Director, Information Security - New York City, NY
About Tilray
Tilray Brands, Inc. (Nasdaq: TLRY; TSX: TLRY), is a global consumer products company dedicated to empowering communities with innovative products and enhancing wellbeing. Join us in steering the course of a rapidly evolving industry.
POSITION OVERVIEW
As the Director of Information Security, you will be the visionary architect of our global information security strategy, ensuring robust governance, risk management, and compliance. This pivotal role involves the formulation, dissemination, and periodic review of Tilray’s information security policies, as well as the identification, evaluation, and mitigation of cybersecurity risks. You will coordinate internal and external audits related to cyber and information security and translate compliance requirements into actionable security controls.
Salary: USD $180,000-$225,000k annual, experience will contribute to this factor.
KEY RESPONSIBILITIES
- Develop and Implement Cybersecurity Roadmap: Align the cybersecurity roadmap with the organization’s information security program to ensure comprehensive protection.
- Design Risk Management Framework: Create and promote a corporate risk management framework with detailed policies, procedures, standards, directives, methodologies, and supporting documentation.
- Deploy Security Solutions: Lead the deployment of compliance, administrative, and detection solutions to enhance the organization’s security posture.
- Incident Response Program: Establish a proactive incident identification and response program to address cybersecurity threats effectively.
- Mitigate Cybersecurity Risks: Conduct thorough investigations to uncover root causes, patterns, or trends, and implement corrective measures to mitigate risks.
- Resolve Compliance Issues: Take ownership of resolving compliance issues and non-conformities, providing strategic guidance to prevent recurrence.
- Cultivate Security Awareness: Foster a culture of security awareness throughout the organization, ensuring all personnel are well-informed and compliant with cybersecurity policies and protocols.
- Represent Data Security: Advocate for Tilray’s commitment to data security and privacy to external stakeholders, including patients, consumers, and customers.
- Collaborate for Continuity: Work with internal teams to ensure business continuity and disaster recovery plans are robust and effective.
- Executive Reporting: Prepare and deliver quarterly updates to key company executives and the Board of Directors.
- Elevate Risk Management: Engage with various business units to elevate risk management and cybersecurity awareness
PROFESSIONAL EXPERIENCE/QUALIFICATIONS
- Educational Background: Bachelor’s degree in Information Technology, Business Administration, or a related field, complemented by professional cybersecurity management certifications (CISSP, CISA, CRISC, etc.).
- Experience: A minimum of ten years’ experience in Information Security, Operational Risk, Internal Audit, or a related department, with a deep understanding of data integrity and cybersecurity principles.
- Compliance Leadership: Proven track record in leading compliance initiatives across various standards and certifications (e.g., ISO 27001, NIST Cyber Security Framework, SSAE16).
- Governance Expertise: Demonstrated leadership in governance, audit, and control management domains.
- Communication Skills: Exceptional communication skills in English, both written and verbal, with the ability to develop and deliver compelling presentations.
- Change Catalyst: Adept at driving information security initiatives forward, often without direct authority.
- Organizational Skills: Strong planning, coordination, organization, training, and implementation capabilities.
- Technical and Non-Technical Communication: Ability to convey complex information security concepts to both technical and non-technical stakeholders effectively.
- Visionary Leadership: A visionary leader with a passion for embracing change and advancing the information security agenda.
- Policy Knowledge: Comprehensive knowledge of information handling and protection policies and practices.
- Agility: An agile and responsive approach to managing shifting priorities.
- Negotiation Skills: Proficient negotiation and communication skills across various organizational levels.
- Innovative Thinking: Innovative thinking and leadership, with a knack for inspiring and guiding cross-functional teams
WHO YOU ARE
- Exceptional Communicator: Capable of distilling complex issues for diverse audiences and driving resolutions.
- Analytical: Adept at quantitative and qualitative analysis.
- Strategic Mindset: Business-savvy with a strategic mindset.
- Dynamic Environment: Thriving in dynamic, intellectually stimulating environments.
- Organized: Exceptionally analytical and organized.
- Autonomous: Proven ability to juggle multiple projects, synthesize information from various sources, and meet tight deadlines.
- Sound Judgment: Possessing sound judgment, with the capacity to prioritize amidst competing demands.
- Resourceful: Resourceful and creative in problem-solving.
- Practical Solutions: Focused on delivering practical business advice and solutions.
- Collaborative: A professional collaborator, skilled in fostering trusted relationships with stakeholders.
- Proactive: A proactive individual with a “can-do” attitude.
Tilray is an equal opportunity employer, dedicated to promoting diversity and inclusivity in the workplace. We provide accommodations for applicants with disabilities throughout the recruitment process. Should you require accommodations for interviews or other meetings, please indicate this when submitting your application.
Please be aware that Tilray does not engage or endorse any consultants, agencies, or organizations that request personal or financial information (e.g., passwords, login IDs, credit card details). We do not impose any application, processing, or onboarding fees at any stage of the recruitment or hiring process.
For email correspondence, ensure the sender’s name and email address match exactly. The Reply-To address should also correspond precisely with the sender’s address.
If you have concerns regarding the authenticity of any communication purportedly from, for, or on behalf of Tilray, please direct your inquiries to infosec@tilray.com.