About the role
What You Are Looking For
- A closely connected culture
- A total rewards package meant to enhance your work-life flexibility
- Fully utilizing your talent
- Professional growth and development via challenging projects and assignments
- Warm and fuzzy feelings knowing you have helped your community, your team, the business and social causes through the Rexall Care Network
Reporting to the Sr. Director of Information Technology, the Manager, Risk Management & Compliance is responsible for leading the organization’s cybersecurity governance, risk, and compliance (GRC) program. This role ensures that information security risks are effectively identified, assessed, managed, and monitored across the enterprise. The manager will develop and maintain security policies, oversee compliance initiatives such as PCI DSS, lead vendor security assessments, manage internal security reviews and audits, coordinate incident response activities, and drive security awareness programs.
This role requires a strong understanding of cybersecurity frameworks, risk management methodologies, and regulatory compliance requirements, combined with the ability to collaborate across business and technical teams to strengthen the organization’s overall security posture.
What You’ll Be Doing
- Develop, maintain, and enforce information security policies, standards, and procedures aligned with organizational goals and regulatory requirements.
- Lead and manage the cybersecurity risk management framework, ensuring consistent risk identification, assessment, mitigation, and reporting.
- Oversee PCI DSS compliance and other relevant security or privacy certifications and attestations.
- Conduct and manage vendor risk assessments, ensuring third-party partners meet company security requirements.
- Coordinate and participate in internal and external security audits including penetration testing activities and manage audit findings through remediation to closure.
- Maintain an up-to-date inventory of applications and data assets, including classification of private and sensitive data.
- Manage and continuously improve the security incident response plan; coordinate investigations and ensure timely remediation.
- Lead and conduct annual tabletop exercises to validate incident response readiness.
- Partner with technical teams to review and assess security controls, including periodic user access reviews, firewall rule reviews, and other key control checks.
- Develop and deliver cybersecurity awareness and phishing simulation programs to enhance employee understanding of security responsibilities.
- Provide security risk consultation to business units and project teams to guide secure decision-making and compliance with policy.
- Prepare and present risk reports and security metrics to senior management in business-friendly language, outlining key risks, trends, and recommendations.
- Collaborate with IT, Legal, and Business functions to embed security into operations and projects.
- Remain current with emerging cybersecurity threats, regulations, and best practices, and proactively adjust the security program accordingly.
- Ensure compliance with industry frameworks and regulations (e.g., NIST CSF, ISO 27001, SOC 2, PIPEDA)
- Work in a cooperative manner with the IT Organization
- Perform other duties as assigned to support Rexall Pharmacy Group Ltd.
Knowledge, Skills And Experience
- Bachelor’s degree in information security, Computer Science, Information Technology, or a related field.
- 7+ years of experience in cybersecurity, with at least 3 years in a risk management, governance, or compliance leadership role.
- Experience managing PCI DSS, ISO 27001, NIST CSF, SOC 2, PIPEDA or similar compliance frameworks.
- Proven experience conducting or managing security audits, risk assessments, and vendor security reviews.
- Experience developing and implementing security policies, standards, and procedures.
- Familiarity with incident response, tabletop exercises, and security awareness programs.
- Solid understanding of IT infrastructure, network security, cloud security, and data protection principles.
- Previous experience in incident response and handling security breaches.
- Strong knowledge of cybersecurity frameworks and standards (NIST, CIS Controls, ISO 27001, COBIT).
- Proficiency with GRC tools and risk tracking systems.
- Excellent analytical, documentation, and communication skills, with the ability to influence at all levels.
- Strong project management and stakeholder engagement skills.
- Strong leadership, collaboration, and interpersonal skills.
- High attention to detail and a pragmatic, risk-based approach to problem solving.
- Continuous learner with a proactive mindset to enhance the organization’s security maturity.
- Strong customer service orientation.
- Experience working in a team-oriented, collaborative environment.
At Rexall, we are better together. We serve our customers, partners, and patients best—we are our best—when everyone brings their true self to work. Our connected, inclusive culture celebrates our lived experiences, backgrounds, expertise, and self-expression to let us win as one team. Leveraging our differences distinguishes us and brings out our best performance.
