Manager, BT Security and Compliance

at  SNDL

Job Title
Manager, BT Security and Compliance
Job Description
About SNDL
SNDL is the largest private-sector liquor and cannabis retailer in Canada with retail banners that include Ace Liquor, Wine and Beyond, Liquor Depot, Value Buds, and Spiritleaf. SNDL is a licensed cannabis producer and one of the largest vertically integrated cannabis companies in Canada specializing in low-cost biomass sourcing, premium indoor cultivation, product innovation, low-cost manufacturing facilities, and a cannabis brand portfolio that includes Top Leaf, Contraband, Citizen Stash, Sundial Cannabis, Palmetto, Bon Jak, Spiritleaf Selects, Versus Cannabis, Value Buds, Vacay, Grasslands and Superette. SNDL’s investment portfolio seeks to deploy strategic capital through direct and indirect investments and partnerships throughout the global cannabis industry. For more information on SNDL, please go to www.sndl.com
About the Role
Reporting to the Vice President of Business Technology Operations, the Manager, Business Technology (BT) Security and Compliance is responsible for leading the day-to-day operations and continuous improvement of a 24x7x365 BT Security & Compliance team for all SNDL Business Units and banners. This position will be responsible for designing, maintaining, configuring, troubleshooting, auditing, and documenting the status of all security and compliance controls. The position supports the organization’s technology needs to provide a robust, secure, and reliable computing environment.

Key Attributes:

• Spirited team leader with a talent for motivating local and remote teams.
• Strong communicator. When you speak, others are interested in listening.
• Strategic thinker, and always find yourself at least a step ahead!
• You handle even the tightest deadlines and high-pressure situations with a cool head and clear vision.
• Collaborative mindset with a knack for simplifying complex problems.
• Proactive approach to addressing security risks and compliance challenges.
• Relatable and exceptional at building relationships with key stakeholders.

Role and responsibilities include, but are not limited to:

General Responsibilities

• Provide leadership, direction, guidance, and supervision to both Security and Compliance analysts.
• Work with team members to ensure their S.M.A.R.T. objectives align with the business directives. Establish a cadence for review, constant improvement, and expectation setting.
• Establish clear responsibilities and expectations on tasks and projects, with planned follow-up on your teams’ deliverables, including your own. Use a project management mindset to foster accountability and high-quality output.
• Foster a supportive work environment. As a Manager, you will be encouraged to promote team building and open-door communication. You will also play a crucial role in informing your team of large-scale business changes and how they impact their work, ensuring they feel supported and confident in their roles.
• Mentor team members in their respective disciplines and assist in continuous growth and development.
• Collaborate with BT teams and other related organizational departments to develop and maintain incident response plans to effectively address and mitigate security incidents such as breaches, data leaks, cyber-attacks, etc.
• Monitor industry developments, regulatory changes, and emerging technology compliance and security best practices to assist with implementing improvements to the organization’s IT compliance and security programs accordingly.
• Work closely with other departments, including BT, Legal, Regulatory and Compliance, Internal Audit, Human Resources and Risk/Loss Management, to address compliance-related issues and ensure a coordinated approach to compliance efforts.

