Tilray is a federally licensed producer of medical cannabis. We are committed to setting the gold standard of care and excellence in our industry. We believe that commitment starts with a great work environment and benefits for our associates.
Looking to develop your career at the forefront of a rapidly expanding industry?
Ready to apply your talents to make a positive difference in the lives of patients across the country?
Information Security Analyst, Toronto ON
Reporting to the Manager, IT Infrastructure, the incumbent is responsible for research, evaluation, assessment, operational, reporting, and analytical support for technology controls and information security programs and initiatives. The incumbent will be a subject matter expert in the all areas of information security, and supports the Manager, IT Infrastructure in stakeholder management by maintaining strong relationships with External/Internal Audit, Risk & Compliance, Privacy, IT Infrastructure, and Operational Business Units. This is a hands-on role that directly contributes towards the day-to-day cyber-security operational support of all global sites, by monitoring and proactively responding to any cyber threat which materialized or might materialize at any company asset to prevent or minimize potential business, financial, or reputation impact. This individual leads the implementation of policies, procedures, and documentation that are consistent with company enterprise goals, industry best practices, Health Canada regulatory requirements, and GxP quality standards.
- Establish an information security framework and supporting processes to ensure that the information security strategy is aligned with organizational goals and objectives.
- Identify and recommend appropriate risk treatment and response options to manage risk to an acceptable level based on risk appetite to meet organizational goals and objectives.
- Develop and maintain an information security program that identifies, manages, and protects the organization’s assets, thereby supporting an effective security posture.
- Plan, establish, and manage the capability to detect, investigate, respond, and recover from information security incidents to minimize business impact.
- Development and implementation of standards, policies, procedures, and solutions that mitigate risk and maximize security, service availability, efficiency, and effectiveness.
- Develop business cases to support investments in information security.
- Establish, monitor, evaluate, and report key information security metrics to provide management with accurate and meaningful information regarding the effectiveness of the information security strategy.
- Identify legal, regulatory, organizational, and other applicable requirements to manage the risk of noncompliance to acceptable levels.
- Ensure that risk assessments, vulnerability assessments, and threat analyses are conducted consistently, and to identify and assess risk to the organization’s information.
- Determine whether information security controls are appropriate and effectively manage risk to an acceptable level.
- Develop and maintain expertise through professional development opportunities and personal studies off-hours.
- Mandatory availability as an on-call resource evenings, weekends, and statutory holidays
- University degree in Computer Science, Information Systems, Information Technology, or an acceptable combination of education and experience.
- At least 7 years or more of direct work experience as an Information Security Analyst.
- Preferred certifications: CISSP, CCSP, CISA, CRISC, CISM.
- Extensive knowledge of multiple cybersecurity domains such as governance, risk assessment, threat intelligence, user education, security operation, and security architecture.
- Extensive knowledge of cyber-security standards such as ISO, NIST, PIPEDA, and GDPR.
- Extensive knowledge of enterprise asset management, endpoint protection platforms, secure web gateways, secure email gateways, vulnerability assessment tools, identity and access management solutions, and intrusion detection and prevention systems.
- Advanced knowledge of private and public cloud infrastructure tools and protocols.
- Advanced knowledge of physical security tools such as Genetec Security Center.
- Hands on experience with implementing security awareness and training containing various mediums like on-boarding presentation, online training modules, lunch and learns, periodic security communication, and simulated phishing campaigns.
- Proven strong ability to write concise, detailed technical documentation for internal IT use and end-user training purposes, including detailed network diagrams, system processes, and maintaining accurate records of system configurations and inventory
- Able to interpret the operational requirements of end users, project managers, and other stakeholders, and develop detailed task lists from start-to-finish.
- Effective time management, task prioritization, and ability to consistently meet deadlines.
- Able to work independently or as part of a team. A proven self-starter and highly motivated to make proactive changes.
- Possess excellent written and verbal communication skills, and highly analytical aptitude.