Are you #ALLin?
Rexall Pharmacy Group is committed to providing an accessible environment for all of our customers, employees, and job applicants. Rexall Pharmacy Group will make available to any selected applicants’ accommodations and/or accessible formats should they require. Candidates are encouraged to discuss any accommodation they may need in order to allow for the most effective selection process.
About Rexall
With a heritage dating back more than 100 years, Rexall has evolved to become one of Canada's most trusted pharmacy brands.
Our legacy of helping Canadians has endured through successive evolutions of Rexall and Rexall Pharma Plus, from the apothecary-type drugstores to the modern community pharmacies we are today. Rexall in Canada was established in 1904 in the early days of the United Drug Company and quickly established itself as an innovator in retail pharmacy. At the same time, Tamblyn Drugs was establishing itself in Toronto, Ontario, and would eventually become Pharma Plus.
This progression has led us where we are today, a proud member of the McKesson family ranked seventh on the Fortune 500 and the industry's oldest, largest, most experienced and sophisticated pharmaceutical distributor.
At Rexall, our employees are family, and our culture reflects a close-knit community. From coast to coast, from retail store to Support Centre, we are ALL IN!
A lot may have changed over the years, but our commitment to helping Canadian families and communities be healthier has never been stronger. This vision continues to guide us as we look to the future and increase access to convenient, quality healthcare and products that Canadians can feel good about.
Our 390+ Rexall and Rexall Pharma Plus locations are supported by 7,000 staff dedicated to providing exceptional service and care in 180 communities across Canada. From providing vaccinations such as flu, COVID-19 * or other services within the expanding scopes of pharmacy care. Or offering exclusive daily living products that can help put you on a healthy path, Rexall is focused on continuously evolving to meet the changing needs of our patients and customers.
Rexall is a member of the Rexall Pharmacy Group ULC., a wholly-owned subsidiary of McKesson Corporation.
*Where regulations permit pharmacists to administer the flu vaccinations.
About the role
What You Are Looking For
- A closely connected culture
- A total rewards package meant to enhance your work-life flexibility
- Fully utilizing your talent
- Professional growth and development via challenging projects and assignments
- Warm and fuzzy feelings knowing you have helped your community, your team, the business and social causes through the Rexall Care Network
Reporting to the Sr. Director of Information Technology, the Manager, Risk Management & Compliance is responsible for leading the organization’s cybersecurity governance, risk, and compliance (GRC) program. This role ensures that information security risks are effectively identified, assessed, managed, and monitored across the enterprise. The manager will develop and maintain security policies, oversee compliance initiatives such as PCI DSS, lead vendor security assessments, manage internal security reviews and audits, coordinate incident response activities, and drive security awareness programs.
This role requires a strong understanding of cybersecurity frameworks, risk management methodologies, and regulatory compliance requirements, combined with the ability to collaborate across business and technical teams to strengthen the organization’s overall security posture.
What You’ll Be Doing
- Develop, maintain, and enforce information security policies, standards, and procedures aligned with organizational goals and regulatory requirements.
- Lead and manage the cybersecurity risk management framework, ensuring consistent risk identification, assessment, mitigation, and reporting.
- Oversee PCI DSS compliance and other relevant security or privacy certifications and attestations.
- Conduct and manage vendor risk assessments, ensuring third-party partners meet company security requirements.
- Coordinate and participate in internal and external security audits including penetration testing activities and manage audit findings through remediation to closure.
- Maintain an up-to-date inventory of applications and data assets, including classification of private and sensitive data.
- Manage and continuously improve the security incident response plan; coordinate investigations and ensure timely remediation.
- Lead and conduct annual tabletop exercises to validate incident response readiness.
- Partner with technical teams to review and assess security controls, including periodic user access reviews, firewall rule reviews, and other key control checks.
- Develop and deliver cybersecurity awareness and phishing simulation programs to enhance employee understanding of security responsibilities.
- Provide security risk consultation to business units and project teams to guide secure decision-making and compliance with policy.
