Director of Information Security

Term: 18 to 24 month contract

Category: Office Staff

Competition #: 21-389

Rubicon Pharmacies is the leading independent pharmacy operator in Western Canada with 102 locations, primarily located in rural towns and neighborhood communities of larger urban centres.  All of the locations have been acquired through a strategic and prudent acquisition strategy.  Rubicon operates its pharmacies across all four western provinces under a number of different independent retail banners including Pharmasave, PharmaChoice, Remedy’s RX, Guardian and Value Drug Mart.  Rubicon’s head office is located in Winnipeg, Manitoba.  Rubicon also operates a number of ancillary operations including Tim Horton’s and Starbucks restaurants in some locations.

At Rubicon Pharmacies our mission is simple; we provide leading pharmacy care.  We achieve this through our relationship-based products and services, and the strength of our dedicated and talented employees.

We are committed to the highest quality experience for the people we serve with a focus on improving life. By developing efficient and effective processes and systems across our network of stores, we are able to build and maintain strong relationships with our customers.

Position Summary:

Reporting to the Chief Operating Officer, the Director of Information Security will lead all technical aspects of Rubicon’s security, data privacy, and compliance initiatives, further strengthening Rubicon’s commitment to Information Security and assuring the trust of our customers and partners.  They will champion Information Security initiatives across the organization and be a process owner on key security initiatives including risk assessment, evaluating the effectiveness of security programs, incident response management, policies, and standards. The position will also work closely with the Chief Financial Officer.

Essential Functions/Responsibilities:

  • Develop, implement and maintain Rubicon’s information security strategy and roadmap, in line with current industry leading practices, covering policy development, process design, and technology as well as identification of risks or impacts on business operations.
  • Design and implement an effective information security awareness and training program to promote cyber security awareness throughout the organization to install a culture of security.
  • Design and implement security controls to safeguard the company’s data from inappropriate disclosure and loss.
  • Conduct periodic security audits of IT infrastructure to identify and address vulnerabilities.
  • Develop, validate and maintain a cyber security incident response plan and processes to address potential threats and protect Rubicon’s assets and reputation, including documentation of any security breaches and the extent of damages caused by breaches.
  • Develop and oversee effective business recovery plans that align with business objectives, regulatory requirements and company culture, including establishing processes and procedures to restore critical IT infrastructure following a cyber disruption.

Required Qualifications:

  • Undergraduate degree in computer science, information security or a related field.
  • Minimum 8 years IT experience, with 5 years in an enterprise information security role.
  • Possess Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or similar certification.
  • Experience working with frameworks and standards such as NIST
  • Experience working with SOC 2 and/or PCI DSS compliance
  • Expert knowledge of information security best practices, tools and techniques, including experience with policy development; process design; intrusion prevention, detection and response; data loss prevention and detection; incident response management and network architecture.
  • Detailed understanding of current security technology and approaches to managing threats and vulnerabilities.
  • Excellent interpersonal skills and ability to work effectively with various teams from different functional areas in a proactive and constructive manner.
  • Excellent verbal and written communication skills, with the ability to adapt communications to the technical literacy of the target audience.
  • Understanding of budget accountability and fiscal responsibility.
  • Demonstrate a high level of ethics and integrity.

Work Environment:

This position will work primarily in an office setting during regular business hours.  Work outside of normal business hours will be required periodically as part of this position.

Significant portion of the work can be done remotely.

e employee/contractor will be required to travel periodically within Canada to other Rubicon offices or to store locations.

Employment Equity:

Rubicon is committed to equity in its policies, practices, and programs, and supports diversity in work environment.                                              Rubicon will undertake special measures, where necessary, to ensure that qualified candidates from designated groups are included and are able to compete equally in all aspects of employment, promotion, advancement and retention.