Resume Score

Check how well your resume matches this job before you apply.

Sign in to check score

About the role

  • Information Security Specialist enhancing security posture across systems and cloud environments for Teladoc Health Canada. Championing corporate IT security strategy and regulatory compliance efforts.

Responsibilities

  • Champion and execute the overall corporate IT security strategy, roadmap and governance structure, partnering with internal risk/compliance, operational, clinical, technical and business teams as well as external customers and relevant third-party stakeholders
  • Understand business processes and information system requirements and the associated information risk in those processes
  • Liaise closely with internal Canadian legal/privacy team to ensure adherence and alignment with Canadian privacy, data governance and regulatory requirements, and the business’ contractual commitments
  • Work directly with the Canadian commercial team and client base to understand market business and functional requirements and provide compliance, security, and risk assessment support and guidance as required
  • Establish and execute formal vendor security assessments, including pre-onboarding due diligence and ongoing monitoring of third-party vendors and sub-processors handling sensitive information
  • Implement all information security, including security breaches, business continuity, and regulatory compliance programs including legal requirements, industry regulations, and best practices (e.g., ISO27001, SOC 2 Type II, etc.)
  • Lead end-to-end SOC 2 Type II and ISO 27001 audit cycles, including gap assessments, evidence collection via GRC tooling (e.g. Vanta) and act as the primary liaison for external auditors to support certifications
  • Develop information security guidelines, procedures, and responsibilities and support the development and implementation of technical and administrative security controls and related training and education
  • Oversee technical incident response planning and implementation and participate in incident response, root cause analysis, and remediation activities
  • Assess our technology environment and development methodology (SDLC) to identify and mitigate risks and gaps related to information security including potential data breaches
  • Design, implement, and maintain security controls across infrastructure, applications, integrations and cloud environments in collaboration with our technology team and third-party vendors including: Applications and other systems and middleware components, including operating systems, web servers, databases, and DNS services (e.g. Salesforce, Mulesoft, APIs, etc.)
  • Network security architecture, including firewalls, segmentation, and secure communication protocols
  • Logging and monitoring security needs, including SIEM platforms
  • Encryption standards needed for compliance
  • Document security configurations, processes, and controls
  • Digital certificate lifecycle management, including issuance, renewal, and revocation
  • Communicate information security and compliance risks to leadership and other technical and non-technical stakeholders for proper awareness and decision making
  • Other duties as assigned

Requirements

  • Bachelor’s degree in computer science or comparable knowledge
  • 10+ years of relevant technical work experience, with 5+ years of experience in an information security role
  • Experience in a highly regulated environment or electronic record systems, health care experience preferred
  • CISM, CISA, CISSP, ISO 27001 LA or other relevant information security certifications are strong assets
  • Essential effective oral and written communication skills with both technical and non-technical audiences in geographically dispersed locations
  • Ability to work effectively cross-functionally with technical and non-technical teams
  • Strong prioritization and time management skills
  • A deep understanding (with practical experience) of related information security technologies and concepts including access and authentication, network and application, message and transmission security as well vulnerability management best practices
  • Proven knowledge of security program frameworks and assessments, ideally SOC 2 and ISO27001
  • Understanding of cloud security concepts and experience with securing cloud environments both public and private (AWS essential and Azure preferred)
  • Hands-on experience and familiarity with: Operating systems (Linux, Windows), Web servers (e.g., Apache, Nginx), Databases (e.g., MySQL, PostgreSQL, SQL Server), Network security principles and architecture (TCP/IP, firewalls, VPNs, segmentation and secure communication protocols), SIEM tools and its integration, Application, cloud, and SaaS integrations, particularly platforms including Salesforce, Containers and/or Kubernetes, Automation tools

Benefits

  • Health insurance
  • 401(k) matching
  • Flexible work hours
  • Paid time off
  • Remote work options

Job type

Full Time

Experience level

SeniorLead

Salary

CA$175,000 - CA$200,000 per year

Degree requirement

Bachelor's Degree

Tech skills

ApacheAWSAzureCloudDNSFirewallsKubernetesLinuxMySQLNGINXPostgresSDLCSQLTCP/IP

Location requirements

RemoteCanada

Report this job

Found something wrong with the page? Please let us know by submitting a report below.