Cyber Commercial Support & Assurance Consultant -TELUS Health

Join our team and what we’ll accomplish together

We live in and work in a rapidly evolving digital world where cyber security is critical. Protecting information and ensuring the reliability of network and services is paramount. The TELUS Health Chief Security Office (CSO) team strives to always be steps ahead, tackling the toughest cyber security challenges head-on with top talent and cutting-edge technology.

The TELUS Health CSO team is committed to providing excellence in securing our internal and customers’ data and systems, ensuring world-class reliability of security networks and systems, and improving our overall cyber security posture. We manage our cyber risks and provide industry leading cyber governance, assurance and oversight to secure our data.

We partner with industry leaders to meet the cyber security needs of both TELUS Health and our customers to meet the demands of an increasingly complex and ever-changing cyber security landscape. We are passionate about learning and growing as individuals and as a team, all of which enables us to thrive in a dynamic, fast paced environment.

As part of the TELUS Health Cyber Security Assurance department you will be dedicated to protecting TELUS Health, its customers and stakeholders from Cyber security threats, you will keep TELUS Health safe and protected by establishing, operating and maintaining security controls and processes and providing the department with a clear view of its security posture, so that we can make the right risk based decisions to remain a best in class function.

Within the Cyber Assurance function, sits the Cyber Commercial Support team, with its core role of supporting our colleagues within TELUS Health, during the sales process and commercial negotiations.

The role forms part of our global team operating across multiple time zones supporting our clients across all TELUS Health services, solutions, and SaaS products.

What you'll do

Whilst working independently you will be working within a wider group of Cyber Assurance experts you will:

• Carry out contractual security clause reviews of both new and existing customer’s security requirements
• Review and respond to customer security risk assessments, questionnaires, Requests for Information (RFI’s) and Requests for Proposals (RFP’s)
• Assess TELUS platforms and solutions against appropriate cyber security frameworks (as applicable)
• Deliver transparent and auditable outputs to validate compliance against the framework(s), in the form of reports, dashboards and standardised templates
• Take a ‘hands on’ approach, work collaboratively with peers and stakeholders as necessary to assess compliance with appropriate cyber security framework(s) at pace
• Report clearly and concisely on non-conformities and advise on actions required to remediate, interacting/collaborating with wider TELUS teams as necessary
• Identify appropriate stakeholders at all levels and build and maintain relationships
• Where necessary, ensure risks are raised to the appropriate bodies/authority and ensure appropriate ownership and management
• Under Continuous Service and Process improvement, assist in developing repeatable, sustainable processes as applicable, ensuring process is followed and outputs / knowledge is shared as applicable
• Reinforce TELUS Health's Customers First values in ensuring positive security outcomes for external customers and internal stakeholders
• Provide cyber security technical knowledge and support to business and development operations teams
• Undertake administrative tasks, as is necessary, to support processes and that underpin the TELUS Health Cyber Assurance methodology

What you bring

• 5 to 7 years of cyber security experience within a dynamic fast paced commercial environment
• 3 to 5 years of demonstrable technical security in IT infrastructure, applications and networks, ideally in a consultancy or assurance role
• Experience with compliance policies, standards and baselines in the privacy and technical security domains
• Strong experience in applying technical security baseline standards from internal and external standards to ensure security through the full product lifecycle of enterprise and consumer products and services
• Demonstrable experience of security controls frameworks such as ISO27001 and the NIST Cybersecurity Framework (CSF)
• Demonstrable experience in assessing systems and evaluating evidence against the control set(s)
• Familiarity and experience of Cloud, DevSecOps and Secure by Design architectures and delivery methodologies and processes would be advantageous
• A sound understanding of the fundamental concepts relating to security architectures within Networks, Infrastructure and Applications
• Effective oral and written communications skills, with an ability to tailor messaging on complex technical issues to a variety of technical and non-technical audiences
• Comfortable undertaking required security clearance processes as applicable
• Flexibility and comfortable with ambiguity and change
• Strong interpersonal and influencing skills to build relationships with stakeholders

Great to haves

• CISSP, CISM. ISP, IS027001 LI/LA, CISA, CCSP, NIST800-53 or similar
• PIPEDA, GDPR
• French and other languages

Advanced knowledge of English is required because you will most of the time interact in English with external parties (clients, suppliers, candidates, external partners, etc.); interact in English with internal parties (colleagues, internal partners, stakeholders, etc.); and work with IT tools whose interface is only accessible in English as part of this position's main responsibilities given its national scope.