Manager, BT Security and Compliance

About SNDLSNDL is the largest private sector liquor and cannabis retailer in Canada with retail banners that include Ace Liquor, Wine and Beyond, Liquor Depot, Value Buds, and Spiritleaf. As a licensed cannabis producer, SNDL also has indoor state-of-the-art grow-op facilities to supply wholesale and retail customers under a cannabis brand portfolio that includes Top Leaf, Sundial, Palmetto, Spiritleaf Selects, and Grasslands. SNDL's investment portfolio seeks to deploy strategic capital through direct and indirect investments and partnerships throughout the global cannabis industry.About the RoleReporting to the Vice President of Business Technology Operations, the Manager, Business Technology (BT) Security and Compliance is responsible for leading the day-to-day operations and continuous improvement of a 24x7x365 BT Security & Compliance team for all SNDL Business Units and banners. This position will be responsible for designing, maintaining, configuring, troubleshooting, auditing, and documenting the status of all security and compliance controls. The position supports the organization's technology needs to provide a robust, secure, and reliable computing environment.Key Attributes:team leader with a talent for motivating local and remote teams.communicator. When you speak, others are interested in listening.thinker, and always find yourself at least a step aheadhandle even the tightest deadlines and high-pressure situations with a cool head and clear vision.mindset with a knack for simplifying complex problems.approach to addressing security risks and compliance challenges.and exceptional at building relationships with key stakeholders.Role and responsibilities include, but are not limited to:General Responsibilitiesleadership, direction, guidance, and supervision to both Security and Compliance analysts.with team members to ensure their S.M.A.R.T. objectives align with the business directives. Establish a cadence for review, constant improvement, and expectation setting.clear responsibilities and expectations on tasks and projects, with planned follow-up on your teams’ deliverables, including your own. Use a project management mindset to foster accountability and high-quality output.a supportive work environment. As a Manager, you will be encouraged to promote team building and open-door communication. You will also play a crucial role in informing your team of large-scale business changes and how they impact their work, ensuring they feel supported and confident in their roles.team members in their respective disciplines and assist in continuous growth and development.with BT teams and other related organizational departments to develop and maintain incident response plans to effectively address and mitigate security incidents such as breaches, data leaks, cyber-attacks, etc.industry developments, regulatory changes, and emerging technology compliance and security best practices to assist with implementing improvements to the organization's IT compliance and security programs accordingly.closely with other departments, including BT, Legal, Regulatory and Compliance, Internal Audit, Human Resources and Risk/Loss Management, to address compliance-related issues and ensure a coordinated approach to compliance efforts.Security-Related Skills and InitiativesTechnology Policy Development: Develop and enforce security policies, procedures, and guidelines in alignment with industry standards and regulatory requirements.Risk Assessment: Identify, assess, and prioritize security risks and vulnerabilities within the organization's technology systems and networks.Security Architecture: Participate in the design and implementation of robust security architectures for networks, systems, applications, and data to safeguard against cyber threats and ensure compliance.Security Awareness Training: Conduct security awareness training programs to educate employees about best practices for data protection, password security, phishing awareness, and other relevant topics.Compliance: Ensure compliance with relevant data protection laws, regulations, and industry standards (e.g., GDPR, PCI DSS).Security Tools Management: Oversee the selection, deployment, and management of security tools and technologies such as firewalls, intrusion detection/prevention systems (IDS/IPS), antivirus software, encryption tools, and security information and event management (SIEM) systems.Vulnerability Management: Implement processes for identifying, prioritizing, and remediating security vulnerabilities across the organization's IT infrastructure.Security Audits and Assessments: Conduct regular security audits and assessments to evaluate security controls' effectiveness and identify areas for improvement.Collaboration: Collaborate with cross-functional teams, including IT, legal, compliance, and business units, to ensure a holistic approach to security and compliance.Budgeting and Resource Management: Develop and manage the security budget, allocate resources effectively, and invest strategically in security initiatives.Continuous Improvement: Stay informed about emerging threats, technologies, and best practices in cybersecurity, and continuously improve the organization's security posture. Technology Compliance-Related Skills and InitiativesRegulatory Compliance: Stay abreast of relevant laws, regulations, and industry standards relating to technology and data management (e.g., GDPR, Sarbanes Oxley (SOX), PCI DSS) and ensure the organization's IT practices adhere to these requirements.Development and Enforcement: Develop, review, and enforce technology compliance policies, procedures, and guidelines in alignment with regulatory requirements and industry best practices.Assessment and Management: Identify, assess, and prioritize technology-related risks and vulnerabilities and develop strategies to mitigate them effectively.Audits and Assessments: Plan, coordinate, and conduct regular compliance audits and assessments to evaluate the organization's adherence to applicable regulations and standards.and Reporting: Maintain comprehensive documentation of compliance activities, findings, and remediation efforts. Prepare reports and presentations for senior management, auditors and regulatory authorities as required.and Awareness: Develop and deliver training programs to educate employees about technology compliance requirements, policies, and procedures. Foster a culture of compliance across the organization.Management: Evaluate and manage third-party vendors and service providers to ensure their technology solutions and practices comply with regulatory requirements and organizational standards.Governance: Establish and maintain data governance frameworks to ensure the confidentiality, integrity, and availability of sensitive information, including data classification, access controls, and data retention policies.Management: Implement processes for managing technology systems and infrastructure changes in compliance with regulatory requirements and organizational policies.Required Competenciesminimum of 5 years of experience in an IT security and compliance management or GRC role, preferably in a manufacturing, retail, or e-commerce environment.degree in Computer Science, Information Technology, or related field; advanced degree or relevant certifications (e.g., CISSP, CISA, CISM) preferred.in the security practices of the payment industry, Sarbanes Oxley (SOX) and in other security regulations (PCI-DSS, SOX, COBIT, NIST, ISO 2700x, ITIL)with GRC platforms such as Auditboard or similar.knowledge and hands-on experience with Microsoft 365(M365) security solutions including Defender series (office 365, Endpoint, Cloud Apps, Identity, BitLocker encryption), conditional access, Privileged Identity Management (PIM) and Intune and Purview as well as M365 hardening.products and services including but not limited to Firewalls, IDS/IPS, Endpoint Protection, MDM, Email Security/Spam/Phish filters, EDR/XDRexperience developing and implementing security policies, standards, and procedures.communication and interpersonal skills, with the ability to collaborate effectively with cross-functional teams.analytical skills and attention to detail, with the ability to assess complex security risks and develop practical solutions.leadership abilities and the capacity to drive initiatives in a fast-paced environment.We are grateful for the interest in this role from all candidates, however, we will be contacting only those that are selected for next steps in the hiring process.Our Commitment to Diversity & Inclusion: SNDL is an equal opportunity employer. We are committed to building a welcoming, inclusive, diverse and safe workplace where all of our team members have equal opportunity to succeed. We know this begins with recruitment. To honor our commitment, SNDL encourages applications from individuals of all backgrounds, sexual orientation, gender identity, ancestry, ages and abilities.