Information Security Specialist

Benefits

Additional Information

Teladoc Health is the global virtual care leader, offering comprehensive virtual care solutions spanning virtual care including primary, mental health, expert medical, devices and licensed platform services. Teladoc Health serves the world's leading insurers, employers, and health systems and helps millions of people around the world resolve their healthcare needs with confidence. Serving over 9 million Canadians, Teladoc Health has been in Canada for more than 20 years and operates in 175 countries world-wide. Summary of Position Information Security Specialist is a pivotal role within our organization with a focus strengthening our security posture across systems, applications, and cloud environments. This role requires a strong technical background combined with experience in security frameworks and integrations across modern enterprise ecosystems . The person in this role is the champion for the security of Teladoc Health Canada's technology and data partnering closely with stakeholders and ensuring information and technology policies, requirements and controls are well-planned, developed and executed. This role reports to Teladoc's International Business Information Security Officer (based in Barcelona, Spain), as part of Teladoc Health's global Security team and provides direct functional support to the Teladoc Health Canada Vice President, Product and Technology, who will largely oversee and manage the role's day-to-day tasks. Essential Duties and Responsibilities Champion and execute the overall corporate IT security strategy, roadmap and governance structure, partnering with internal risk/compliance, operational, clinical, technical and business teams as well as external customers and relevant third-party stakeholders. Understand business processes and information system requirements and the associated information risk in those processes . Liaise closely with internal Canadian legal/privacy team to ensure adherence and alignment with Canadian privacy, data governance and regulatory requirements, and the business' contractual commitments. Work directly with the Canadian commercial team and client base to understand market business and functional requirements and provide compliance, security, and risk assessment support and guidance as required . Establish and execute formal vendor security assessments, including pre-onboarding due diligence and ongoing monitoring of third-party vendors and sub-processors handling sensitive information. Implement all information security, including security breaches, business continuity, and regulatory compliance programs including legal requirements, industry regulations, and best practices (e.g., ISO27001, SOC 2 Type II, etc.) Lead end-to-end SOC 2 Type II and ISO 27001 audit cycles, including gap assessments, evidence collection via GRC tooling ( e.g. Vanta) and act as the primary liaison for external auditors to support certifications. Develop information security guidelines, procedures, and responsibilities and support the development and implementation of technical and administrative security controls and related training and education. Oversee technical incident response planning and implementation and participate in incident response, root cause analysis, and remediation activities. Assess our technology environment and development methodology (SDLC) to identify and mitigate risks and gaps related to information security including potential data breaches. Design, implement, and maintain security controls across infrastructure, applications, integrations and cloud environments in collaboration with our technology team and third-party vendors including: Applications and other systems and middleware components, including operating systems, web servers, databases, and DNS services ( e.g. Salesforce, Mulesoft , APIs, etc.) Network security architecture, including firewalls, segmentation, and secure communication protocols. Logging and monitoring security needs, including SIEM platforms. Encryption standards needed for compliance. Document security configurations, processes, and controls. Digital certificate lifecycle management, including issuance, renewal, and revocation. Communicate information security and compliance risks to leadership and other technical and non-technical stakeholders for proper awareness and decision making. Other duties as assigned. Supervisory Responsibilities No Qualifications Expected for Position Bachelor's degree in computer science or comparable knowledge. 10+ years of relevant technical work experience, with 5+ years of experience in an information security role. Experience in a highly regulated environment or electronic record systems, health care experience preferred. CISM, CISA, CISSP, ISO 27001 LA or other relevant information security certifications are strong assets. Essential effective oral and written communication skills with both technical and non-technical audiences in geographically disperse

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at teladoc? Share your experience