About the role
What you are looking for:
- A closely connected culture
- A total rewards package meant to enhance your work-life flexibility
- Fully utilizing your talent
- Professional growth and development via challenging projects and assignments
- Warm and fuzzy feelings knowing you have helped your community, your team, the business and social causes through the Rexall Care Network
Reporting to the Manager, Cybersecurity Risk Management and Compliance, the Cybersecurity Risk Analyst supports the Cybersecurity Risk Management & Compliance Manager in implementing and maintaining the organization’s cybersecurity governance, risk, and compliance (GRC) program. This role is responsible for assisting in the development and enforcement of information security policies, conducting vendor security reviews, managing periodic control assessments, supporting compliance initiatives (such as PCI DSS), coordinating security awareness activities, and helping ensure that cybersecurity risks are identified and managed effectively across the enterprise.
This position requires strong attention to detail, a solid understanding of security and compliance principles, and the ability to collaborate with both business and technical stakeholders.
What you’ll be doing:
- Support the execution of the organization’s cybersecurity risk management process, including identification, assessment, tracking, and mitigation of security risks.
- Assist with maintaining compliance with security frameworks and regulatory standards (e.g., PCI DSS, PIPEDA, NIST CSF, ISO 27001, CIS Controls)
- Collect and organize audit evidence for internal and external audits; follow up on remediation activities for identified findings.
- Conduct vendor risk assessments (VRA) by reviewing security documentation, questionnaires, and controls, and track remediation actions.
- Maintain and update the information security and privacy application inventory, ensuring classification and ownership are accurate.
- Assist in the development, review, and communication of security policies, standards, and procedures.
- Help ensure policies remain current with regulatory and industry best practices.
- Track compliance exceptions and coordinate corrective actions
- Support the organization’s cybersecurity awareness and phishing simulation programs, including tracking participation and metrics
- Develop and distribute awareness materials, newsletters, or campaigns in collaboration with the Cybersecurity team
- Conduct quarterly user access reviews, firewall rule reviews, and other periodic control checks
- Document and track control findings and remediation plans
- Prepare summary reports for management review
- Support the security incident response process, including evidence collection, documentation, and post-incident review
- Participate in annual tabletop exercises and help update response playbooks as needed
- Assist in preparing security metrics, dashboards, and risk reports for management.
- Monitor industry developments, threat trends, and emerging regulations to support continuous program improvement
- Work in a cooperative manner with the IT Organization
- Perform other duties as assigned to support Rexall Pharmacy Group Ltd.
Knowledge, skills and experience:
- Bachelor’s degree in information security, Information Technology, Computer Science, or a related field.
- 2–5 years of experience in information security, IT audit, or risk and compliance roles
- Understanding of common cybersecurity frameworks (NIST, ISO 27001, CIS Controls, PCI DSS)
- Experience with security risk assessments, vendor risk reviews, or audit evidence collection
- Strong understanding of IT systems, cloud environments, network security, and data protection fundamentals
- Proficient in using GRC platforms or tracking spreadsheets for risk/compliance activities
- Familiarity with security tools and software such as SIEM (Security Information and Event Management) systems, vulnerability scanners, and penetration testing tools.
- Experience with cloud security and securing virtualized environments.
- Knowledge of regulatory compliance standards such as PIPEDA, or PCI DSS.
- Previous experience in incident response and handling security breaches.
- Systems administration experience, in UNIX, Networks and Windows is considered a strong asset.
- Excellent analytical and documentation skills with strong attention to detail
- Ability to communicate security and compliance concepts clearly to both technical and non-technical stakeholders
- Strong organizational and time management skills to manage multiple priorities
- Curious, proactive, and eager to learn across a broad range of cybersecurity domains.
- Strong integrity and professionalism when handling sensitive data or confidential assessments
- Team-oriented with a collaborative approach to solving problems.
- Ability to work independently under minimal supervision while meeting deadlines
- Strong customer service orientation.
At Rexall, we are better together. We serve our customers, partners, and patients best—we are our best—when everyone brings their true self to work. Our connected, inclusive culture celebrates our lived experiences, backgrounds, expertise, and self-expression to let us win as one team. Leveraging our differences distinguishes us and brings out our best performance.
