Summary of Position Information Security Specialist is a pivotal role within our organization with a focus strengthening our security posture across systems, applications, and cloud environments. This role requires a strong technical background combined with experience in security frameworks and integrations across modern enterprise ecosystems. The person in this role is the champion for the security of Teladoc Health Canada's technology and data partnering closely with stakeholders and ensuring information and technology policies, requirements and controls are well-planned, developed and executed.
This role reports to Teladoc's International Business Information Security Officer (based in Barcelona, Spain), as part of Teladoc Health's global Security team and provides direct functional support to the Teladoc Health Canada Vice President, Product and Technology, who will largely oversee and manage the role's day-to-day tasks.
Essential Duties and Responsibilities - Champion and execute the overall corporate IT security strategy, roadmap and governance structure, partnering with internal risk/compliance, operational, clinical, technical and business teams as well as external customers and relevant third-party stakeholders.
- Understand business processes and information system requirements and the associated information risk in those processes.
- Liaise closely with internal Canadian legal/privacy team to ensure adherence and alignment with Canadian privacy, data governance and regulatory requirements, and the business' contractual commitments.
- Work directly with the Canadian commercial team and client base to understand market business and functional requirements and provide compliance, security, and risk assessment support and guidance as required.
- Establish and execute formal vendor security assessments, including pre-onboarding due diligence and ongoing monitoring of third-party vendors and sub-processors handling sensitive information.
- Implement all information security, including security breaches, business continuity, and regulatory compliance programs including legal requirements, industry regulations, and best practices (e.g., ISO27001, SOC 2 Type II, etc.)
- Lead end-to-end SOC 2 Type II and ISO 27001 audit cycles, including gap assessments, evidence collection via GRC tooling (e.g. Vanta) and act as the primary liaison for external auditors to support certifications.
- Develop information security guidelines, procedures, and responsibilities and support the development and implementation of technical and administrative security controls and related training and education.
- Oversee technical incident response planning and implementation and participate in incident response, root cause analysis, and remediation activities.
- Assess our technology environment and development methodology (SDLC) to identify and mitigate risks and gaps related to information security including potential data breaches.
- Design, implement, and maintain security controls across infrastructure, applications, integrations and cloud environments in collaboration with our technology team and third-party vendors including:
- Applications and other systems and middleware components, including operating systems, web servers, databases, and DNS services (e.g. Salesforce, Mulesoft, APIs, etc.)
- Network security architecture, including firewalls, segmentation, and secure communication protocols.
- Logging and monitoring security needs, including SIEM platforms.
- Encryption standards needed for compliance.
- Document security configurations, processes, and controls.
- Digital certificate lifecycle management, including issuance, renewal, and revocation.
- Communicate information security and compliance risks to leadership and other technical and non-technical stakeholders for proper awareness and decision making.
- Other duties as assigned.
Supervisory Responsibilities No
Qualifications Expected for Position - Bachelor's degree in computer science or comparable knowledge.
- 10+ years of relevant technical work experience, with 5+ years of experience in an information security role.
- Experience in a highly regulated environment or electronic record systems, health care experience preferred.
- CISM, CISA, CISSP, ISO 27001 LA or other relevant information security certifications are strong assets.
- Essential effective oral and written communication skills with both technical and non-technical audiences in geographically dispersed locations
- Ability to work effectively cross-functionally with technical and non-technical teams
- Strong prioritization and time management skills
- A deep understanding (with practical experience) of related information security technologies and concepts including access and authentication, network and application, message and transmission security as well vulnerability management best practices.
- Proven knowledge of security program frameworks and assessments, ideally SOC 2 and ISO27001
- Understanding of cloud security concepts and experience with securing cloud environments both public and private (AWS essential and Azure preferred)
- Hands-on experience and familiarity with:
- Operating systems (Linux, Windows)
- Web servers (e.g., Apache, Nginx)
- Databases (e.g., MySQL, PostgreSQL, SQL Server)
- Network security principles and architecture (TCP/IP, firewalls, VPNs, segmentation and secure communication protocols)
- SIEM tools and its integration
- Application, cloud, and SaaS integrations, particularly platforms including Salesforce
- Containers and/or Kubernetes
Salary Range$175,000 to $200,000/year
Position TypeNet New
Work Environment • Office ☒ Remote ☒ Hybrid (Office & Remote)
Travel: ≤ 10% Travel percentage reflects an estimate and is subject to change dependent on business needs.
Physical Requirements To perform this job successfully, an individual must be able to perform each essential job duty satisfactorily. Reasonable accommodations may be made to enable qualified individuals with disabilities to perform essential job functions. Teladoc Health will make reasonable accommodations for the known physical or mental limitations of an otherwise qualified individual in line with company policy.