Security-Related Skills and Initiatives
Technology Policy Development: Develop and enforce security policies, procedures, and guidelines in alignment with industry standards and regulatory requirements.
Risk Assessment: Identify, assess, and prioritize security risks and vulnerabilities within the organization’s technology systems and networks.
Security Architecture: Participate in the design and implementation of robust security architectures for networks, systems, applications, and data to safeguard against cyber threats and ensure compliance.
Security Awareness Training: Conduct security awareness training programs to educate employees about best practices for data protection, password security, phishing awareness, and other relevant topics.
Compliance: Ensure compliance with relevant data protection laws, regulations, and industry standards (e.g., GDPR, PCI DSS).
Security Tools Management: Oversee the selection, deployment, and management of security tools and technologies such as firewalls, intrusion detection/prevention systems (IDS/IPS), antivirus software, encryption tools, and security information and event management (SIEM) systems.
Vulnerability Management: Implement processes for identifying, prioritizing, and remediating security vulnerabilities across the organization’s IT infrastructure.
Security Audits and Assessments: Conduct regular security audits and assessments to evaluate security controls’ effectiveness and identify areas for improvement.
Collaboration: Collaborate with cross-functional teams, including IT, legal, compliance, and business units, to ensure a holistic approach to security and compliance.
Budgeting and Resource Management: Develop and manage the security budget, allocate resources effectively, and invest strategically in security initiatives.
Continuous Improvement: Stay informed about emerging threats, technologies, and best practices in cybersecurity, and continuously improve the organization’s security posture.
Technology Compliance-Related Skills and Initiatives
Regulatory Compliance: Stay abreast of relevant laws, regulations, and industry standards relating to technology and data management (e.g., GDPR, Sarbanes Oxley (SOX), PCI DSS) and ensure the organization’s IT practices adhere to these requirements.
Policy Development and Enforcement: Develop, review, and enforce technology compliance policies, procedures, and guidelines in alignment with regulatory requirements and industry best practices.
Risk Assessment and Management: Identify, assess, and prioritize technology-related risks and vulnerabilities and develop strategies to mitigate them effectively.
Compliance Audits and Assessments: Plan, coordinate, and conduct regular compliance audits and assessments to evaluate the organization’s adherence to applicable regulations and standards.
Documentation and Reporting: Maintain comprehensive documentation of compliance activities, findings, and remediation efforts. Prepare reports and presentations for senior management, auditors and regulatory authorities as required.
Training and Awareness: Develop and deliver training programs to educate employees about technology compliance requirements, policies, and procedures. Foster a culture of compliance across the organization.
Vendor Management: Evaluate and manage third-party vendors and service providers to ensure their technology solutions and practices comply with regulatory requirements and organizational standards.
Data Governance: Establish and maintain data governance frameworks to ensure the confidentiality, integrity, and availability of sensitive information, including data classification, access controls, and data retention policies.
Change Management: Implement processes for managing technology systems and infrastructure changes in compliance with regulatory requirements and organizational policies.

Required Competencies

• A minimum of 5 years of experience in an IT security and compliance management or GRC role, preferably in a manufacturing, retail, or e-commerce environment.
• Bachelor’s degree in Computer Science, Information Technology, or related field; advanced degree or relevant certifications (e.g., CISSP, CISA, CISM) preferred.
• Expertise in the security practices of the payment industry, Sarbanes Oxley (SOX) and in other security regulations (PCI-DSS, SOX, COBIT, NIST, ISO 2700x, ITIL)
• Experience with GRC platforms such as Auditboard or similar.
• Strong knowledge and hands-on experience with Microsoft 365(M365) security solutions including Defender series (office 365, Endpoint, Cloud Apps, Identity, BitLocker encryption), conditional access, Privileged Identity Management (PIM) and Intune and Purview as well as M365 hardening.
• Security products and services including but not limited to Firewalls, IDS/IPS, Endpoint Protection, MDM, Email Security/Spam/Phish filters, EDR/XDR
• Proven experience developing and implementing security policies, standards, and procedures.
• Excellent communication and interpersonal skills, with the ability to collaborate effectively with cross-functional teams.
• Strong analytical skills and attention to detail, with the ability to assess complex security risks and develop practical solutions.
• Demonstrated leadership abilities and the capacity to drive initiatives in a fast-paced environment.

We are an equal opportunity employer committed to workforce diversity. We thank all applicants for their interest in SNDL; however, only candidates selected for an interview will be contacted.
About SNDL
SNDL is the largest private-sector liquor and cannabis retailer in Canada with retail banners that include Ace Liquor, Wine and Beyond, Liquor Depot, Value Buds, and Spiritleaf. SNDL is a licensed cannabis producer and one of the largest vertically integrated cannabis companies in Canada specializing in low-cost biomass sourcing, premium indoor cultivation, product innovation, low-cost manufacturing facilities, and a cannabis brand portfolio that includes Top Leaf, Contraband, Citizen Stash, Sundial Cannabis, Palmetto, Bon Jak, Spiritleaf Selects, Versus Cannabis, Value Buds, Vacay, Grasslands and Superette. SNDL’s investment portfolio seeks to deploy strategic capital through direct and indirect investments and partnerships throughout the global cannabis industry. For more information on SNDL, please go to www.sndl.com
About the Role
Reporting to the Vice President of Business Technology Operations, the Manager, Business Technology (BT) Security and Compliance is responsible for leading the day-to-day operations and continuous improvement of a 24x7x365 BT Security & Compliance team for all SNDL Business Units and banners. This position will be responsible for designing, maintaining, configuring, troubleshooting, auditing, and documenting the status of all security and compliance controls. The position supports the organization’s technology needs to provide a robust, secure, and reliable computing environment.