Are you #ALLin?
Rexall Pharmacy Group is committed to providing an accessible environment for all of our customers, employees, and job applicants. Rexall Pharmacy Group will make available to any selected applicants’ accommodations and/or accessible formats should they require. Candidates are encouraged to discuss any accommodation they may need in order to allow for the most effective selection process.
About Rexall
With a heritage dating back more than 100 years, Rexall has evolved to become one of Canada's most trusted pharmacy brands.
Our legacy of helping Canadians has endured through successive evolutions of Rexall and Rexall Pharma Plus, from the apothecary-type drugstores to the modern community pharmacies we are today. Rexall in Canada was established in 1904 in the early days of the United Drug Company and quickly established itself as an innovator in retail pharmacy. At the same time, Tamblyn Drugs was establishing itself in Toronto, Ontario, and would eventually become Pharma Plus.
This progression has led us where we are today, a proud member of the McKesson family ranked seventh on the Fortune 500 and the industry's oldest, largest, most experienced and sophisticated pharmaceutical distributor.
At Rexall, our employees are family, and our culture reflects a close-knit community. From coast to coast, from retail store to Support Centre, we are ALL IN!
A lot may have changed over the years, but our commitment to helping Canadian families and communities be healthier has never been stronger. This vision continues to guide us as we look to the future and increase access to convenient, quality healthcare and products that Canadians can feel good about.
Our 390+ Rexall and Rexall Pharma Plus locations are supported by 7,000 staff dedicated to providing exceptional service and care in 180 communities across Canada. From providing vaccinations such as flu, COVID-19 * or other services within the expanding scopes of pharmacy care. Or offering exclusive daily living products that can help put you on a healthy path, Rexall is focused on continuously evolving to meet the changing needs of our patients and customers.
Rexall is a member of the Rexall Pharmacy Group ULC., a wholly-owned subsidiary of McKesson Corporation.
*Where regulations permit pharmacists to administer the flu vaccinations.
About the role
What you are looking for:
- A closely connected culture
- A total rewards package meant to enhance your work-life flexibility
- Fully utilizing your talent
- Professional growth and development via challenging projects and assignments
- Warm and fuzzy feelings knowing you have helped your community, your team, the business and social causes through the Rexall Care Network
Reporting to the Manager, Cybersecurity Risk Management and Compliance, the Cybersecurity Risk Analyst supports the Cybersecurity Risk Management & Compliance Manager in implementing and maintaining the organization’s cybersecurity governance, risk, and compliance (GRC) program. This role is responsible for assisting in the development and enforcement of information security policies, conducting vendor security reviews, managing periodic control assessments, supporting compliance initiatives (such as PCI DSS), coordinating security awareness activities, and helping ensure that cybersecurity risks are identified and managed effectively across the enterprise.
This position requires strong attention to detail, a solid understanding of security and compliance principles, and the ability to collaborate with both business and technical stakeholders.
What you’ll be doing:
- Support the execution of the organization’s cybersecurity risk management process, including identification, assessment, tracking, and mitigation of security risks.
- Assist with maintaining compliance with security frameworks and regulatory standards (e.g., PCI DSS, PIPEDA, NIST CSF, ISO 27001, CIS Controls)
- Collect and organize audit evidence for internal and external audits; follow up on remediation activities for identified findings.
- Conduct vendor risk assessments (VRA) by reviewing security documentation, questionnaires, and controls, and track remediation actions.
- Maintain and update the information security and privacy application inventory, ensuring classification and ownership are accurate.
- Assist in the development, review, and communication of security policies, standards, and procedures.
- Help ensure policies remain current with regulatory and industry best practices.
- Track compliance exceptions and coordinate corrective actions
- Support the organization’s cybersecurity awareness and phishing simulation programs, including tracking participation and metrics
- Develop and distribute awareness materials, newsletters, or campaigns in collaboration with the Cybersecurity team
- Conduct quarterly user access reviews, firewall rule reviews, and other periodic control checks
- Document and track control findings and remediation plans
- Prepare summary reports for management review
- Support the security incident response process, including evidence collection, documentation, and post-incident review
- Participate in annual tabletop exercises and help update response playbooks as needed
- Assist in preparing security metrics, dashboards, and risk reports for management.
- Monitor industry developments, threat trends, and emerging regulations to support continuous program improvement
- Work in a cooperative manner with the IT Organization
- Perform other duties as assigned to support Rexall Pharmacy Group Ltd.
Knowledge, skills and experience:
- Bachelor’s degree in information security, Information Technology, Computer Science, or a related field.
- 2–5 years of experience in information security, IT audit, or risk and compliance roles
- Understanding of common cybersecurity frameworks (NIST, ISO 27001, CIS Controls, PCI DSS)
- Experience with security risk assessments, vendor risk reviews, or audit evidence collection
- Strong understanding of IT systems, cloud environments, network security, and data protection fundamentals
- Proficient in using GRC platforms or tracking spreadsheets for risk/compliance activities
- Familiarity with security tools and software such as SIEM (Security Information and Event Management) systems, vulnerability scanners, and penetration testing tools.
- Experience with cloud security and securing virtualized environments.
- Knowledge of regulatory compliance standards such as PIPEDA, or PCI DSS.
- Previous experience in incident response and handling security breaches.
- Systems administration experience, in UNIX, Networks and Windows is considered a strong asset.
- Excellent analytical and documentation skills with strong attention to detail
- Ability to communicate security and compliance concepts clearly to both technical and non-technical stakeholders
- Strong organizational and time management skills to manage multiple priorities
- Curious, proactive, and eager to learn across a broad range of cybersecurity domains.
- Strong integrity and professionalism when handling sensitive data or confidential assessments
- Team-oriented with a collaborative approach to solving problems.
- Ability to work independently under minimal supervision while meeting deadlines
- Strong customer service orientation.
At Rexall, we are better together. We serve our customers, partners, and patients best—we are our best—when everyone brings their true self to work. Our connected, inclusive culture celebrates our lived experiences, backgrounds, expertise, and self-expression to let us win as one team. Leveraging our differences distinguishes us and brings out our best performance.
Are you #ALLin?
Rexall Pharmacy Group is committed to providing an accessible environment for all of our customers, employees, and job applicants. Rexall Pharmacy Group will make available to any selected applicants’ accommodations and/or accessible formats should they require. Candidates are encouraged to discuss any accommodation they may need in order to allow for the most effective selection process.
About Rexall
With a heritage dating back more than 100 years, Rexall has evolved to become one of Canada's most trusted pharmacy brands.
Our legacy of helping Canadians has endured through successive evolutions of Rexall and Rexall Pharma Plus, from the apothecary-type drugstores to the modern community pharmacies we are today. Rexall in Canada was established in 1904 in the early days of the United Drug Company and quickly established itself as an innovator in retail pharmacy. At the same time, Tamblyn Drugs was establishing itself in Toronto, Ontario, and would eventually become Pharma Plus.
This progression has led us where we are today, a proud member of the McKesson family ranked seventh on the Fortune 500 and the industry's oldest, largest, most experienced and sophisticated pharmaceutical distributor.
At Rexall, our employees are family, and our culture reflects a close-knit community. From coast to coast, from retail store to Support Centre, we are ALL IN!
A lot may have changed over the years, but our commitment to helping Canadian families and communities be healthier has never been stronger. This vision continues to guide us as we look to the future and increase access to convenient, quality healthcare and products that Canadians can feel good about.
Our 390+ Rexall and Rexall Pharma Plus locations are supported by 7,000 staff dedicated to providing exceptional service and care in 180 communities across Canada. From providing vaccinations such as flu, COVID-19 * or other services within the expanding scopes of pharmacy care. Or offering exclusive daily living products that can help put you on a healthy path, Rexall is focused on continuously evolving to meet the changing needs of our patients and customers.
Rexall is a member of the Rexall Pharmacy Group ULC., a wholly-owned subsidiary of McKesson Corporation.
*Where regulations permit pharmacists to administer the flu vaccinations.