Manager, Risk Management

What You Are Looking For

• A closely connected culture
• A total rewards package meant to enhance your work-life flexibility
• Fully utilizing your talent
• Professional growth and development via challenging projects and assignments
• Warm and fuzzy feelings knowing you have helped your community, your team, the business and social causes through the Rexall Care Network

Reporting to the Sr. Director of Information Technology, the Manager, Risk Management & Compliance is responsible for leading the organization's cybersecurity governance, risk, and compliance (GRC) program. This role ensures that information security risks are effectively identified, assessed, managed, and monitored across the enterprise. The manager will develop and maintain security policies, oversee compliance initiatives such as PCI DSS, lead vendor security assessments, manage internal security reviews and audits, coordinate incident response activities, and drive security awareness programs.

This role requires a strong understanding of cybersecurity frameworks, risk management methodologies, and regulatory compliance requirements, combined with the ability to collaborate across business and technical teams to strengthen the organization's overall security posture.

What You'll Be Doing

• Develop, maintain, and enforce information security policies, standards, and procedures aligned with organizational goals and regulatory requirements.
• Lead and manage the cybersecurity risk management framework, ensuring consistent risk identification, assessment, mitigation, and reporting.
• Oversee PCI DSS compliance and other relevant security or privacy certifications and attestations.
• Conduct and manage vendor risk assessments, ensuring third-party partners meet company security requirements.
• Coordinate and participate in internal and external security audits including penetration testing activities and manage audit findings through remediation to closure.
• Maintain an up-to-date inventory of applications and data assets, including classification of private and sensitive data.
• Manage and continuously improve the security incident response plan; coordinate investigations and ensure timely remediation.
• Lead and conduct annual tabletop exercises to validate incident response readiness.
• Partner with technical teams to review and assess security controls, including periodic user access reviews, firewall rule reviews, and other key control checks.
• Develop and deliver cybersecurity awareness and phishing simulation programs to enhance employee understanding of security responsibilities.
• Provide security risk consultation to business units and project teams to guide secure decision-making and compliance with policy.
• Prepare and present risk reports and security metrics to senior management in business-friendly language, outlining key risks, trends, and recommendations.
• Collaborate with IT, Legal, and Business functions to embed security into operations and projects.
• Remain current with emerging cybersecurity threats, regulations, and best practices, and proactively adjust the security program accordingly.
• Ensure compliance with industry frameworks and regulations (e.g., NIST CSF, ISO 27001, SOC 2, PIPEDA)
• Work in a cooperative manner with the IT Organization
• Perform other duties as assigned to support Rexall Pharmacy Group Ltd.

Knowledge, Skills And Experience

• Bachelor's degree in information security, Computer Science, Information Technology, or a related field.
• 7+ years of experience in cybersecurity, with at least 3 years in a risk management, governance, or compliance leadership role.
• Experience managing PCI DSS, ISO 27001, NIST CSF, SOC 2, PIPEDA or similar compliance frameworks.
• Proven experience conducting or managing security audits, risk assessments, and vendor security reviews.
• Experience developing and implementing security policies, standards, and procedures.
• Familiarity with incident response, tabletop exercises, and security awareness programs.
• Solid understanding of IT infrastructure, network security, cloud security, and data protection principles.
• Previous experience in incident response and handling security breaches.
• Strong knowledge of cybersecurity frameworks and standards (NIST, CIS Controls, ISO 27001, COBIT).
• Proficiency with GRC tools and risk tracking systems.
• Excellent analytical, documentation, and communication skills, with the ability to influence at all levels.
• Strong project management and stakeholder engagement skills.
• Strong leadership, collaboration, and interpersonal skills.
• High attention to detail and a pragmatic, risk-based approach to problem solving.
• Continuous learner with a proactive mindset to enhance the organization's security maturity.
• Strong customer service orientation.
• Experience working in a team-oriented, collaborative environment.

At Rexall, we are better together. We serve our customers, partners, and patients best—we are our best—when everyone brings their true self to work. Our connected, inclusive culture celebrates our lived experiences, backgrounds, expertise, and self-expression to let us win as one team. Leveraging our differences distinguishes us and brings out our best performance.

Are you #ALLin?

Rexall Pharmacy Group is committed to providing an accessible environment for all of our customers, employees, and job applicants. Rexall Pharmacy Group will make available to any selected applicants' accommodations and/or accessible formats should they require. Candidates are encouraged to discuss any accommodation they may need in order to allow for the most effective selection process.