Security Consultant II - Policy and ISMS Specialist
TELUS
By choosing TELUS you get access to amazing plans, phones and high-speed internet on Canada's most-awarded network, and help connect Canadians in need.
We live in and work in a rapidly evolving digital world where cyber security is critical. Protecting information and ensuring the reliability of network and services is paramount. The TELUS Health CSO team strives to always be steps ahead, tackling the toughest cyber security challenges head-on with top talent and cutting-edge technology.
Join our Team
The TELUS Health CSO team is committed to providing excellence in securing our internal and customers’ data and systems, ensuring world-class reliability of security networks and systems, and improving our overall cyber security posture. We manage our cyber risks and provide industry leading cyber governance, assurance and oversight to secure our data.
As a member of the TELUS Health Chief Security Office (CSO) Team, you’ll help to build an innovative approach to delivering information security in a dynamic environment by collaborating with the broader security, IT, product and business units, and establishing risk-based, repeatable, and measurable security processes across the organization.
You will report to the Information Security Manager, playing an integral role in the growth of the information security management system (ISMS) and the elevation of security policy and standards in an international context, and support enterprise-wide operational implementation of security initiatives.
What you'll do
- Play a lead role in the growth of the information security management system (ISMS), establishing governance processes and mechanisms for assessing the effectiveness of the security program, and delivering recommendations for continual improvement.
- Lead the development of security policies and standards to ensure compliance with industry standards, best-practices and international regulations.
- Critically analyze existing security policy for acquisitions, perform detailed gap assessments, and support change management efforts.
- Steer security policy implementation through policy socialization and business engagement efforts to ensure alignment between ISMS program strategy, business goals and broader requirements of the organization.
- Work with stakeholders to manage security policy exceptions, contributing to risk assessment, recommending compensatory controls and corrective action plans, overseeing approvals and providing oversight.
- Perform a lead role in our Security Desk, answering inquiries and requests from the broader organization about security policy, controls and requirements.
- Recommend and support administration and deployment of security tools to address security needs and support process improvements.
- Maintain in-depth knowledge of information security frameworks, global data protection and health-industry specific regulations, methodologies and standards and adapt security policy to meet changing threats and requirements.
Qualifications
You’ll be a great fit for this role if you have…
- Excellent communication and interpersonal skills, with the ability to communicate requirements effectively, develop consensus and build relationships with stakeholders at all levels of the organization.
- Possess a strong sense of curiosity, are proactive, and demonstrate a proven ability to take initiative.
- Able to define an approach, seeking support and feedback from team members, and ensuring objectives are met in line with expectations.
- Strong analytical skills and meticulous attention to detail, with the ability to interpret and analyze security data and reports effectively.
- Skilled at navigating complex scenarios and prioritizing tasks effectively in a dynamic and changing environment.
- Comfortable with ambiguity, you are able to adapt, make adjustments and maintain focus and positivity through change.
- A natural team player who proactively supports others in their growth and development, helping to build a strong and supportive team.
Qualifications and Technical Skills
- You have 5+ years of experience in a similar capacity.
- Experience in developing security policy and standards for foundational information security domains (such as cyber risk management, access control, asset management, data protection, cloud security, networking, cryptography, SDLC, incident management, etc.).
- Experience implementing security frameworks, including ISO 27001/2, AICPA SOC 2 Trust Services Principles, and NIST Cybersecurity Framework.
- Familiarity with relevant data protection, privacy and health-related laws and regulations, such as GDPR, HIPAA, PIPEDA.
- Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
- Experience working with GRC platforms such as OneTrust and AuditBoard, project management tools such as Monday.com, and collaboration workspaces such as Confluence and SharePoint.
Great-to-haves
- Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or ISO27K Lead Implementer or Lead Auditor are highly desirable.
- Work experience in the Healthcare sector or related industry.
- Experience with additional frameworks and standards, such as NIST 800-53, PCI-DSS, CIS Benchmarks, COBIT and/or ISF.