IT Manager Security and Risk - Toronto, Canada - CareRx

CareRx

Verified Company

Toronto, Canada

2 weeks ago

Posted by:

Sophia Lee

beBee Recruiter

Description

About CareRx Corporation
CareRx is Canada's leading provider of specialty pharmacy services to seniors.

We serve more than 96,000 residents in over 1,600 seniors and other communities (long-term care homes, retirement homes, assisted living facilities, and group homes).

We are a national organization with a large network of pharmacy fulfillment centres that allows us to deliver medications in a timely and cost-effective manner.

We take an active role in working with our home operator partners to promote resident health, staff education, and medication system quality and efficiency.

Whether you do your best work in a dispensary, in a clinical setting, in an office, or on the road, we have a place for you.

Position Summary

Reporting to the Vice President of Information Technology, the IT Manager, Security, Compliance and Risk is responsible for managing the IT Security, Risk and Compliance program.

This leader role is responsible for designing, documenting, implementing and governing Information Security controls and IT compliance programs to meet corporate, legal and regulatory requirements.

This role will also be accountable to manage the delivery of the Cyber Security Awareness program and manage security threat responses.

The Manager of Security, Risk and Compliance will be accountable for the development and continuous improvement of Information Services Management System based on industry frame works such as ISO27001, NIST, NI-52-109, Canadian Health Information and other applicable controls.

In this role, you must possess a broad and in-depth understanding of technical and professional skills in many disciplines including: IT Governance, Risk Management, Information Security and Identity Access Management, Security Operations, Security Architecture, Legal and Regulatory Compliance, Audit, Vendor Management and Data Governance.

SPECIFIC RESPONSIBILITIES AND ACCOUNTABILITIES

1. IT Governance

Indirect ownership of all global IT security policies.
Collaborate with key stakeholders to create, implement and govern the information security policies, standards, controls baseline and controls maturity model ; ensuring corporate and regional regulatory compliance is regularly validated.
Strategically build and automate a solution to record applicable controls and collect and manage required supporting artifacts.
Define and deliver appropriate security, compliance and risk metrics to leadership.
Define and deliver PCI compliance and PHI compliance assessments and monitoring.
Provide guidance towards cyber requirements during vendor procurement through contract reviews.
Primary liaison for all external and internal audits, including reviewing requests, monitoring audit execution, and review findings with IT Leadership. The audits may or may not be related to information security.

2. IT Risk

Develop and maintain the IT Risk Management framework, process, and risk register monitoring solution.
Leadership of Risk Management and Compliance assessment team performing risk assessment and compliance reviews ensuring onpremise information systems and cloud service providers and solutions are adequately protecting CareRx and our customers information sufficiently.
Assign risk weighting on policy exception requests and monitor risk treatment plans to closure.
Direct applicable maturity assessment s towards certifications.
Respond to customer information security and data protection questionnaires.

3. Security Awareness

Full accountability and program ownership for the cybersecurity awareness, strategic program definition and execution, vendor procurement, configuration and reporting management.
Authority over all content created and presented, metrics collecting, data analysis, continuous program improvement.

4. Technical Consultation**- Provide consulting expertise in requirements for IT operations / Applications to ensure compliance and security.

Provide consultation in new vendor assessment to complete TRA / PIA requirements.

5. Escalation Security Lead**- Act as a primary or secondary escalation for SOC.

Assist with response and recovery.
Report to IT Leadership on security events.
Day to day assessment, investigation and response for phishing attempts.

BEHAVIORAL COMPETENCIES

Excellent Verbal and Written Communication skills
Ability to selfstart and willingness to learn new skills
Excellent time and workload management skills
Demonstrated trustworthiness and judgment in handling confidential and personal matters
Ability to analyze, anticipate, and evaluate problems and situations, escalate and provide suggestions as appropriate
Proven track record of providing excellent customer service and technical support in both hardware and software spaces
Must be a proactive team player and leader in a service organization culture and be able to work in a fast paced work environment
Must be able to time manage priorities and