Key Attributes:

• Spirited team leader with a talent for motivating local and remote teams.
• Strong communicator. When you speak, others are interested in listening.
• Strategic thinker, and always find yourself at least a step ahead!
• You handle even the tightest deadlines and high-pressure situations with a cool head and clear vision.
• Collaborative mindset with a knack for simplifying complex problems.
• Proactive approach to addressing security risks and compliance challenges.
• Relatable and exceptional at building relationships with key stakeholders.

Role and responsibilities include, but are not limited to:

General Responsibilities

• Provide leadership, direction, guidance, and supervision to both Security and Compliance analysts.
• Work with team members to ensure their S.M.A.R.T. objectives align with the business directives. Establish a cadence for review, constant improvement, and expectation setting.
• Establish clear responsibilities and expectations on tasks and projects, with planned follow-up on your teams’ deliverables, including your own. Use a project management mindset to foster accountability and high-quality output.
• Foster a supportive work environment. As a Manager, you will be encouraged to promote team building and open-door communication. You will also play a crucial role in informing your team of large-scale business changes and how they impact their work, ensuring they feel supported and confident in their roles.
• Mentor team members in their respective disciplines and assist in continuous growth and development.
• Collaborate with BT teams and other related organizational departments to develop and maintain incident response plans to effectively address and mitigate security incidents such as breaches, data leaks, cyber-attacks, etc.
• Monitor industry developments, regulatory changes, and emerging technology compliance and security best practices to assist with implementing improvements to the organization’s IT compliance and security programs accordingly.
• Work closely with other departments, including BT, Legal, Regulatory and Compliance, Internal Audit, Human Resources and Risk/Loss Management, to address compliance-related issues and ensure a coordinated approach to compliance efforts.

Security-Related Skills and Initiatives
Technology Policy Development: Develop and enforce security policies, procedures, and guidelines in alignment with industry standards and regulatory requirements.
Risk Assessment: Identify, assess, and prioritize security risks and vulnerabilities within the organization’s technology systems and networks.
Security Architecture: Participate in the design and implementation of robust security architectures for networks, systems, applications, and data to safeguard against cyber threats and ensure compliance.
Security Awareness Training: Conduct security awareness training programs to educate employees about best practices for data protection, password security, phishing awareness, and other relevant topics.
Compliance: Ensure compliance with relevant data protection laws, regulations, and industry standards (e.g., GDPR, PCI DSS).
Security Tools Management: Oversee the selection, deployment, and management of security tools and technologies such as firewalls, intrusion detection/prevention systems (IDS/IPS), antivirus software, encryption tools, and security information and event management (SIEM) systems.
Vulnerability Management: Implement processes for identifying, prioritizing, and remediating security vulnerabilities across the organization’s IT infrastructure.
Security Audits and Assessments: Conduct regular security audits and assessments to evaluate security controls’ effectiveness and identify areas for improvement.
Collaboration: Collaborate with cross-functional teams, including IT, legal, compliance, and business units, to ensure a holistic approach to security and compliance.
Budgeting and Resource Management: Develop and manage the security budget, allocate resources effectively, and invest strategically in security initiatives.
Continuous Improvement: Stay informed about emerging threats, technologies, and best practices in cybersecurity, and continuously improve the organization’s security posture.
Technology Compliance-Related Skills and Initiatives
Regulatory Compliance: Stay abreast of relevant laws, regulations, and industry standards relating to technology and data management (e.g., GDPR, Sarbanes Oxley (SOX), PCI DSS) and ensure the organization’s IT practices adhere to these requirements.
Policy Development and Enforcement: Develop, review, and enforce technology compliance policies, procedures, and guidelines in alignment with regulatory requirements and industry best practices.
Risk Assessment and Management: Identify, assess, and prioritize technology-related risks and vulnerabilities and develop strategies to mitigate them effectively.
Compliance Audits and Assessments: Plan, coordinate, and conduct regular compliance audits and assessments to evaluate the organization’s adherence to applicable regulations and standards.
Documentation and Reporting: Maintain comprehensive documentation of compliance activities, findings, and remediation efforts. Prepare reports and presentations for senior management, auditors and regulatory authorities as required.
Training and Awareness: Develop and deliver training programs to educate employees about technology compliance requirements, policies, and procedures. Foster a culture of compliance across the organization.
Vendor Management: Evaluate and manage third-party vendors and service providers to ensure their technology solutions and practices comply with regulatory requirements and organizational standards.
Data Governance: Establish and maintain data governance frameworks to ensure the confidentiality, integrity, and availability of sensitive information, including data classification, access controls, and data retention policies.
Change Management: Implement processes for managing technology systems and infrastructure changes in compliance with regulatory requirements and organizational policies.

