Information Security, Policy & Governance Specialist

Description

We live in and work in a rapidly evolving digital world where cyber security is critical. Protecting information and ensuring the reliability of network and services is paramount. The TELUS Health CSO team strives to always be steps ahead, tackling the toughest cyber security challenges head-on with top talent and cutting-edge technology.

Join our Team

The TELUS Health CSO team is committed to providing excellence in securing our internal and customers' data and systems, ensuring world-class reliability of security networks and systems, and improving our overall cyber security posture. We manage our cyber risks and provide industry leading cyber governance, assurance and oversight to secure our data.

We partner with industry leaders to meet the cyber security needs of both TELUS Health and our customers to meet the demands of an increasingly complex and ever-changing cyber security landscape. We are passionate about learning and growing as individuals and as a team, all of which enables us to thrive in a dynamic, fast-paced environment.

Here's the impact you'll make and what we'll accomplish together

As a member of the TELUS Health Chief Security Office (CSO) Team, you'll help to build an innovative approach to delivering information security in a dynamic environment by collaborating with the broader security, IT, product and business units, and establishing risk-based, repeatable, and measurable security processes across the organization.

You will report to the Information Security Manager, playing an integral role in the growth of the information security management system (ISMS) and the elevation of security policy and standards in an international context, and support enterprise-wide operational implementation of security initiatives.

What you'll do

• Play a lead role in the growth of the information security management system (ISMS), establishing governance processes and mechanisms for assessing the effectiveness of the security program, and delivering recommendations for continual improvement
• Lead the development of security policies and standards to ensure compliance with industry standards, best-practices and international regulations
• Critically analyze existing security policy for acquisitions, perform detailed gap assessments, and support change management efforts
• Steer security policy implementation through policy socialization and business engagement efforts to ensure alignment between ISMS program strategy, business goals and broader requirements of the organization
• Work with stakeholders to manage security policy exceptions, contributing to risk assessment, recommending compensatory controls and corrective action plans, overseeing approvals and providing oversight
• Perform a lead role in our Security Desk, answering inquiries and requests from the broader organization about security policy, controls and requirements
• Recommend and support administration and deployment of security tools to address security needs and support process improvements
• Maintain in-depth knowledge of information security frameworks, global data protection and health-industry specific regulations, methodologies and standards and adapt security policy to meet changing threats and requirements

Qualifications

You'll be a great fit for this role if you have…

• Excellent communication and interpersonal skills, with the ability to communicate requirements effectively, develop consensus and build relationships with stakeholders at all levels of the organization
• Possess a strong sense of curiosity, are proactive, and demonstrate a proven ability to take initiative
• Able to define an approach, seeking support and feedback from team members, and ensuring objectives are met in line with expectations
• Strong analytical skills and meticulous attention to detail, with the ability to interpret and analyze security data and reports effectively
• Skilled at navigating complex scenarios and prioritizing tasks effectively in a dynamic and changing environment
• Comfortable with ambiguity, you are able to adapt, make adjustments and maintain focus and positivity through change
• A natural team player who proactively supports others in their growth and development, helping to build a strong and supportive team

Qualifications and Technical Skills

• You have 5+ years of experience in a similar capacity
• Experience in developing security policy and standards for foundational information security domains (such as cyber risk management, access control, asset management, data protection, cloud security, networking cryptography, sSDLC, incident management, etc.)
• Experience implementing security frameworks, including ISO 27001/2, AICPA SOC 2 Trust Services Principles, and NIST Cybersecurity Framework
• Familiarity with relevant data protection, privacy and health-related laws and regulations, such as GDPR, HIPAA, PIPEDA
• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field
• Experience working with GRC platforms such as OneTrust and AuditBoard, project management tools such as Monday.com, and collaboration workspaces such as Confluence and Sharepoint

Great-to-haves

• Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or ISO27K Lead Implementer or Lead Auditor are highly desirable
• Work experience in the Healthcare sector or related industry
• Experience with additional frameworks and standards, such as NIST 800-53, PCI-DSS, CIS Benchmarks, COBIT and/or ISF