Director, Information Security

Nanaimo, British Columbia | Full-Time

Job viewed63times

Director, Information Security - New York
About Tilray
Tilray is a global leader in cannabis research, cultivation, processing, and distribution. We aspire to lead, legitimize, and define the future of our industry by building the world’s most trusted cannabis company. We are committed to setting the gold standard of care and excellence in our industry. We believe that commitment starts with a great work environment and benefits for our associates.
Looking to develop your career at the forefront of a rapidly expanding industry?
The Director, Information Security will drive the vision, strategy, and compliance of information security for the company globally.
The Director, Information Security is responsible for managing all aspects of governance, risk and compliance related to information security. He/she oversees the development, communication, and review of Tilray's information security policy framework as well as the identification, assessment and mitigation of cybersecurity risks, and coordinates internal and external audits related to cyber and information security. All compliance requirements, which translate into cyber and information security controls, are also under his/her responsibility.
The successful candidate will also be responsible for developing, implementing, communicating, and managing the Information Security Awareness Program. He/she will implement a program to ensure all employees, consultants and suppliers understand and follow the organization's information and cybersecurity policies and requirements, and conduct themselves in a secure manner through training, awareness, education, and professional development.

Role and Responsibilities

  • Develop and execute a comprehensive cybersecurity roadmap of the organization's information security program
  • Design, implement and engage internal stakeholders on Tilray’s corporate risk management framework with supporting policies, procedures, standards, directives, methodologies, and related documentation
  • Lead the implementation of compliance, administrative, and detection solutions/systems to enhance the security of the organization. Conduct an ongoing assessment of security practices and systems and support the continuous improvement of processes to promote efficiency
  • Responsible for implementing an incident identification and response program to identify cybersecurity threats to the organization
  • Lead the mitigation of cybersecurity risks, including the investigation and analysis of root causes, patterns, or trends, and helping to identify and implement corrective action where appropriate
  • Identify and own the resolution of related issues and non-compliant conditions. Provide guidance on how to avoid similar situations in the future
  • Promote information security awareness and training throughout the organization and instill a culture of security throughout
  • Represent the company's data security and privacy posture and assurances to patients, consumers, customers, and other external stakeholders
  • Collaborate with internal leaders to assure the business continuity and recovery function for the business
  • Prepare and present quarterly updates to the General Counsel, CEO, and/or Board of Directors
  • Partner and collaborate with business stakeholders across the company to raise awareness of risk management and cybersecurity concerns
  • Running internal security audits and risk assessments that may be required by regulators, including compliance reviews for privacy controls, GDPR, and role-based access
  • Collaboration with Internal Audit team to ensure cybersecurity is in compliance with applicable regulations and frameworks such as SOX, SOC and NIST
  • Due to the dynamic nature of the industry, the scope of your job may evolve and change by business demands
Qualifications and Education Requirements
  • Bachelor's degree in Information Technology, Business Administration, or information related field, and professional cybersecurity management certification (CISSP, CISA, CRISC, etc.)
  • At least ten years of experience in Information Security, Operational Risk, Internal Audit, or other relevant department, with specific knowledge of data integrity and cybersecurity, including related policies and processes
  • Experience leading compliance efforts through various standards and certifications (e.g. ISO 27001, NIST Cyber Security Framework, SSAE16)
  • Experience in a leadership role in areas of governance, audit, and control management
  • Exceptional English, written and verbal communication skills, including for the development and delivery of presentations
  • Ability to lead change, often in the absence of direct authority
  • Strong planning, coordinating, organizing, training and implementation skills
  • Demonstrable competence and experience in explaining complex information and cybersecurity concepts and technologies to both technical and non-technical audiences, management, and executives
  • Thrives on change, showing an impressive ability to drive the information security strategy forward
  • Demonstrable knowledge of the policies and behaviors for information handling and protection
  • Responsive, agile approach to manage changing priorities
  • Effective negotiation and communication skills with people at different levels of the organization
  • Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams
  • Specific experience in ITIL, COSO, GMP, or other best practice frameworks are assets
Who You Are
  • Exceptional written and oral communication skills, including ability to brief stakeholders on complex issues in a succinct manner, to drive issues to resolution, and to facilitate discussions among business leaders
  • Strong quantitative and qualitative analytic skills
  • Strong business acumen
  • Excited to work in a fast paced and intellectually challenging environment
  • Excellent analytical and organizational skills
  • Ability to work independently with minimal supervision
  • Ability to manage multiple projects at once, to synthesize information from multiple sources, and to follow through and meet deadlines
  • Have exceptional judgment with the ability to cope with competing priorities
  • Leverage resourcefulness and creativity in approach to problem solving
  • Focus on pragmatic business advice and solutions
  • Professional and collaborative with the ability to build and maintain trusted relationships with stakeholders
  • Positive "can-do" attitude
Tilray welcomes applications from all qualified individuals and is committed to employment equity and diversity in the workplace.

Accommodations are available for applicants with disabilities throughout the recruitment process. If you require accommodations for interviews or other meetings, please advise when submitting your application.
Please note that Tilray does not authorize, engage, or sponsor any consultants, agencies or organizations that seek certain personal or financial information from you (e.g. passwords, login ids, credit card information). High Park does not charge any application, processing or onboarding fee at any stage of the recruitment or hiring process.
When replying to emails, please ensure the sender name and email address match exactly. Please also ensure the Reply-To address matches the sending address exactly.
If you are concerned about the authenticity of an email, letter, or call purportedly from, for, or on behalf of High Park, please send an email inquiry to
Tilray, Inc.
Tilray, Inc.
HQ: Nanaimo, British Columbia

Tilray is a Canadian pharmaceutical and cannabis company, incorporated in the United States with primary operations headquartered in Toronto, Ontario. Tilray also has operations in Australia & New Zealand, Germany, Portugal, and Latin America.

Company size: 750

  • Salary
  • Career Level
  • Degree
  • Experience
  • Job Type
  • Attractive
  • Full-Time

© 2020 THCNET®. All rights reserved.