Required Competencies

• A minimum of 5 years of experience in an IT security and compliance management or GRC role, preferably in a manufacturing, retail, or e-commerce environment.
• Bachelor’s degree in Computer Science, Information Technology, or related field; advanced degree or relevant certifications (e.g., CISSP, CISA, CISM) preferred.
• Expertise in the security practices of the payment industry, Sarbanes Oxley (SOX) and in other security regulations (PCI-DSS, SOX, COBIT, NIST, ISO 2700x, ITIL)
• Experience with GRC platforms such as Auditboard or similar.
• Strong knowledge and hands-on experience with Microsoft 365(M365) security solutions including Defender series (office 365, Endpoint, Cloud Apps, Identity, BitLocker encryption), conditional access, Privileged Identity Management (PIM) and Intune and Purview as well as M365 hardening.
• Security products and services including but not limited to Firewalls, IDS/IPS, Endpoint Protection, MDM, Email Security/Spam/Phish filters, EDR/XDR
• Proven experience developing and implementing security policies, standards, and procedures.
• Excellent communication and interpersonal skills, with the ability to collaborate effectively with cross-functional teams.
• Strong analytical skills and attention to detail, with the ability to assess complex security risks and develop practical solutions.
• Demonstrated leadership abilities and the capacity to drive initiatives in a fast-paced environment.

We are an equal opportunity employer committed to workforce diversity. We thank all applicants for their interest in SNDL; however, only candidates selected for an interview will be contacted.
Number of Openings
1
Time Type
Full tim

General Responsibilities

• Provide leadership, direction, guidance, and supervision to both Security and Compliance analysts.
• Work with team members to ensure their S.M.A.R.T. objectives align with the business directives. Establish a cadence for review, constant improvement, and expectation setting.
• Establish clear responsibilities and expectations on tasks and projects, with planned follow-up on your teams’ deliverables, including your own. Use a project management mindset to foster accountability and high-quality output.
• Foster a supportive work environment. As a Manager, you will be encouraged to promote team building and open-door communication. You will also play a crucial role in informing your team of large-scale business changes and how they impact their work, ensuring they feel supported and confident in their roles.
• Mentor team members in their respective disciplines and assist in continuous growth and development.
• Collaborate with BT teams and other related organizational departments to develop and maintain incident response plans to effectively address and mitigate security incidents such as breaches, data leaks, cyber-attacks, etc.
• Monitor industry developments, regulatory changes, and emerging technology compliance and security best practices to assist with implementing improvements to the organization’s IT compliance and security programs accordingly.
• Work closely with other departments, including BT, Legal, Regulatory and Compliance, Internal Audit, Human Resources and Risk/Loss Management, to address compliance-related issues and ensure a coordinated approach to compliance efforts

General Responsibilities

• Provide leadership, direction, guidance, and supervision to both Security and Compliance analysts.
• Work with team members to ensure their S.M.A.R.T. objectives align with the business directives. Establish a cadence for review, constant improvement, and expectation setting.
• Establish clear responsibilities and expectations on tasks and projects, with planned follow-up on your teams’ deliverables, including your own. Use a project management mindset to foster accountability and high-quality output.
• Foster a supportive work environment. As a Manager, you will be encouraged to promote team building and open-door communication. You will also play a crucial role in informing your team of large-scale business changes and how they impact their work, ensuring they feel supported and confident in their roles.
• Mentor team members in their respective disciplines and assist in continuous growth and development.
• Collaborate with BT teams and other related organizational departments to develop and maintain incident response plans to effectively address and mitigate security incidents such as breaches, data leaks, cyber-attacks, etc.
• Monitor industry developments, regulatory changes, and emerging technology compliance and security best practices to assist with implementing improvements to the organization’s IT compliance and security programs accordingly.
• Work closely with other departments, including BT, Legal, Regulatory and Compliance, Internal Audit, Human Resources and Risk/Loss Management, to address compliance-related issues and ensure a coordinated approach to compliance efforts