Security Consultant I (Compliance & Audit)
Vancouver, BC, CA, V6B 3K9
Join our team and what we'll accomplish together
We live in and work in a rapidly evolving digital world where cyber security is critical. The Global CSO function for TELUS Health brings a focus on the Security of our Sensitive Health Information (PHI) and regulatory compliance, to meet and exceed the expectations of our global customers as the most trusted wellbeing company in the world. The TELUS Health CSO team strives to always be steps ahead, tackling the toughest cyber security challenges head-on with top talent and cutting-edge technology.
The Compliance and Customer Assurance team plays a crucial role in obtaining and maintaining required compliance reports and certifications such as SOC1, SOC2, ISO27000 series, NIST 800-53, and HITRUST. We work collaboratively across multiple business units including IT, Operations, Privacy, Legal, and Corporate Governance, to examine security systems, documentation, and processes, ensuring adherence to stringent security and Health standards and promote continuous improvement in the control environment through effective issues management and compliance monitoring. Our team leads internal audits, gathering and maintaining compliance evidence, and liaising with external auditors. Through our combined expertise in cybersecurity and compliance, our team maintains robust security controls, manages assurance reporting, and ensures TELUS Health meets its regulatory obligations while supporting business growth.
We are looking for a Security Consultant I to join our team to help accelerate TELUS Health CSO goals in obtaining and retaining the above-mentioned assurance reports and certifications. Your work will directly impact the trust built with our clients and stakeholders, while identifying and mitigating potential risks before they become issues. If you are ready to play a pivotal role in strengthening TELUS Health’s credibility and operational excellence, read on!
What you'll do
- Conduct comprehensive risk assessments and testing of internal controls and systems, ensuring they operate effectively and as documented
- Review, evaluate, and maintain documentation of control processes, procedures, and system logs to identify potential security vulnerabilities or compliance issues
- Prepare and present detailed audit reports, including findings and recommendations for improvements, to management and stakeholders
- Develop and execute audit plans and schedules, while monitoring changes in regulatory requirements and industry standards relevant to SOC compliance
- Collaborate with various departments to gather evidence, conduct interviews, and document control processes for the audits and certifications
- Provide guidance and training to team members on the compliance requirements, while contributing to the development and updating of compliance policies and procedures
- Monitor and report on remediation efforts for identified control deficiencies, assisting in the implementation of new controls or modifications to existing ones
- Liaison with external auditors during the audit and certification examinations, while managing relationships with stakeholders across the organization
What you bring
- Experience analyzing and providing cyber compliance recommendations in a large, complex organization
- Experience collaborating with interdisciplinary team members that are technical and non-technical
- Understanding of internal controls, risk assessment, and audit methodologies
- Knowledge of regulatory frameworks and compliance standards (SOC 1, SOC 2, ISO27000 series, NIST800-53)
- Experience with audit tools and documentation software
- A genuine passion for building client relationships and interacting with technology and business stakeholders
- A desire to continuously improve processes and systems to align with industry standards
- An understanding of international cyber security regulations and how they translate into a control framework
- Excellent analytical and problem-solving abilities
- Strong attention to detail and organizational skills
- Superior written and verbal communication skills
- Ability to manage multiple projects and meet deadlines
- Bachelor’s degree in IT, Information Systems, Computer Science, Engineering or related and/or related experience
Great- to-haves
- Industry-recognized certifications (i.e., CISA, OCSP, GICSP, CISSP, and CISM)
- Experience within a regulated business environment
- An insatiable appetite for modern and emerging technologies and tools