Information Security Specialist

Job not on LinkedIn

🔥 6 minutes ago

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

Teladoc Health

WebsiteLinkedInAll Job Openings

5001 - 10000 employees

🤝 B2B

👥 B2C

☁️ SaaS

💰 $80M Post-IPO Debt - Teladoc Health on 2016-07

B2B • B2C • SaaS

Teladoc Health is a telehealth company that connects patients with care providers through a virtual care platform offering 24/7 urgent care, primary care, mental health (therapy and psychiatry), chronic condition management (diabetes, hypertension, weight management), specialty consultations, and wellness services. It serves individuals directly and partners with employers, health plans, hospitals and health systems to deliver integrated virtual care solutions and technology at scale.

📋 Description

• Champion and execute the overall corporate IT security strategy, roadmap and governance structure, partnering with internal risk/compliance, operational, clinical, technical and business teams as well as external customers and relevant third-party stakeholders • Understand business processes and information system requirements and the associated information risk in those processes • Liaise closely with internal Canadian legal/privacy team to ensure adherence and alignment with Canadian privacy, data governance and regulatory requirements, and the business’ contractual commitments • Work directly with the Canadian commercial team and client base to understand market business and functional requirements and provide compliance, security, and risk assessment support and guidance as required • Establish and execute formal vendor security assessments, including pre-onboarding due diligence and ongoing monitoring of third-party vendors and sub-processors handling sensitive information • Implement all information security, including security breaches, business continuity, and regulatory compliance programs including legal requirements, industry regulations, and best practices (e.g., ISO27001, SOC 2 Type II, etc.) • Lead end-to-end SOC 2 Type II and ISO 27001 audit cycles, including gap assessments, evidence collection via GRC tooling (e.g. Vanta) and act as the primary liaison for external auditors to support certifications • Develop information security guidelines, procedures, and responsibilities and support the development and implementation of technical and administrative security controls and related training and education • Oversee technical incident response planning and implementation and participate in incident response, root cause analysis, and remediation activities • Assess our technology environment and development methodology (SDLC) to identify and mitigate risks and gaps related to information security including potential data breaches • Design, implement, and maintain security controls across infrastructure, applications, integrations and cloud environments in collaboration with our technology team and third-party vendors including: Applications and other systems and middleware components, including operating systems, web servers, databases, and DNS services (e.g. Salesforce, Mulesoft, APIs, etc.) • Network security architecture, including firewalls, segmentation, and secure communication protocols • Logging and monitoring security needs, including SIEM platforms • Encryption standards needed for compliance • Document security configurations, processes, and controls • Digital certificate lifecycle management, including issuance, renewal, and revocation • Communicate information security and compliance risks to leadership and other technical and non-technical stakeholders for proper awareness and decision making • Other duties as assigned

🎯 Requirements

• Bachelor’s degree in computer science or comparable knowledge • 10+ years of relevant technical work experience, with 5+ years of experience in an information security role • Experience in a highly regulated environment or electronic record systems, health care experience preferred • CISM, CISA, CISSP, ISO 27001 LA or other relevant information security certifications are strong assets • Essential effective oral and written communication skills with both technical and non-technical audiences in geographically dispersed locations • Ability to work effectively cross-functionally with technical and non-technical teams • Strong prioritization and time management skills • A deep understanding (with practical experience) of related information security technologies and concepts including access and authentication, network and application, message and transmission security as well vulnerability management best practices • Proven knowledge of security program frameworks and assessments, ideally SOC 2 and ISO27001 • Understanding of cloud security concepts and experience with securing cloud environments both public and private (AWS essential and Azure preferred) • Hands-on experience and familiarity with: Operating systems (Linux, Windows), Web servers (e.g., Apache, Nginx), Databases (e.g., MySQL, PostgreSQL, SQL Server), Network security principles and architecture (TCP/IP, firewalls, VPNs, segmentation and secure communication protocols), SIEM tools and its integration, Application, cloud, and SaaS integrations, particularly platforms including Salesforce, Containers and/or Kubernetes, Automation tools

🏖️ Benefits

• Health insurance • 401(k) matching • Flexible work hours • Paid time off • Remote work options