Information Security Policy and Implementation Specialist

TELUS -
Vancouver, BC

Apply Now

Job details

Full-time
$70,000–$130,000 a year

Qualifications

Computer Science
COBIT
PCI
Encryption
CISSP
English
Information security
CISM
Analysis skills
Bachelor's
ISO 27002
Telecommunication
ServiceNow
ISO 27001
Cybersecurity
AI
Communication skills
Information Technology

Full job description

Location: Vancouver, BC, CA, V6B 3K9 Edmonton, AB, CA Burnaby, BC, CA Vancouver, BC, CA Calgary, AB, CA Toronto, ON, CA

Req ID: 53671

Jobs by Category: Technology Solutions

Job Function: Cybersecurity

Status: Full Time

Schedule: Regular

Join our team

TELUS Health Chief Security Office (CSO) operates globally at the forefront of cybersecurity excellence, where our team anticipates threats, solves complex security challenges, and delivers world-class cybersecurity solutions through cutting-edge technology and premier industry partnerships in an ever-evolving digital landscape.

Our TELUS Health Information Security Team, as part of TELUS Health CSO’s GRC Team, is responsible for establishing the TELUS Health Information Security Management System (ISMS), including the development of a dedicated security policy program and maturing information security governance across the wider organization globally.

Here's the impact you'll make and what we'll accomplish together

As Information Security Policy and Implementation Specialist, you will report to the Information Security Manager, playing an integral role in the elevation of security policy and standards and support enterprise-wide implementation of security policy initiatives.

This role is primarily responsible for establishing industry-leading, risk-based security requirements across the organization that align with ISO 27001/2 and ensure compliance with health regulatory obligations. This involves delivering a security policy program that is consistent, compliant, and audit-ready. You’ll lead all aspects of policy development, including scoping and planning activities, security requirements assessments and analysis, facilitating multi-level consultation and review cycles, up to and including final delivery, communication and awareness activities.

You will serve as an essential contributor, playing a central role in all facets of the information security team's functions and services. Your specific and critical responsibility will be to manage projects effectively, ensure that all policy projects and related initiatives are executed with the utmost diligence, adhering rigorously to established methodologies and ensuring outcomes support broader TELUS Health CSO objectives.

What you'll do

Lead the development of security policies and technical standards independently to ensure compliance with security industry frameworks, best-practices and regulations, specifically you’ll be responsible for leading the following activities: in-depth requirements gathering, security control mapping, gap assessments and analysis, documenting and review cycles, through to publishing and communication
Ensure compliance with international health and data protection requirements by identifying and defining regulatory compliant control enhancements relevant to variable operational and commercial jurisdictions, mapping controls and uplifting policy to align
Steer security policy implementation efforts through policy socialization and business engagement activities
Drive consultation processes with stakeholders in the broader security, IT, product and business units across the organization. Responsibilities include gathering all relevant information about operating environments and controls, leading workshops, proposal sessions and policy walkthroughs to ensure organizational alignment and understanding of policy intent and compliance obligations
Lead the security policy exceptions program: managing all exception requests, performing risk assessments, recommending compensatory controls, delivering exception decisions and providing ongoing oversight throughout the exceptions lifecycle
Support the development and expansion of the information security management system (ISMS) and governance program initiatives
Oversee the quality of deliverables for all policy related activities and projects through rigorous processes of peer reviewing, analyzing and validating controls, and ensuring compliance with internal procedures
Contribute to our Security Desk, answering general inquiries and providing guidance to the broader organization on security policy, controls and requirements, and best practices
Recommend and support administration and deployment of security tools to address security needs and support process improvements

What you bring

Excellent communication and interpersonal skills, capable of influencing at all organizational levels, with the ability to design and communicate requirements effectively, develop consensus and steer challenges to resolution with stakeholders
Demonstrated ability to drive innovation through a strong sense of curiosity, dedication to personal development and proactively seeking support and feedback from team members
Ability to dissect complex technical and procedural information and translate it into clear, concise, and accessible documentation for various audiences
Able to define an approach, take initiative, and work proactively to ensure objectives are met in line with expectations
Strong analytical skills and meticulous attention to detail, with the ability to interpret and analyze security data and reports effectively
Skilled at navigating complex scenarios, you are able to adapt, make adjustments and maintain focus and positivity through change in a dynamic and changing environment
A natural team player who proactively supports others in their growth and development, helping to build a strong and supportive team

Education & Technical Skills

You have 5+ years of related experience in an enterprise organization leading policy development and policy implementation, risk management, compliance and/or assurance functions
In-depth knowledge and hands-on experience implementing ISMS based on ISO 27001/2
In-depth, up-to-date knowledge of information security frameworks (such as NIST 800-53, PCI-DSS, CIS Benchmarks, COBIT and/or ISF), global data protection and health-industry specific regulations including but not limited to GDPR, HIPAA, and PIPEDA
Deep knowledge and expertise in foundational information security domains including cyber risk management, access control, cloud security, networking, cryptography, sSDLC and DevSecOps, and vendor assurance
Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field
Achieved relevant certifications such as Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or ISO27K Lead Implementer or Lead Auditor
Experience working with GRC platforms such as OneTrust and AuditBoard, project management tools (such as Monday.com, ServiceNow), and AI tools

Great to haves

Possess substantial work experience within large-scale, global enterprise organizations, ideally those operating in a highly regulated industry such as telecommunications or healthcare
Direct participation in, and responsibility for, the integration of policy for global acquisitions
Proven experience in a role with significant focus on writing and refining documentation, detailed analysis (such as technical writing, policy development, business analysis, or a similar function requiring the creation of highly detailed and accurate artifacts)

Salary Range: $70,000-$130,000

Performance Bonus or Sales Incentive Plan: 12%

Actual total compensation will be determined based on factors such as knowledge, skills, performance and experience. We encourage all qualified candidates to apply, even if the posted salary range doesn't match your expectations. We're open to discussing competitive compensation packages tailored to your experience level and expertise. TELUS offers rewarding benefits, which may vary per job function, such as:

Comprehensive total rewards package highlighting competitive salary and bonus structures, minimum 3 weeks of vacation, and flexible benefits plan to meet the needs of you and your family
Flexibility to work in-office, virtually or a combination of both, based on the role's requirements
Generous company matched pension and share purchase programs
Opportunity to give back to communities in which we work, live and serve
Career growth and learning & development opportunities to develop your skills
And much more …

Job Type: This is for a current vacancy

A bit about us

We’re a people-focused, customer-first, purpose-driven team who works together every day to innovate and do good. We improve lives through our technology solutions and foster a culture of innovation that empowers team members to solve complex problems and create remarkable human outcomes in a digital world.

You’ll find our engaging, high-performance culture personally fulfilling, professionally challenging, and financially rewarding. We’re committed to diversity and equitable access to employment opportunities based on ability. Your unique contributions and talents will be valued and respected here. When you join our team, you’re helping us make the future friendly.

Note for Quebec candidates: if knowledge of English is required for this position, it is because the team member will be asked, on a regular basis, to interact in English with external or internal parties or to use English applications or software as part of their tasks.

Apply Now

Join our team

Here's the impact you'll make and what we'll accomplish together

What you'll do

What you bring

Great to haves

A bit about us

Job seeker tools

Employer Tools

Browse

Stay Connected