Intern- IT Governance, Risk & Compliance

About The Position

Requirements

• Bachelor’s degree in Business Administration, or fields relating to Risk Management, Cybersecurity, Information Technology
• Strong analytical and problem-solving skills with attention to detail
• Excellent communication skills for engaging with technical and non-technical stakeholders
• Proficiency in Microsoft Office Suite of tools is mandatory
• Outstanding communication skills written and verbal
• Ability to build and earn trust of co-workers and clients quickly
• Friendly, positive demeanor

Nice To Haves

• Familiarity with regulatory frameworks (SOX, GDPR, PIPEDA, NIS2) and industry standards (ISO 27001, NIST, CIS) is considered an asset
• Experience in creating information security documentation, policies, and procedures is considered a plus
• Experience in IT Disaster Recovery and Business Continuity planning is considered a plus

Responsibilities

• Conduct IT risk assessments, identify control gaps, and recommend remediation plans
• Maintain and update the enterprise risk register and track mitigation activities
• Ensure proper risk is identified and managed throughout Tilray IT environments, systems, applications, and throughout IT Projects
• Assist in the design, technical writing, testing, and maintenance of Tilray’s Disaster Recovery, Business Continuity, and other planning efforts
• Perform IT control testing for frameworks such as SOX, GDPR, PIPEDA, and NIS2
• Support internal and external audits by preparing evidence and responding to requests
• Monitor compliance with IT policies, standards, and regulatory requirement
• Assist in drafting, reviewing, and maintaining IT policies and procedures
• Support awareness and training initiatives to promote a compliance culture
• Provide input into the design and implementation of standards, policies, guidelines, and appropriate architectural principles to ensure the company’s cyber security goals continue to be met
• Prepare regular reports on risk, compliance status, and control effectiveness for management
• Provide insights and recommendations to improve the GRC programme
• Work closely with the IT team to ensure that appropriate security guidance is provided to support project delivery
• Support a culture of in-depth understanding as to why security testing is required at both business and internal team level
• Conduct security and compliance assessments of third-party vendors
• Track remediation of identified vendor risks
• Collaborate with IT and the business to properly consider vendor and risk management in new and on-going projects and endeavors
• Work closely with Legal and the business to help review IT specific contractual information