Security Consultant - Risk, Governance, and Awareness (Remote) at TELUS

Join Our Team And What We’ll Accomplish Together

Are you interested in being part of building TELUS’ future with our Chief Security Office (CSO)? Security is the place to be; with increased digitization of our life, customers, vendors and organizations' need for security has dramatically increased. We offer an environment where you’re encouraged to share and act on your ideas, while learning new things and building your career. In our flexible work environment you will connect remotely with team members across Canada.

The Security Governance, Risk and Awareness (GRA) team within TELUS CSO is looking to add a Security Consultant II to our ranks, who will be helping us in a range of governance and risk management activities. This includes everything from supporting security risk management activities across all areas of TELUS, to maintaining and aligning corporate policies and standards to industry best practices, to implementing automation and process improvement initiatives. By joining our highly motivated, forward-thinking team, you will play an important role in helping us proactively keep TELUS’ customers, data, and systems secure.

As a Security Consultant focused on governance and risk management, you will have an opportunity to help TELUS define our security policies and standards in alignment with industry best practices. Your comprehensive knowledge of the policies and standards will in turn help you support our business to understand and manage security risks they undertake and help them drive remediation actions. Additionally, your background in scripting and software development will be put to good use in supporting our many integration and automation opportunities.

Your ability to develop reciprocal relationships with business partners and internal stakeholders, in concert with your knowledge of governance and compliance will allow you to comfortably engage with and provide feedback to team members across TELUS.

What you’ll do:

• Research and assess security requirements and industry standards, and create corresponding TELUS Security policy and standard statements using language accessible to team members across the organization
• Collaborate with other Security Consultants and Subject Matter Experts across TELUS to maintain relevant policies and standards
• Support customer inquiries by providing tailored security advice to TELUS policies, standards, and best practices
• Conduct security risk management activities in support of major TELUS initiatives in order to ensure that identified risks are appropriately documented, signed off, monitored, and eventually remediated
• Manage and further develop scope of reporting of activities into compelling monthly reports and metrics
• Analyze existing work processes and procedures within team, and develop innovative solutions to help improve and automate them
• Exercise effective time management skills and independently drive project completion
  
  
  

What you bring:

• 5+ years in Information Technology
• At least 2+ year supporting either
• Security Risk, Compliance and Governance reviews
• IT Risk assessments/ Information security consulting/ IT audits
• Experience with creating security policies that align with both industry best practices and organizational requirements
• Experience in Software Development (process improvement and automation), using common programming/scripting languages such as Python/ Java/ C++/ similar others
• Expertise with analyzing complex problems, authoring technical content and presenting them in a simple manner, using non-technical language
• Exceptional English communication skills, both written and verbal
• Ability to obtain a secret security clearance
  
  
  

Great-to-haves:

• Experience with industry standards such as ISO 27001/2, NIST, CIS, COBIT, PCI-DSS, etc.
• Security, governance and risk related certifications (e.g. CISA, CRISC, CISSP, CISM)
• Experience building generative AI solutions (e.g. copilots)
• Bilingual capabilities (French and English)
  
  
  

Advanced knowledge of English is required because you will most of the time interact in English with external parties (clients, suppliers, candidates, external partners, etc.); interact in English with internal parties (colleagues, internal partners, stakeholders, etc.); and work with IT tools whose interface is only accessible in English as part of this position's main responsibilities given its national scope.