Agency - Senior Director, Information Security

About Apotex Inc.

Apotex Inc. is a Canadian-based global health company that produces high-quality, affordable medicines for patients around the world. Apotex employs almost 7,200 people worldwide in manufacturing, R&D, and commercial operations. Apotex medicines are accessible to patients in more than 75 countries globally. Through vertical integration, the Apotex group is focused on the development and sale of generic, biosimilar and specialty products.
For more information visit: www.apotex.com.

Job Summary

The Information Security Director is a senior-level leader at Apotex responsible for overseeing and implementing the organization’s information security strategy, policies and operations. They play a critical role in safeguarding the company's IP, data, systems, networks and operational assets from potential cyber threats, ensuring compliance with relevant regulations, creating awareness and pro-actively promoting a strong cybersecurity culture within the organization globally.

Job Responsibilities

Information Security Strategy:

• Develop, implement, and maintain Apotex information security strategy and roadmap.
• Align information and data security and privacy initiatives with overall business objectives.
• Evaluate emerging threats and technologies to ensure the security strategy remains current and effective.
• Develops and maintains effective relationships with counterparts in the industry as part of research into emerging technology and “best practices;”

Risk Management:

• Identify, assess, and prioritize information security risks.
• Develop and implement risk mitigation strategies and controls.
• Establish risk management frameworks and policies.

Security Governance and Compliance:

• Ensure compliance with relevant laws, regulations, and industry standards.
• Define and enforce information security policies, standards, and procedures.
• Establish a governance structure for information security & Compliance oversight.

Security Architecture:

• Design and implement a robust information security architecture.
• Oversee the selection and deployment of security technologies.
• Ensure the integration of security controls into the various systems and infrastructure solutions deployed by IT and OT teams across the company in the offices and the plants.
• Recommend the acquisition of new equipment, instrumentation and software solutions

Incident Detection, Response & Monitoring:

• Develop and maintain an incident response plan.
• Lead the response to security incidents, including coordination with internal teams and external partners.
• Conduct post-incident analysis and implement improvements to prevent future incidents.
• Build and run a Security Operations Center to monitor risks, incidents and incidents response activities.
• Implement and oversee security monitoring tools and processes.
• Generate regular reports on the state of information security to executive leadership.

Security Awareness and Training:

• Promote a culture of security awareness throughout the organization.
• Develop and deliver training programs for employees on security best practices.
• Monitor and measure the effectiveness of security awareness initiatives.

Vendor Management:

• Evaluate and manage the security posture of third-party vendors.
• Establish security requirements for vendor contracts and agreements.
• Select vendors for outsourced security operations;

Team Leadership:

• Build, lead, and mentor a high-performing information security team.
• Foster a collaborative and innovative work environment.
• Utilize own networks to attract and hire talent in a comprehensive, differentiated and consistent manner essential to our continued growth.
• Onboard new employees by providing a consistent experience that reflects the values and commitments made to candidates during the hiring process.
• Ensure adherence of team members (direct reports) with all compliance programs and company policies and procedures.
• Build & Manage Cybersecurity budget

Job Requirements

• Education

• University graduate in computer science or a related field;

• Knowledge, Skills and Abilities
  • CISSP or a related IT Security or Privacy designation;
  • Advanced knowledge of Information Technology including networking, server and endpoint technologies;
  • Advanced knowledge of IT security strategies and solutions;
  • Experience in leading and influencing the activities and interaction of direct reports, project team members and stakeholders.
  • Experience developing and managing staff; Strong organizational skills; ability to work independently and manage priorities;
  • oral and written English communication skills;
  • Ability to manage multiple tasks and projects simultaneously;
  • interpersonal skills and ability to relate well to internal and external customers;

• Experience

• 10 plus years of experience in, Information Systems, Project Management and/or Management Consulting Environment; with deep technical expertise in Cybersecurity
• Experience in organizations with manufacturing, engineering and/or logistics operations at global scale
• Experience building and running cybersecurity solutions for offices and plants covering both IT and OT systems.  

At Apotex, we are committed to fostering an inclusive, accessible work environment, where all employees feel valued, respected and supported.

Apotex offers accommodation for applicants with disabilities as part of its recruitment process.  If you are contacted to arrange for an interview or testing, please advise us if you require an accommodation.