At CareRx, we are shaping the future of senior care through pharmacy services that make a real difference. As Canada’s trusted leader in specialty pharmacy services for long-term care, retirement and congregate living communities, we are committed to enhancing the health of Canadians with unique and complex medication needs. Our goal is to improve clinical outcomes and provide personalized care every step of the way.
CareRx is looking for an experienced Senior Cybersecurity Analyst, reporting to the Director of Cybersecurity to join our team in a highly regulated healthcare environment, where protecting sensitive patient and prescription data is critical to the organization’s mission. As the senior member of the Cybersecurity team, you will be instrumental in maintaining the organization’s security posture and will work closely with internal business units and third-party vendors to safeguard users, infrastructure, applications, and workflows.
You should be able to work in a fast-paced and collaborative environment, with the ability to be nimble, multi-task, and problem solve. You take initiative, excel at strategic planning, and can handle multiple initiatives in parallel. The role is expected to grow in scope and responsibility as the cybersecurity program continues to mature, with measurable impact across risk reduction, detection quality, and incident readiness.
Why you should join CareRx
Collaborative Team: Work with colleagues who share a passion for shaping the future of senior care.
Make a Real Impact: Feel fulfilled knowing your work directly benefits others within the communities we serve.
Flexible Benefits: For eligible roles, enjoy flexible medical and dental coverage that fits your needs.
Defined Work Schedule: Offers a healthy work-life balance with predictable hours.
Focus on Care: Work in an environment where your clinical expertise takes priority without the demands of retail pharmacy.
Supportive Culture: Be part of a respectful, inclusive workplace where collaboration, connection and shared purpose drive everything we do.
Stability and Growth: Join a well-established Canadian company with a strong foundation for job security and opportunities to grow your career.
Appreciation in Action: We recognize great work through peer-nominated awards, team shout-outs and everyday moments of appreciation.
Celebrations and Community: From cultural events to team socials and holiday fun, we make time to connect, celebrate and enjoy the moments that bring us together.
Role Accountabilities
- Act as a cybersecurity subject matter expert, owning projects from initiation through successful implementation, while collaborating with technical and non-technical departments to ensure adherence to established cybersecurity standards.
- Integrate, enhance, and tune existing cybersecurity technologies to address inherent and residual risk, including improvements to logging coverage, policy configuration, and control effectiveness; deploy logging, alerting, and auditing configurations to support 24/7 monitoring (SOC); and review and tune native network, endpoint, and cloud technologies based on best practices.
- Understand cybersecurity maturity and contribute to governance, compliance, and audit activities by providing evidence and technical input for assessments and audits.
- Identify, prioritize, and drive remediation of security vulnerabilities in partnership with infrastructure and development teams, validating completion.
- Research technologies to identify, recommend, and deploy best-in-breed third-party security solutions.
- Research emerging threats, attack vectors, and techniques.
- Assist in the assessment of third-party vendors by evaluating cybersecurity risk, reviewing security controls, and providing technical input to support risk decisions.
- Help define, document, and test incident response playbooks.
- Triage and respond to cybersecurity events, alarms, and incidents in partnership with the 24/7 security operations team (SOC), and provide technical guidance and mentoring to peers, less experienced analysts, and project stakeholders.
The successful candidate will contribute to the following over time:
- Reduced high and critical security vulnerabilities through effective prioritization, coordination, and validation of remediation activities, while improving security monitoring quality by tuning and optimizing alerts to increase signal fidelity and reduce false positives.
- Increased the maturity of incident response capabilities through the development, testing, and execution of periodic tabletop exercises.
- Enhanced the efficiency and consistency of third-party risk assessments through risk-based vendor reviews and improved assessment throughput.
What You Will Bring To The Team
7+ years of professional experience working in cybersecurity or information security roles, including 3+ years performing senior-level responsibilities such as incident response leadership, technical decision-making, and ownership of complex initiatives.
- Proven record of implementing and scaling enterprise-level cybersecurity solutions.
- Hands-on experience conducting third-party cybersecurity risk assessments, including vendor control reviews and use of Third-Party Risk Management (TPRM) platforms and assessment tools, within regulated environments handling sensitive data (e.g., healthcare, financial services, or similar industries).
- Ability to effectively communicate with technical and non-technical stakeholders in written, oral, and presentation formats.
- Knowledge of cybersecurity frameworks and models, including NIST CSF, ISO 27001, and a deep understanding of Zero Trust model, with in-depth understanding of vulnerabilities and threats (CVE, MITRE ATT&CK, OWASP).
- Advanced expertise in security operations technologies, including SIEM (event correlation, enrichment, tuning, validation), endpoint security solutions such as, next-generation AV, EDR, UEM, privilege management, Data Loss Prevention, and modern Identity and Access Management solutions (OAuth2, SAML 2.0), including Active Directory and Microsoft Entra ID environments.
- Hands-on experience with network security technologies such as firewalls, IDS/IPS, network threat protection, URL filtering, DDoS mitigation, and email security platforms.
- Familiarity with cloud security fundamentals across AWS, GCP, and Microsoft Azure, as well as Windows, MAC, and Linux operating systems in physical and virtualized environments, including working knowledge of PKI.
- Practical experience with administration of Network Access Control technologies.
Nice To Have
- Relevant security certifications such as CISSP, CISM, or Microsoft AZ-500 and familiarity with third-party risk and cloud assessment frameworks such as SIG or CAIQ.
- Experience operating in healthcare, pharmacy, or other highly regulated environments.
Compensation Range: 100,000.00 – 115,000.00
Location: This is a hybrid role out of our 320 Bay Street location. There will be after-hours support expectations and participation in an on-call rotation.
Opportunity: This is a current existing position
AI Disclosure: CareRx does not use AI to screen candidates
Application Process
CareRx is committed to employment equity and a diverse, inclusive workplace where everyone can thrive. We welcome applicants of all abilities and will provide accommodations upon request throughout the selection process.
All applicants must successfully pass satisfactory background screening which can include depending on role, Criminal Record Check, Credit Check, Driver’s Abstract, Education Verification, Current Professional Registration and Referencing.
