to controls, and support mitigation efforts by documenting issues, tracking actions, and escalating appropriately.
  • Strong in Incident & Request Coordination – You are able to coordinate intake, documentation, and workflow for incidents, complaints, exceptions, DSAR/access requests, and privacy inquiries with timeliness, accuracy, and clear handoffs.
CompensationAt the time of this posting, the estimated annual base salary for this position is $70,000–$80,000. Individual compensation within this range is determined by factors such as job-related skills, relevant experience, and education/training. This range reflects the annual base salary only and does not encompass the comprehensive total rewards package that we proudly offer.Why Join Us
  • Beyond salary, we offer generous paid time off, extended health and dental benefits, RRSP matching, and flexible work options.
  • Wellness support, including comprehensive mental health resources, to prioritize your well-being both in and out of the workplace.
  • A supportive culture, with opportunities to grow, and where our team members feel valued and empowered to thrive.
Accommodation and InclusionGroupHEALTH is committed to equity, diversity, and inclusion. If you need accommodation during any stage of the hiring process, please let us know. We’re here to help.If you’re ready to do meaningful work and grow your career with GroupHEALTH, we’d love to hear from you. Click Apply to submit your application.

GroupHEALTH