Director, Information Security

Director, Information Security - New York City, NY

About Tilray

Tilray Brands, Inc. (Nasdaq: TLRY; TSX: TLRY), is a global consumer products company, empowering communities with innovative products and enhancing wellbeing. Join us in steering the course of a rapidly evolving industry.

Position Overview

As the Director of Information Security, you will be the architect of our global information security vision, strategy, and compliance. This pivotal role encompasses the management of governance, risk, and compliance aspects pertaining to information security. You will be responsible for the formulation, dissemination, and periodic review of Tilray’s information security policies, as well as the identification, evaluation, and mitigation of cybersecurity risks. This includes coordinating internal and external audits related to cyber and information security. Additionally, you will oversee the translation of compliance requirements into actionable cyber and information security controls. Salary: USD $180k-$225k annual, experience will be a contributing factor.

Key Responsibilities

• Develop and implement a robust cybersecurity roadmap aligned with the organization’s information security program.
• Design and promote Tilray’s corporate risk management framework, complete with comprehensive policies, procedures, standards, directives, methodologies, and supporting documentation.
• Spearhead the deployment of compliance, administrative, and detection solutions/systems to fortify the organization’s security posture.
• Establish an incident identification and response program to proactively address cybersecurity threats.
• Lead the charge in mitigating cybersecurity risks, conducting thorough investigations to uncover root causes, patterns, or trends, and facilitating the implementation of corrective measures.
• Take ownership of resolving compliance issues and non-conformities, providing strategic guidance to prevent recurrence.
• Cultivate a culture of security awareness throughout the organization, ensuring all personnel are well-informed and compliant with cybersecurity policies and protocols.
• Represent Tilray’s commitment to data security and privacy to external stakeholders, including patients, consumers, and customers.
• Collaborate with internal teams to ensure business continuity and disaster recovery plans are robust and effective.
• Prepare and deliver quarterly updates to key company executives and the Board of Directors.
• Engage with various business units to elevate risk management and cybersecurity awareness.
  
  
  

Professional Experience/Qualifications

• Bachelor’s degree in Information Technology, Business Administration, or a related field, complemented by professional cybersecurity management certifications (CISSP, CISA, CRISC, etc.).
• A minimum of ten years’ experience in Information Security, Operational Risk, Internal Audit, or a related department, with a deep understanding of data integrity and cybersecurity principles.
• Proven track record in leading compliance initiatives across various standards and certifications (e.g., ISO 27001, NIST Cyber Security Framework, SSAE16).
• Demonstrated leadership in governance, audit, and control management domains.
• Exceptional communication skills in English, both written and verbal, with the ability to develop and deliver compelling presentations.
• A change catalyst, adept at driving information security initiatives forward, often without direct authority.
• Strong planning, coordination, organization, training, and implementation capabilities.
• Ability to convey complex information security concepts to both technical and non-technical stakeholders effectively.
• A visionary leader with a passion for embracing change and advancing the information security agenda.
• Comprehensive knowledge of information handling and protection policies and practices.
• An agile and responsive approach to managing shifting priorities.
• Proficient negotiation and communication skills across various organizational levels.
• Innovative thinking and leadership, with a knack for inspiring and guiding cross-functional teams.
  
  
  

Who You Are

• A communicator par excellence, capable of distilling complex issues for diverse audiences and driving resolutions.
• Adept at quantitative and qualitative analysis.
• Business-savvy with a strategic mindset.
• Thriving in dynamic, intellectually stimulating environments.
• Exceptionally analytical and organized.
• Autonomous, with a proven ability to juggle multiple projects, synthesize information from various sources, and meet tight deadlines.
• Possessing sound judgment, with the capacity to prioritize amidst competing demands.
• Resourceful and creative in problem-solving.
• Focused on delivering practical business advice and solutions.
• A professional collaborator, skilled in fostering trusted relationships with stakeholders.
• A proactive individual with a “can-do” attitude.
  
  
  

Tilray is an equal opportunity employer, dedicated to promoting diversity and inclusivity in the workplace. We provide accommodations for applicants with disabilities throughout the recruitment process. Should you require accommodations for interviews or other meetings, please indicate this when submitting your application.

Please be aware that Tilray does not engage or endorse any consultants, agencies, or organizations that request personal or financial information (e.g., passwords, login IDs, credit card details). We do not impose any application, processing, or onboarding fees at any stage of the recruitment or hiring process.

For email correspondence, ensure the sender’s name and email address match exactly. The Reply-To address should also correspond precisely with the sender’s address.

If you have concerns regarding the authenticity of any communication purportedly from, for, or on behalf of Tilray, please direct your inquiries to infosec@tilray.com.