- Prepare and present risk reports and security metrics to senior management in business-friendly language, outlining key risks, trends, and recommendations.
- Collaborate with IT, Legal, and Business functions to embed security into operations and projects.
- Remain current with emerging cybersecurity threats, regulations, and best practices, and proactively adjust the security program accordingly.
- Ensure compliance with industry frameworks and regulations (e.g., NIST CSF, ISO 27001, SOC 2, PIPEDA)
- Work in a cooperative manner with the IT Organization
- Perform other duties as assigned to support Rexall Pharmacy Group Ltd.
Knowledge, Skills And Experience
- Bachelor’s degree in information security, Computer Science, Information Technology, or a related field.
- 7+ years of experience in cybersecurity, with at least 3 years in a risk management, governance, or compliance leadership role.
- Experience managing PCI DSS, ISO 27001, NIST CSF, SOC 2, PIPEDA or similar compliance frameworks.
- Proven experience conducting or managing security audits, risk assessments, and vendor security reviews.
- Experience developing and implementing security policies, standards, and procedures.
- Familiarity with incident response, tabletop exercises, and security awareness programs.
- Solid understanding of IT infrastructure, network security, cloud security, and data protection principles.
- Previous experience in incident response and handling security breaches.
- Strong knowledge of cybersecurity frameworks and standards (NIST, CIS Controls, ISO 27001, COBIT).
- Proficiency with GRC tools and risk tracking systems.
- Excellent analytical, documentation, and communication skills, with the ability to influence at all levels.
- Strong project management and stakeholder engagement skills.
- Strong leadership, collaboration, and interpersonal skills.
- High attention to detail and a pragmatic, risk-based approach to problem solving.
- Continuous learner with a proactive mindset to enhance the organization’s security maturity.
- Strong customer service orientation.
- Experience working in a team-oriented, collaborative environment.
At Rexall, we are better together. We serve our customers, partners, and patients best—we are our best—when everyone brings their true self to work. Our connected, inclusive culture celebrates our lived experiences, backgrounds, expertise, and self-expression to let us win as one team. Leveraging our differences distinguishes us and brings out our best performance.
Are you #ALLin?
Rexall Pharmacy Group is committed to providing an accessible environment for all of our customers, employees, and job applicants. Rexall Pharmacy Group will make available to any selected applicants’ accommodations and/or accessible formats should they require. Candidates are encouraged to discuss any accommodation they may need in order to allow for the most effective selection process.
About Rexall
With a heritage dating back more than 100 years, Rexall has evolved to become one of Canada's most trusted pharmacy brands.
Our legacy of helping Canadians has endured through successive evolutions of Rexall and Rexall Pharma Plus, from the apothecary-type drugstores to the modern community pharmacies we are today. Rexall in Canada was established in 1904 in the early days of the United Drug Company and quickly established itself as an innovator in retail pharmacy. At the same time, Tamblyn Drugs was establishing itself in Toronto, Ontario, and would eventually become Pharma Plus.
This progression has led us where we are today, a proud member of the McKesson family ranked seventh on the Fortune 500 and the industry's oldest, largest, most experienced and sophisticated pharmaceutical distributor.
At Rexall, our employees are family, and our culture reflects a close-knit community. From coast to coast, from retail store to Support Centre, we are ALL IN!
A lot may have changed over the years, but our commitment to helping Canadian families and communities be healthier has never been stronger. This vision continues to guide us as we look to the future and increase access to convenient, quality healthcare and products that Canadians can feel good about.
Our 390+ Rexall and Rexall Pharma Plus locations are supported by 7,000 staff dedicated to providing exceptional service and care in 180 communities across Canada. From providing vaccinations such as flu, COVID-19 * or other services within the expanding scopes of pharmacy care. Or offering exclusive daily living products that can help put you on a healthy path, Rexall is focused on continuously evolving to meet the changing needs of our patients and customers.
Rexall is a member of the Rexall Pharmacy Group ULC., a wholly-owned subsidiary of McKesson Corporation.
*Where regulations permit pharmacists to administer the flu vaccinations.