Information Security Policy and Implementation Specialist

LifeWorks, Inc.$70K — $130K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 5+ years of related experience in policy development and implementation within an enterprise environment
  • In-depth knowledge of ISO 27001/2 and information security frameworks (NIST, PCI-DSS, etc.)
  • Familiarity with global data protection regulations (GDPR, HIPAA, PIPEDA)
  • Expertise in areas such as cyber risk management, access control, and cloud security
  • Bachelor's degree in Computer Science, Information Technology, Cybersecurity or related field
  • Relevant certifications (CISSP, CISM, ISO27K Lead Implementer/Auditor)
  • Experience with GRC platforms and project management tools.

Responsibilities

  • Lead development of security policies and technical standards for compliance with frameworks and regulations
  • Ensure adherence to health and data protection requirements by defining control enhancements
  • Guide implementation efforts through stakeholder engagement and policy socialization
  • Facilitate consultations and workshops to gather input and promote understanding of policies
  • Manage security policy exceptions and conduct risk assessments for exception requests
  • Support the expansion of the information security management system and governance initiatives
  • Oversee quality assurance processes for policy deliverables.

Benefits

  • Comprehensive total rewards package with competitive salary and bonus structure
  • Minimum of 3 weeks of vacation and flexible benefits plan
  • Option to work in-office, remotely, or a hybrid model
  • Generous company matched pension and share purchase programs
  • Opportunities for community involvement and giving back
  • Career development and learning opportunities.
Full Job Description
Here's the impact you'll make and what we'll accomplish together

As Information Security Policy and Implementation Specialist, you will report to the Information Security Manager, playing an integral role in the elevation of security policy and standards and support enterprise-wide implementation of security policy initiatives.

This role is primarily responsible for establishing industry-leading, risk-based security requirements across the organization that align with ISO 27001/2 and ensure compliance with health regulatory obligations. This involves delivering a security policy program that is consistent, compliant, and audit-ready. You'll lead all aspects of policy development, including scoping and planning activities, security requirements assessments and analysis, facilitating multi-level consultation and review cycles, up to and including final delivery, communication and awareness activities.

You will serve as an essential contributor, playing a central role in all facets of the information security team's functions and services. Your specific and critical responsibility will be to manage projects effectively, ensure that all policy projects and related initiatives are executed with the utmost diligence, adhering rigorously to established methodologies and ensuring outcomes support broader TELUS Health CSO objectives.

What you'll do

  • Lead the development of security policies and technical standards independently to ensure compliance with security industry frameworks, best-practices and regulations, specifically you'll be responsible for leading the following activities: in-depth requirements gathering, security control mapping, gap assessments and analysis, documenting and review cycles, through to publishing and communication
  • Ensure compliance with international health and data protection requirements by identifying and defining regulatory compliant control enhancements relevant to variable operational and commercial jurisdictions, mapping controls and uplifting policy to align
  • Steer security policy implementation efforts through policy socialization and business engagement activities
  • Drive consultation processes with stakeholders in the broader security, IT, product and business units across the organization. Responsibilities include gathering all relevant information about operating environments and controls, leading workshops, proposal sessions and policy walkthroughs to ensure organizational alignment and understanding of policy intent and compliance obligations
  • Lead the security policy exceptions program: managing all exception requests, performing risk assessments, recommending compensatory controls, delivering exception decisions and providing ongoing oversight throughout the exceptions lifecycle
  • Support the development and expansion of the information security management system (ISMS) and governance program initiatives
  • Oversee the quality of deliverables for all policy related activities and projects through rigorous processes of peer reviewing, analyzing and validating controls, and ensuring compliance with internal procedures
  • Contribute to our Security Desk, answering general inquiries and providing guidance to the broader organization on security policy, controls and requirements, and best practices
  • Recommend and support administration and deployment of security tools to address security needs and support process improvements


What you bring

  • Excellent communication and interpersonal skills, capable of influencing at all organizational levels, with the ability to design and communicate requirements effectively, develop consensus and steer challenges to resolution with stakeholders
  • Demonstrated ability to drive innovation through a strong sense of curiosity, dedication to personal development and proactively seeking support and feedback from team members
  • Ability to dissect complex technical and procedural information and translate it into clear, concise, and accessible documentation for various audiences
  • Able to define an approach, take initiative, and work proactively to ensure objectives are met in line with expectations
  • Strong analytical skills and meticulous attention to detail, with the ability to interpret and analyze security data and reports effectively
  • Skilled at navigating complex scenarios, you are able to adapt, make adjustments and maintain focus and positivity through change in a dynamic and changing environment
  • A natural team player who proactively supports others in their growth and development, helping to build a strong and supportive team


