Job Type






IT Manager Security, Compliance & Risk Canada

CareRx Corporation

CareRx Corporation Canada Canada

3 months ago

About CareRx Corporation

CareRx is Canada’s leading provider of specialty pharmacy services to seniors. We serve more than 96,000 residents in over 1,600 seniors and other communities (long-term care homes, retirement homes, assisted living facilities, and group homes). We are a national organization with a large network of pharmacy fulfillment centres that allows us to deliver medications in a timely and cost-effective manner. We take an active role in working with our home operator partners to promote resident health, staff education, and medication system quality and efficiency.

Whether you do your best work in a dispensary, in a clinical setting, in an office, or on the road, we have a place for you.

Position Summary

Reporting to the Vice President of Information Technology, the IT Manager, Security, Compliance and Risk is responsible for managing the IT Security, Risk and Compliance program. This leader role is responsible for designing, documenting, implementing and... governing Information Security controls and IT compliance programs to meet corporate, legal and regulatory requirements. This role will also be accountable to manage the delivery of the Cyber Security Awareness program and manage security threat responses.

The Manager of Security, Risk and Compliance will be accountable for the development and continuous improvement of Information Services Management System based on industry frame works such as ISO27001, NIST, NI-52-109, Canadian Health Information and other applicable controls. In this role, you must possess a broad and in-depth understanding of technical and professional skills in many disciplines including: IT Governance, Risk Management, Information Security and Identity Access Management, Security Operations, Security Architecture, Legal and Regulatory Compliance, Audit, Vendor Management and Data Governance.

Specific Responsibilities And Accountabilities
• IT Governance
• Indirect ownership of all global IT security policies .
• Collaborate with key stakeholders to create , implement and govern the information security policies, standards, controls baseline and controls maturity model ; ensuring corporate and regional regulatory compliance is regularly validated .
• Strategically build and automate a solution to record applicable controls and collect and manage required supporting artifacts .
• Define and deliver appropriate security, compliance and risk metrics to leadership.
• Define and deliver PCI compliance and PHI compliance assessments and monitoring.
• Provide guidance towards cyber requirements during vendor procurement through contract reviews.
• Primary liaison for all external and internal audits , including reviewing requests, monitoring audit execution , and review findings with IT Leadership. The audits may or may not be related to information security.
• IT Risk
• Develop and maintain the IT Risk Management framework, process, and risk register monitoring solution.
• Leadership of Risk Management and Compliance assessment team performing risk assessment and compliance reviews ensuring on-premise information systems and cloud service providers and solutions are adequately protecting CareRx and our customers information sufficiently.
• Assign risk weighting on policy exception requests and monitor risk treatment plans to closure.
• Direct applicable maturity assessment s towards certifications .
• Respond to customer information security and data protection questionnaires.
• Security Awareness
• Full accountability and program ownership for the cybersecurity awareness, strategic program definition and execution, vendor procurement, configuration and reporting management.
• Authority over all content created and presented, metrics collecting, data analysis, continuous program improvement.

4. Technical Consultation
• Provide consulting expertise in requirements for IT operations / Applications to ensure compliance and security.
• Provide consultation in new vendor assessment to complete TRA / PIA requirements.

5. Escalation Security Lead
• Act as a primary or secondary escalation for SOC.
• Assist with response and recovery.
• Report to IT Leadership on security events.
• Day to day assessment, investigation and response for phishing attempts.

• Excellent Verbal and Written Communication skills
• Ability to self-start and willingness to learn new skills
• Excellent time and workload management skills
• Demonstrated trustworthiness and judgment in handling confidential and personal matters
• Ability to analyze, anticipate, and evaluate problems and situations, escalate and provide suggestions as appropriate
• Proven track record of providing excellent customer service and technical support in both hardware and software spaces
• Must be a proactive team player and leader in a service organization culture and be able to work in a fast paced work environment
• Must be able to time manage priorities and be very organized

Minimum Education And Experience
• Ten to twelve years of experience in IT management or related disciplines (for example, Security Operations, Risk, IT Governance, Audit, and Compliance, etc.).
• Professional certification in Information Security, Risk Management or Auditing , or working towards. ( such as CISSP, CISM, CISA, CRISC, CIPP, ISO27000 Lead Auditor, etc.
• Leadership or equivalent (GSLC), Certified Information Systems Security Professional (CISSP)
• Optional, Obtained GIAC Security Essentials or equivalent (GSEC)
• Optional, Obtained minimum Lean Six Sigma Green Belt Certification

Application Process

CareRx welcomes and encourages applications from people with disabilities. Accommodations are available upon request for candidates taking part in all aspects of the selection process. Interested, qualified candidates are encouraged to apply through

All applicants must successfully pass satisfactory background screening (depending on the role - Criminal Record Check, Driver’s Abstract, Education Verification, Current Professional Registration, Referencing). Background screening will be completed after an offer of employment has been extended and accepted

Salary Criteria












Copyright © 2023 Fonolive. All rights reserved.