Information Security Policy and Implementation Specialist

Join our team

TELUS Health Chief Security Office (CSO) operates globally at the forefront of cybersecurity excellence, where our team anticipates threats, solves complex security challenges, and delivers world-class cybersecurity solutions through cutting-edge technology and premier industry partnerships in an ever-evolving digital landscape.

Our TELUS Health Information Security Team, as part of TELUS Health CSO’s GRC Team, is responsible for establishing the TELUS Health Information Security Management System (ISMS), including the development of a dedicated security policy program and maturing information security governance across the wider organization globally. 

Here's the impact you'll make and what we'll accomplish together

As Information Security Policy and Implementation Specialist, you will report to the Information Security Manager, playing an integral role in the elevation of security policy and standards and support enterprise-wide implementation of security policy initiatives. 

This role is primarily responsible for establishing industry-leading, risk-based security requirements across the organization that align with ISO 27001/2 and ensure compliance with health regulatory obligations. This involves delivering a security policy program that is consistent, compliant, and audit-ready. You’ll lead all aspects of policy development, including scoping and planning activities, security requirements assessments and analysis, facilitating multi-level consultation and review cycles, up to and including final delivery, communication and awareness activities. 

You will serve as an essential contributor, playing a central role in all facets of the information security team's functions and services. Your specific and critical responsibility will be to manage projects effectively, ensure that all policy projects and related initiatives are executed with the utmost diligence, adhering rigorously to established methodologies and ensuring outcomes support broader TELUS Health CSO objectives.  

What you'll do

• Lead the development of security policies and technical standards independently to ensure compliance with security industry frameworks, best-practices and regulations, specifically you’ll be responsible for leading the following activities: in-depth requirements gathering, security control mapping, gap assessments and analysis, documenting and review cycles, through to publishing and communication.

• Ensure compliance with international health and data protection requirements by identifying and defining regulatory compliant control enhancements relevant to variable operational and commercial jurisdictions, mapping controls and uplifting policy to align.

• Steer security policy implementation efforts through policy socialization and business engagement activities.

• Drive consultation processes with stakeholders in the broader security, IT, product and business units across the organization. Responsibilities include gathering all relevant information about operating environments and controls, leading workshops, proposal sessions and policy walkthroughs to ensure organizational alignment and understanding of policy intent and compliance obligations.  

• Lead the security policy exceptions program: managing all exception requests, performing risk assessments, recommending compensatory controls, delivering exception decisions and providing ongoing oversight throughout the exceptions lifecycle.

• Support the development and expansion of the information security management system (ISMS) and governance program initiatives.

• Oversee the quality of deliverables for all policy related activities and projects through rigorous processes of peer reviewing, analyzing and validating controls, and ensuring compliance with internal procedures.

• Contribute to our Security Desk, answering general inquiries and providing guidance to the broader organization on security policy, controls and requirements, and best practices.

• Recommend and support administration and deployment of security tools to address security needs and support process improvements.

What you bring

• Excellent communication and interpersonal skills, capable of influencing at all organizational levels, with the ability to design and communicate requirements effectively, develop consensus and steer challenges to resolution with stakeholders.

• Demonstrated ability to drive innovation through a strong sense of curiosity, dedication to personal development and proactively seeking support and feedback from team members.

• Ability to dissect complex technical and procedural information and translate it into clear, concise, and accessible documentation for various audiences.

• Able to define an approach, take initiative, and work proactively to ensure objectives are met in line with expectations.

• Strong analytical skills and meticulous attention to detail, with the ability to interpret and analyze security data and reports effectively.

• Skilled at navigating complex scenarios, you are able to adapt, make adjustments and maintain focus and positivity through change in a dynamic and changing environment.

• A natural team player who proactively supports others in their growth and development, helping to build a strong and supportive team.

Education & Technical Skills

• You have 5+ years of related experience in an enterprise organization leading policy development and policy implementation, risk management, compliance and/or assurance functions.

• In-depth knowledge and hands-on experience implementing ISMS based on ISO 27001/2.

• In-depth, up-to-date knowledge of information security frameworks (such as NIST 800-53, PCI-DSS, CIS Benchmarks, COBIT and/or ISF), global data protection and health-industry specific regulations including but not limited to GDPR, HIPAA, and PIPEDA.

• Deep knowledge and expertise in foundational information security domains including cyber risk management, access control, cloud security, networking, cryptography, sSDLC and DevSecOps, and vendor assurance.

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.

• Achieved relevant certifications such as Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or ISO27K Lead Implementer or Lead Auditor.

• Experience working with GRC platforms such as OneTrust and AuditBoard, project management tools (such as Monday.com, ServiceNow), and AI tools.
  
  

Great to haves

• Possess substantial work experience within large-scale, global enterprise organizations, ideally those operating in a highly regulated industry such as telecommunications or healthcare.

• Direct participation in, and responsibility for, the integration of policy for global acquisitions.

• Proven experience in a role with significant focus on writing and refining documentation, detailed analysis (such as technical writing, policy development, business analysis, or a similar function requiring the creation of highly detailed and accurate artifacts).