Security Consultant II - Cybersecurity Table Top Exercise (TTX)

Description

Our team and what we’ll accomplish

We live in and work in a rapidly evolving digital world where cyber security is critical. The Global CSO function for TELUS Health brings a focus on the Security of our Sensitive Health Information (PHI) and regulatory compliance, to meet and exceed the expectations of our global customers as the most trusted wellbeing company in the world. The TELUS Health CSO team strives to always be steps ahead, tackling the toughest cyber security challenges head-on with top talent and cutting-edge technology. 

The Incident Management team provides pre and post incident response support to the TELUS Health cyber security team, including reporting, process and procedure development, operational readiness activities, and root cause analysis. We work collaboratively across the TELUS Health and TELUS corporate teams to ensure coordination and information sharing around cyber events and response.  

As our Security Consultant leading Table Top Exercises, you will plan, coordinate, execute, and evaluate Table Top Exercises designed to simulate cyber security incidents. The goal of these exercises is to test the effectiveness of TELUS Health’s security response plans, protocols, and procedures, as well as to identify areas for improvement. The role involves a combination of technical acumen, project management, facilitation, and evaluation skills. 

What you'll do

• Define the objectives and goals of the Table Top Exercise, ensuring alignment with TELUS Health’s needs and priorities.
• Develop realistic and challenging scenarios that simulate security incidents or events relevant to TELUS Health
• Coordinate all logistical aspects of the exercise, including venue selection, scheduling, and resource allocation.
• Engage with exercise participants, including senior leadership, first response teams, and other stakeholders, to ensure their understanding and commitment to the exercise.
• Assign roles and responsibilities to participants, ensuring that all essential functions and positions are covered during the exercise.
• Act as the facilitator during the Table Top Exercise, guiding participants through the scenario, posing questions, and prompting discussions to explore response strategies and decision-making processes.
• Manage the flow of the exercise, introducing new information, challenges, and developments at appropriate intervals to simulate the evolving nature of real-world incidents.
• Ensure the exercise stays on schedule and that all planned activities and discussions are adequately covered.
• Coordinate the exercise, take notes, and assess participant performance.
• Conduct debriefing sessions with participants to gather feedback, discuss lessons learned, and identify strengths and areas for improvement.
• Prepare comprehensive after-action reports (AARs) that document the exercise, summarize key findings, and provide actionable recommendations for enhancing preparedness and response capabilities.
• Collaborate with stakeholders to develop action plans that address the identified gaps and weaknesses highlighted during the exercise.
• Monitor and track the implementation of corrective actions and improvements, ensuring that lessons learned are integrated into TELUS Health policies and procedures.
• Provide training and education to staff based on the outcomes of the Table Top Exercise to reinforce best practices and enhance overall readiness.
• Ensure that the Table Top Exercise complies with relevant industry standards, regulatory requirements, and best practices (e.g. SOC2).
• Maintain accurate records of exercise planning, execution, and evaluation to support compliance and continuous improvement efforts.

Qualifications

What you bring 

• Bachelor's degree or Diploma in Computer Science, Information Technology, Cybersecurity, or a related field
• You have 5+ years of experience in a similar capacity.
• Mandatory: currently has or is able to obtain Government of Canada security clearance
• Excellent problem solving and investigate capabilities, as pertaining to information security 
• Intermediate experience in project management
• Intermediate understanding and experience in one or more information security domains (e.g. data protection and privacy, compliance, risk management, application and cloud security, and incident management).
• Intermediate experience with and knowledge of security frameworks, including ISO 27001 and ISO 27002, AICPA SOC 2 Trust Services Principles, NIST Cybersecurity Framework.
• Familiarity with relevant data protection, privacy and health-related laws and regulations, such as GDPR, HIPAA, PIPEDA,
• Proficient communication and interpersonal skills, with the ability to communicate requirements effectively, develop consensus and build relationships with stakeholders at all levels of the organization.
• A demonstrated ability to manage challenging situations and competing priorities in a fast-paced environment.
• Comfortable with ambiguity, you are able to adapt, make adjustments and maintain focus and positivity through change.
• Capable of defining an approach, seeking out resources and taking ownership for your objectives and responsibilities.
• Effective analytical skills and attention to detail, with the ability to interpret and analyze data and reports.

 
Great-to-haves

• Project Management Professional (PMP), Certified Information Systems Auditor (CISA), and ITIL V3Certifications, Certified Information Systems Security Professional (CISSP), or Certified Information Security Manager (CISM)
• Fundamental/working knowledge of other industry standards, such as NIST 800-53, PCI-DSS, CIS Benchmarks, COBIT and/or ISF.