Information Security Risks Specialist
This role will assist in maintaining and growing the governance, risk, and compliance function of the company’s international security program. This role requires experience with security controls lifecycle management, which includes control effectiveness testing, mapping risks, policies & standards to well-known security frameworks as well as external regulations. Knowledge of the technologies used to support a modern, web-based enterprise application, including the associated threats and vulnerabilities is a plus.
Role and Responsibilities:
Advocate for compliance with security policies, legal, regulatory, and contractual requirements.
Complete risk assessments of Security Policy and Standards violations.
Complete third-party security risk assessments and participates with vendor reviews.
Interface with clients; regulatory agencies; and vendors while conducting security and operational audits.
Assist in reviewing both customer and provider contracts in regard to information security and privacy clauses.
Assist IT teams with documentation of key controls, interpreting security requirements, and consulting with other experts as needed (may include other IT Teams, Legal, HR and others).
Collaborate in remediation of security issues is prioritized, escalating as needed to meet security and business objectives.
Ensure international security related concerns are communicated to responsible IT management in a timely manner.
Measures results through metrics and communicate to management periodically.
Participate in meetings and dialogues with technology and business teams to promote a risk awareness culture.
Champion the Security Awareness Program.
Promotes a positive and professional work environment.
3+ years of experience within a mature GRC program.
Experience in security risk management, controls assessment and configuration management as appropriate.
Demonstrated experience working with business and technical leaders in educating the two on identified risks and the impact to business.
Familiarity with some relevant security frameworks such as ISO 27001, CSA, HIPAA, NIST, PCI, etc.
Ability to prioritize multiple projects, timelines, and ad hoc requests.
A natural curiosity and eagerness to grow ones’ knowledge in new areas of technology, risk, and business.
Ability and desire to problem solve through independent learning.
Strong written and verbal communication skills in English and the ability to interface at all levels of a business.
Strong knowledge of security risk management frameworks including related regulatory and compliance requirements (GDPR, ISO27001, CSA-CCM, NIST CSF & 800-53, SOC, HITRUST, HIPAA, PCI, etc.)
Knowledge of, or experience working with, Cloud technologies/environments is a plus.
Knowledge of infrastructure, network, engineer, programming is a plus.
Understanding of the health care and insurance industries is a plus.
Relevant information technology related degree, BA, or equivalent professional experience.
Certifications (CISM, CISA, CRISC, CISSP, CCSK) is a plus.
Proficient in English and Spanish both written and spoken.
Excellent international communication skills.
For a more detailed look at our company and values, visit our website at https://www.teladochealth.com/
At Teladoc Health we thrive on difference and individuality. Teladoc Health is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status.