Cyber Integration Assurance Consultant
Toronto, ON, CA Calgary, AB, CA Montréal, QC, CA Burnaby, BC, CA Edmonton, AB, CA Vancouver, BC, CA Ottawa, ON, CA
Join our team and what we'll accomplish together
We live in and work in a rapidly evolving digital world where cyber security is critical. Protecting information and ensuring the reliability of network and services is paramount. The TELUS Health Chief Security Office (CSO) team strives to always be steps ahead, tackling the toughest cyber security challenges head-on with top talent and cutting-edge technology.
The TELUS Health CSO team is committed to providing excellence in securing our internal and customers’ data and systems, ensuring world-class reliability of security networks and systems, and improving our overall global cyber security posture. We manage our cyber risks and provide industry leading cyber governance, assurance and oversight to secure our data.
We partner with industry leaders to meet the cyber security needs of both TELUS Health and our customers, to meet the demands of an increasingly complex and ever-changing cyber security landscape. We are passionate about learning and growing as individuals and as a team, all of which enables us to thrive in a dynamic, fast-paced environment.
As part of the TELUS Health Cyber Security Assurance (CSA) function within CSO, you will be dedicated to protecting TELUS Health, its customers and stakeholders from cyber security threats. You will keep TELUS Health safe and protected by assessing the completeness and coverage of security controls and processes, thereby providing the business with a clear view of its security posture, so that we can make the right risk-based decisions to remain a best-in-class function.
Within the CSA function, the purpose of the Cyber Integration Assurance (CIA) team is to:
- Support our colleagues within TELUS Health during the acquisition process of new organizations by conducting cyber security due diligence to determine the potential acquisition’s security posture and to identify any inherent cyber risks
- Assure the security controls of the newly acquired organization’s products and services through an in-depth post acquisition cyber security assessment and integration process.
In addition, you will conduct security assessments as needed to assure that TELUS Health services, solutions, and products are designed and implemented as per our security policies and standards.
What you'll do
Whilst working independently, you will be working within a wider group of Cyber Assurance experts to:
- Conduct pre acquisition due diligence to determine the security posture of potential acquisitions
- Review policies, standards and other related documentation to determine the potential acquisition’s compliance status with TELUS Health’s security requirements
- Conduct post acquisition assessments of a new acquisition’s product and services
- Work with TELUS Health stakeholders to create remediation plans to address any cyber risks and/ or control non-conformities identified
- Assess TELUS Health products and services against appropriate cyber security frameworks (as applicable)
- Deliver transparent and auditable outputs to validate compliance against the framework(s), in the form of reports, dashboards and standardized templates
- Report clearly and concisely on non-conformities and advise of the actions required to remediate, interacting/collaborating with wider TELUS Health teams as necessary
- Identify appropriate stakeholders at all levels and build and maintain relationships
- Where necessary, ensure risks are raised to the appropriate bodies/authority and ensure appropriate ownership and management
- Under Continuous Service and Process improvement, assist in developing repeatable, sustainable processes as applicable, ensuring process is followed and outputs knowledge is shared as applicable
- Reinforce TELUS Health's Customers First values in ensuring positive security outcomes for external customers and internal stakeholders
- Provide cyber security knowledge and support to business and development operations teams
- Undertake administrative tasks, as is necessary, to support the tooling and processes that underpin the TELUS Health Cyber Assurance methodology
What you bring
- 3 -5 years of cyber security experience within a dynamic fast paced commercial environment
- 3 to 5 years of demonstrable technical security in IT infrastructure, applications and networks, ideally in a consultancy or assurance role
- Experience with compliance policies, standards and baselines in the privacy and technical security domains
- Strong experience in applying technical security baseline standards from internal and external standards to ensure security through the full product lifecycle of enterprise and consumer products and services
- Demonstrable experience of security controls frameworks such as ISO 27001 and the NIST Cybersecurity Framework (CSF)
- Demonstrable experience in assessing systems and evaluating evidence against the control set(s)
- Familiarity and experience of Cloud, DevSecOps and Secure by Design architectures and delivery methodologies and processes would be advantageous
- A sound understanding of the fundamental concepts relating to security architectures within Networks, Infrastructure and Applications
- Effective oral and written communication skills, with an ability to tailor messaging on complex technical issues to a variety of technical and non-technical audiences
- Comfortable undertaking required security clearance processes as applicable
- Flexibility and comfortable with ambiguity and change
- Strong interpersonal and influencing skills to build relationships with stakeholders
Great to haves
- CISA, CISSP, CISM, ISO 27001 Lead Implementer/ Lead Auditor, CCSK, NIST800-53 or similar
- PIPEDA, GDPR
- Fluency in English & French
Advanced knowledge of English is required because you will most of the time interact in English with external parties (clients, suppliers, candidates, external partners, etc.); interact in English with internal parties (colleagues, internal partners, stakeholders, etc.); and work with IT tools whose interface is only accessible in English as part of this position's main responsibilities given its national scope.