Education & Technical Skills

  • You have 5+ years of related experience in an enterprise organization leading policy development and policy implementation, risk management, compliance and/or assurance functions
  • In-depth knowledge and hands-on experience implementing ISMS based on ISO 27001/2
  • In-depth, up-to-date knowledge of information security frameworks (such as NIST 800-53, PCI-DSS, CIS Benchmarks, COBIT and/or ISF), global data protection and health-industry specific regulations including but not limited to GDPR, HIPAA, and PIPEDA
  • Deep knowledge and expertise in foundational information security domains including cyber risk management, access control, cloud security, networking, cryptography, sSDLC and DevSecOps, and vendor assurance
  • Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field
  • Achieved relevant certifications such as Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or ISO27K Lead Implementer or Lead Auditor
  • Experience working with GRC platforms such as OneTrust and AuditBoard, project management tools (such as Monday.com, ServiceNow), and AI tools


Great to haves

  • Possess substantial work experience within large-scale, global enterprise organizations, ideally those operating in a highly regulated industry such as telecommunications or healthcare
  • Direct participation in, and responsibility for, the integration of policy for global acquisitions
  • Proven experience in a role with significant focus on writing and refining documentation, detailed analysis (such as technical writing, policy development, business analysis, or a similar function requiring the creation of highly detailed and accurate artifacts)


Salary Range: $70,000-$130,000

Performance Bonus or Sales Incentive Plan: 12%

Actual total compensation will be determined based on factors such as knowledge, skills, performance and experience. We encourage all qualified candidates to apply, even if the posted salary range doesn't match your expectations. We're open to discussing competitive compensation packages tailored to your experience level and expertise. TELUS offers rewarding benefits, which may vary per job function, such as:
  • Comprehensive total rewards package highlighting competitive salary and bonus structures, minimum 3 weeks of vacation, and flexible benefits plan to meet the needs of you and your family
  • Flexibility to work in-office, virtually or a combination of both, based on the role's requirements
  • Generous company matched pension and share purchase programs
  • Opportunity to give back to communities in which we work, live and serve
  • Career growth and learning & development opportunities to develop your skills
  • And much more ...


Job Type: This is for a current vacancy

About LifeWorks, Inc.

LifeWorks, Inc. Careers

Joining LifeWorks, Inc. presents an unparalleled opportunity to become part of a leading team dedicated to professional growth and innovation in the industry. LifeWorks, Inc. is renowned for its commitment to excellence and a culture that fosters diversity and leadership.

Explore Job Opportunities

LifeWorks, Inc. offers a variety of job opportunities that cater to a range of skills and professional interests. Whether seeking an entry-level position or a more senior role, LifeWorks, Inc. provides a platform for career advancement and personal development.

Internship Programs

Embark on a professional journey with LifeWorks, Inc. through its dynamic internship programs. These opportunities allow individuals to gain hands-on experience, enhance their resumes, and develop essential skills in a real-world setting. Internships at LifeWorks, Inc. are a stepping stone to full-time employment and a flourishing career.

Professional Growth and Benefits

LifeWorks, Inc. is dedicated to the professional growth of its team members, offering extensive training and development programs. Employees enjoy comprehensive benefits that support both their professional and personal lives, ensuring a well-rounded employment experience.

Inclusive Culture and Diversity

The company prides itself on a workplace culture rooted in diversity and inclusion. LifeWorks, Inc. believes that a diverse team inspires innovation and enhances problem-solving capabilities. Through diversity training and inclusive hiring practices, LifeWorks, Inc. ensures that all team members have the opportunity to contribute and succeed.

Networking and Leadership Development

LifeWorks, Inc. encourages its employees to engage in networking and leadership development activities. These initiatives are designed to build strong professional networks and develop the leadership skills necessary for career advancement within the company.

Innovation at LifeWorks, Inc.

At the forefront of innovation, LifeWorks, Inc. continually seeks to implement cutting-edge solutions and services. The team at LifeWorks, Inc. is composed of dedicated professionals who bring creativity and expertise to every project, driving the company's success in a competitive market.

Hiring Process

The hiring process at LifeWorks, Inc. is designed to identify and attract top talent. Candidates undergo a thorough interview process that assesses their skills, cultural fit, and potential for growth within the company. LifeWorks, Inc. values transparency and communication, ensuring that all applicants receive timely updates and feedback.

Career Opportunities Await

LifeWorks, Inc. is actively hiring and looking for motivated individuals who are ready to take their careers to the next level. Explore the open positions and find where your skills and passions align with the needs of LifeWorks, Inc.

Stay Connected with LifeWorks, Inc. Careers

Stay informed about the latest news, job alerts, and career tips from LifeWorks, Inc. by subscribing to updates. Tailor your subscription to receive information that matches your career interests and professional goals.

SEARCH LIFEWORKS, INC. JOBS

READ CAREERS BLOG

LifeWorks, Inc. is not just a company; it's a place where careers are nurtured, and futures are built. Join the team and be part of a community that values hard work, creativity, and a commitment to excellence.
Learn more about LifeWorks, Inc.
Industry

Similar Jobs

More Jobs at LifeWorks, Inc.

More Information Technology Jobs

Find similar Information Security Policy and Implementation Specialist jobs: