Intern- IT Governance, Risk & Compliance at Tilray

Leamington, Ontario, Canada -

Full Time

Start Date

Immediate

Expiry Date

16 Jun, 26

Salary

20.0

Posted On

18 Mar, 26

Experience

0 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Risk Assessment, Control Testing, Compliance, Disaster Recovery, Business Continuity, Policy Drafting, Risk Register Maintenance, Audit Support, Vendor Assessment, Reporting, Analytical Skills, Problem-Solving, Communication, Microsoft Office Suite

Industry

Food and Beverage Manufacturing

Description

Summer Internship – IT Governance, Risk & Compliance Location: Leamington, ON, On-Site Full-Time, Paid Internship: $20.00 Per Hour Duration: June 8 – August 14, 2026 Work Schedule: 5 days/ 8 hours About Tilray Brands Inc. Tilray Brands, Inc. (“Tilray”) (Nasdaq: TLRY; TSX: TLRY) is a leading global lifestyle and consumer packaged goods company with operations in Canada, the United States, Europe, Australia, and Latin America that is leading as a transformative force at the nexus of cannabis, beverage, wellness, and entertainment, elevating lives through moments of connection. Tilray’s mission is to be a leading premium lifestyle company with a house of brands and innovative products that inspire joy, wellness and create memorable experiences. Tilray’s unprecedented platform supports over 40 brands in over 20 countries, including comprehensive cannabis offerings, hemp-based foods, and craft beverages. Internship Summary: The IT GRC Intern will support the organization’s IT Governance, Risk, and Compliance (GRC) program by executing day-to-day activities that ensure IT operations align with business objectives, regulatory requirements, and internal policies. This role is critical in strengthening the organization’s risk posture and compliance readiness, working closely with stakeholders across IT, security, and business units. Key Responsibilities: Risk Management o Conduct IT risk assessments, identify control gaps, and recommend remediation plans o Maintain and update the enterprise risk register and track mitigation activities o Ensure proper risk is identified and managed throughout Tilray IT environments, systems, applications, and throughout IT Projects o Assist in the design, technical writing, testing, and maintenance of Tilray’s Disaster Recovery, Business Continuity, and other planning efforts Control Testing & Compliance o Perform IT control testing for frameworks such as SOX, GDPR, PIPEDA, and NIS2 o Support internal and external audits by preparing evidence and responding to requests o Monitor compliance with IT policies, standards, and regulatory requirement ·Governance & Policy Support o Assist in drafting, reviewing, and maintaining IT policies and procedures o Support awareness and training initiatives to promote a compliance culture o Provide input into the design and implementation of standards, policies, guidelines, and appropriate architectural principles to ensure the company’s cyber security goals continue to be met ·Reporting & Metrics o Prepare regular reports on risk, compliance status, and control effectiveness for management o Provide insights and recommendations to improve the GRC programme o Work closely with the IT team to ensure that appropriate security guidance is provided to support project delivery o Support a culture of in-depth understanding as to why security testing is required at both business and internal team level ·Vendor & Third-Party Risk o Conduct security and compliance assessments of third-party vendors o Track remediation of identified vendor risks Collaborate with IT and the business to properly consider vendor and risk management in new and on-going projects and endeavors Work closely with Legal and the business to help review IT specific contractual information Qualifications: * Bachelor’s degree in Business Administration, or fields relating to Risk Management, Cybersecurity, Information Technology * Familiarity with regulatory frameworks (SOX, GDPR, PIPEDA, NIS2) and industry standards (ISO 27001, NIST, CIS) is considered an asset * Strong analytical and problem-solving skills with attention to detail * Excellent communication skills for engaging with technical and non-technical stakeholders * Proficiency in Microsoft Office Suite of tools is mandatory * Outstanding communication skills written and verbal * Experience in creating information security documentation, policies, and procedures is considered a plus * Experience in IT Disaster Recovery and Business Continuity planning is considered a plus * Ability to build and earn trust of co-workers and clients quickly * Friendly, positive demeanor This is a great 3-month paid internship opportunity for third or fourth-year students, as well as new graduates looking for real-world experience. Tilray welcomes applications from all qualified individuals and is committed to employment equity and diversity in the workplace. Tilray does not use artificial intelligence tools to screen, assess, or select applicants. Accommodations are available for applicants with disabilities throughout the recruitment process. If you require accommodations for interviews or other meetings, please advise when submitting your application. Please note that Tilray does not authorize, engage, or sponsor any consultants, agencies or organizations that seek certain personal or financial information from you (e.g. passwords, login ids, credit card information). Tilray does not charge any application, processing or onboarding fee at any stage of the recruitment or hiring process. Tilray does not accept unsolicited resumes from any source other than directly from a candidate. Any unsolicited resumes sent to Tilray or any of its subsidiaries, directly or indirectly, will be considered Tilray Brands, Inc. property. Tilray will not pay a fee for any placement resulting from the receipt of an unsolicited resume. A recruiting agency must first have a valid, written and fully executed agency agreement contract for engaged services to submit resumes.

Responsibilities

The IT GRC Intern will support the IT Governance, Risk, and Compliance program by executing daily activities to ensure IT operations align with business objectives and regulatory requirements. Key duties include conducting risk assessments, performing control testing for frameworks like SOX and GDPR, and assisting with policy maintenance and disaster recovery planning.