Security & Compliance Partner

About us: PurposeMed is a Canadian-founded healthtech company established in 2019 with a mission to improve access to complex care for underserved communities. We ve combined our clinical roots with a drive to scale, and now our exceptional team provides specialized care to thousands of patients every month. PurposeMed consists of three complex care business units: Freddie, Frida, and Foria, and partners with Affirming Care Pharmacy. • Freddie improves sexual health through education, prevention, and treatment with a focus on the LGBTQ2S+ community. As the #1 rated PrEP provider in North America, we re proudly dismantling barriers to sexual healthcare for patients across both Canada and the USA. • Frida transforms the lives of patients through easier access to adult ADHD diagnosis and fast, affordable treatment. • Foria provides trans, non-binary, and gender-diverse Canadians with specialized, gender-affirming healthcare. • Affirming Care Pharmacy provides discreet, specialty prescription delivery across North America. Operating from Calgary, Mississauga, Toronto, and San Antonio, they provide our patients with an integrated, end-to-end healthcare experience. We are proud to be ranked #2 on Deloitte s 2024 list of Canada s 50 fastest-growing tech companies and recognized as one of Canada s Most Admired Corporate Cultures for two consecutive years. Driven by a strong mission, our team is passionate about making healthcare accessible to those who need it most-and we make sure to have fun along the way! Permanent, full-time opportunity Location - Remote (Canada) Though we have an office based in Calgary, this is a remote position that is open to candidates across Canada. PurposeMed's office is located on the unceded and traditional territories of the peoples of the Treaty 7 region which includes the nations of the Siksika, the Piikani, the Kainai, the ethka Stoney Nakoda which consists of the Chiniki, Bearspaw, and Good Stoney Bands, and people of the Tsuut ina First Nation. The city of Calgary is also homeland to the historic Northwest M tis and to the Otipemisiwak M tis government, M tis Nation Battle River Territory, Nose Hill M tis District 5 and Elbow M tis District 6. Who we hope to find: PurposeMed is looking for a Security & Compliance Partner who is ready to help shape what security looks like at a fast-scaling virtual healthcare platform-not inherit a finished program, but help build one. Reporting into our Senior Manager, IT & Security, you'll act as a trusted partner to leaders across the business, bringing rigour and clarity to how we protect our patients, our people, and our systems as we grow across Canada and the United States. This isn't a traditional IT role. You'll work closely with Engineering, Product, Legal, and Marketing to identify real risks, close meaningful gaps, and embed security thinking into how we operate-without creating process for its own sake. If you're energized by meaningful problems, thrive in ambiguous environments, and want your work to directly support better patient outcomes, we'd love to hear from you. In this role, you ll make an impact by: Keeping Us Protected, Day In and Day Out • Owning security monitoring and incident detection across our cloud infrastructure and SaaS tooling, including AI-powered tools • Leading the response when something goes wrong-from initial containment and documentation through to follow-up and lessons learned Embedding Security Across Every Team • Working closely with Product, Design, and Engineering to proactively spot security gaps, supporting vulnerability and risk assessments, and contributing to compliance initiatives such as penetration testing • Collaborating with Marketing to ensure our data collection, consent practices, and ad-tech responsibilities meet our internal standards and regulatory obligations Strengthening Our Controls As We Scale • Implementing and continuously improving preventative security controls-MFA, access management, logging, and endpoint protection-across our cloud infrastructure and third-party tools • Ensuring our defences keep pace with our growth across Canada and the US Owning Our Compliance Posture • Supporting audit and compliance activities across the business (HIPAA, PIPEDA) in partnership with IT and Legal • Leading vendor and third-party security reviews that protect us from risk at every layer Building the Foundation for a Mature Security Program • Developing and maintaining the policies, playbooks, and documentation that will anchor our security program for years to come • Leading security awareness efforts that make security a lived part of our culture-with a focus on phishing, account compromise, and common attack vectors We need someone who has: • 3-5 years of experience in IT, cybersecurity, or a technical support role with meaningful exposure to security or incident response • Foundational understanding of security concepts (access controls, MFA, encryption, ...