Information Security Specialist enhancing security posture across systems and cloud environments for Teladoc Health Canada. Championing corporate IT security strategy and regulatory compliance efforts.
Responsibilities
Champion and execute the overall corporate IT security strategy, roadmap and governance structure, partnering with internal risk/compliance, operational, clinical, technical and business teams as well as external customers and relevant third-party stakeholders
Understand business processes and information system requirements and the associated information risk in those processes
Liaise closely with internal Canadian legal/privacy team to ensure adherence and alignment with Canadian privacy, data governance and regulatory requirements, and the business’ contractual commitments
Work directly with the Canadian commercial team and client base to understand market business and functional requirements and provide compliance, security, and risk assessment support and guidance as required
Establish and execute formal vendor security assessments, including pre-onboarding due diligence and ongoing monitoring of third-party vendors and sub-processors handling sensitive information
Implement all information security, including security breaches, business continuity, and regulatory compliance programs including legal requirements, industry regulations, and best practices (e.g., ISO27001, SOC 2 Type II, etc.)
Lead end-to-end SOC 2 Type II and ISO 27001 audit cycles, including gap assessments, evidence collection via GRC tooling (e.g. Vanta) and act as the primary liaison for external auditors to support certifications
Develop information security guidelines, procedures, and responsibilities and support the development and implementation of technical and administrative security controls and related training and education
Oversee technical incident response planning and implementation and participate in incident response, root cause analysis, and remediation activities
Assess our technology environment and development methodology (SDLC) to identify and mitigate risks and gaps related to information security including potential data breaches
Design, implement, and maintain security controls across infrastructure, applications, integrations and cloud environments in collaboration with our technology team and third-party vendors including: Applications and other systems and middleware components, including operating systems, web servers, databases, and DNS services (e.g. Salesforce, Mulesoft, APIs, etc.)
Network security architecture, including firewalls, segmentation, and secure communication protocols
Logging and monitoring security needs, including SIEM platforms
Encryption standards needed for compliance
Document security configurations, processes, and controls
Digital certificate lifecycle management, including issuance, renewal, and revocation
Communicate information security and compliance risks to leadership and other technical and non-technical stakeholders for proper awareness and decision making
Other duties as assigned
Requirements
Bachelor’s degree in computer science or comparable knowledge
10+ years of relevant technical work experience, with 5+ years of experience in an information security role
Experience in a highly regulated environment or electronic record systems, health care experience preferred
CISM, CISA, CISSP, ISO 27001 LA or other relevant information security certifications are strong assets
Essential effective oral and written communication skills with both technical and non-technical audiences in geographically dispersed locations
Ability to work effectively cross-functionally with technical and non-technical teams
Strong prioritization and time management skills
A deep understanding (with practical experience) of related information security technologies and concepts including access and authentication, network and application, message and transmission security as well vulnerability management best practices
Proven knowledge of security program frameworks and assessments, ideally SOC 2 and ISO27001
Understanding of cloud security concepts and experience with securing cloud environments both public and private (AWS essential and Azure preferred)
Hands-on experience and familiarity with: Operating systems (Linux, Windows), Web servers (e.g., Apache, Nginx), Databases (e.g., MySQL, PostgreSQL, SQL Server), Network security principles and architecture (TCP/IP, firewalls, VPNs, segmentation and secure communication protocols), SIEM tools and its integration, Application, cloud, and SaaS integrations, particularly platforms including Salesforce, Containers and/or Kubernetes, Automation tools
Hiring a Threat Modeler / Security Architect with development background for hybrid full - time role in Canada, focusing on application security, threat modeling, and DevSecOps.
Network and Perimeter Security IT Specialist I at Enbridge overseeing enterprise security architecture and leading large - scale security initiatives. Collaborating across teams to ensure secure solutions and compliance.
Network & Perimeter Security Specialist II - Firewall at Enbridge enhancing security architectures. Providing technical leadership and driving enterprise standards for firewall and network security.
Lead critical cybersecurity transformation programmes at Hewlett Packard Enterprise, ensuring alignment with enterprise priorities and delivering complex initiatives. Collaborate with IT, cybersecurity, and business leaders.
Staff Engineer responsible for designing scalable security solutions and collaborating with engineering at Twilio. Empowering security partnerships across products and platforms while mitigating risks.
Head of Infrastructure & Security responsible for cloud infrastructure on GCP and security programs. Leading SaaS development and technical teams at Rebus and Longbow Advantage.
Information Security Lead responsible for managing security programs at Dentons Canada. Overseeing security architecture, operations, incident response, and data protection initiatives.
Cybersecurity expert overseeing information defense, threat detection, and incident response at Investissement Québec. Leading security operations and leveraging AI for effective asset protection.
Lead cybersecurity initiatives and develop strategy for public broadcaster CBC/Radio - Canada. Shape technology road map, collaborate on enterprise architecture, and ensure policy compliance.
Senior Product Security Consultant at CENSUS LABS evaluating software security and threats. Responsible for validating security compliance and reporting on risks in complex systems.