Tilrayis a global leader in cannabis research, cultivation, processing, and distribution. We aspire to lead, legitimize, and define the future of our industry by building the world’s most trusted cannabis company. We are committed to setting the gold standard of care and excellence in our industry. We believe that commitment starts with a great work environment and benefits for our associates.
Looking to develop your career at the forefront of a rapidly expanding industry?
The Director, Information Security will drive the vision, strategy, and compliance of information security for the company globally.
The Director, Information Security is responsible for managing all aspects of governance, risk and compliance related to information security. He/she oversees the development, communication, and review of Tilray's information security policy framework as well as the identification, assessment and mitigation of cybersecurity risks, and coordinates internal and external audits related to cyber and information security. All compliance requirements, which translate into cyber and information security controls, are also under his/her responsibility.
The successful candidate will also be responsible for developing, implementing, communicating, and managing the Information Security Awareness Program. He/she will implement a program to ensure all employees, consultants and suppliers understand and follow the organization's information and cybersecurity policies and requirements, and conduct themselves in a secure manner through training, awareness, education, and professional development.
Role and Responsibilities
Develop and execute a comprehensive cybersecurity roadmap of the organization's information security program
Design, implement and engage internal stakeholders on Tilray’s corporate risk management framework with supporting policies, procedures, standards, directives, methodologies, and related documentation
Lead the implementation of compliance, administrative, and detection solutions/systems to enhance the security of the organization. Conduct an ongoing assessment of security practices and systems and support the continuous improvement of processes to promote efficiency
Responsible for implementing an incident identification and response program to identify cybersecurity threats to the organization
Lead the mitigation of cybersecurity risks, including the investigation and analysis of root causes, patterns, or trends, and helping to identify and implement corrective action where appropriate
Identify and own the resolution of related issues and non-compliant conditions. Provide guidance on how to avoid similar situations in the future
Promote information security awareness and training throughout the organization and instill a culture of security throughout
Represent the company's data security and privacy posture and assurances to patients, consumers, customers, and other external stakeholders
Collaborate with internal leaders to assure the business continuity and recovery function for the business
Prepare and present quarterly updates to the General Counsel, CEO, and/or Board of Directors
Partner and collaborate with business stakeholders across the company to raise awareness of risk management and cybersecurity concerns
Running internal security audits and risk assessments that may be required by regulators, including compliance reviews for privacy controls, GDPR, and role-based access
Collaboration with Internal Audit team to ensure cybersecurity is in compliance with applicable regulations and frameworks such as SOX, SOC and NIST
Due to the dynamic nature of the industry, the scope of your job may evolve and change by business demands
Qualifications and Education Requirements
Bachelor's degree in Information Technology, Business Administration, or information related field, and professional cybersecurity management certification (CISSP, CISA, CRISC, etc.)
At least ten years of experience in Information Security, Operational Risk, Internal Audit, or other relevant department, with specific knowledge of data integrity and cybersecurity, including related policies and processes
Experience leading compliance efforts through various standards and certifications (e.g. ISO 27001, NIST Cyber Security Framework, SSAE16)
Experience in a leadership role in areas of governance, audit, and control management
Exceptional English, written and verbal communication skills, including for the development and delivery of presentations
Ability to lead change, often in the absence of direct authority
Strong planning, coordinating, organizing, training and implementation skills
Demonstrable competence and experience in explaining complex information and cybersecurity concepts and technologies to both technical and non-technical audiences, management, and executives
Thrives on change, showing an impressive ability to drive the information security strategy forward
Demonstrable knowledge of the policies and behaviors for information handling and protection
Responsive, agile approach to manage changing priorities
Effective negotiation and communication skills with people at different levels of the organization
Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams
Specific experience in ITIL, COSO, GMP, or other best practice frameworks are assets
Who You Are
Exceptional written and oral communication skills, including ability to brief stakeholders on complex issues in a succinct manner, to drive issues to resolution, and to facilitate discussions among business leaders
Strong quantitative and qualitative analytic skills
Strong business acumen
Excited to work in a fast paced and intellectually challenging environment
Excellent analytical and organizational skills
Ability to work independently with minimal supervision
Ability to manage multiple projects at once, to synthesize information from multiple sources, and to follow through and meet deadlines
Have exceptional judgment with the ability to cope with competing priorities
Leverage resourcefulness and creativity in approach to problem solving
Focus on pragmatic business advice and solutions
Professional and collaborative with the ability to build and maintain trusted relationships with stakeholders
Positive "can-do" attitude
Tilray welcomes applications from all qualified individuals and is committed to employment equity and diversity in the workplace.
Accommodations are available for applicants with disabilities throughout the recruitment process. If you require accommodations for interviews or other meetings, please advise when submitting your application.
Please note that Tilray does not authorize, engage, or sponsor any consultants, agencies or organizations that seek certain personal or financial information from you (e.g. passwords, login ids, credit card information). High Park does not charge any application, processing or onboarding fee at any stage of the recruitment or hiring process.
When replying to emails, please ensure the sender name and email address match exactly. Please also ensure the Reply-To address matches the sending address exactly.
If you are concerned about the authenticity of an email, letter, or call purportedly from, for, or on behalf of High Park, please send an email inquiry to email@example.com
Tilray is a Canadian pharmaceutical and cannabis company, incorporated in the United States with primary operations headquartered in Toronto, Ontario. Tilray also has operations in Australia & New Zealand, Germany, Portugal, and Latin America.