Join the team leading the next evolution of virtual care.
At Teladoc Health, you are empowered to bring your true self to work while helping millions of people live their healthiest lives.
Here you will be part of a high-performance culture where colleagues embrace challenges, drive transformative solutions, and create opportunities for growth. Together, we’re transforming how better health happens.
Summary of Position
The Information Security Analyst III will support the Director, Governance, Risk and Compliance - Information Security in implementing, maintaining, and improving the internal control environment to mitigate risks and assure security and compliance of Teladoc. The individual will collaborate across various departments of the business, its technology, and operations groups as well as extemal parties such as clients and vendors of Teladoc to ensure compliance to implemented policies, procedures and related controls are designed, implemented and operating effectively. The individual assuming this role should possess required technical security expertise to be a Subject Matter Expert (SME) for security guidance, approvals, design, and integration of consistent security solutions across corporate and cloud environments.
Essential Duties and Responsibilities
Manage Teladoc Health's cybersecurity program's ability to keep pace with changes in the overall threat landscape Implement a continuous security and control assessment framework Develop and maintain relevant risk metrics to promote transparency to peer teams, senior leadership, and any other relevant stakeholders.
Act as information security SME to IT and business project teams to identify potential threats and recommend solutions and technologies.
Perform continuous assessment of critical security controls for Teladoc's cloud-based applications and track them to ensure remediation of security gaps.
Assist in client lifecycle activities related to information security such as RFI responses, contract negotiations or client-led standard information gathering or security assessments.
On-boarding and annual risk assessments and due diligence exercises of potential third party service providers or partners.
Document and implement information security policies, standards and procedures following established document formats/templates.
Assist in the reviewing and updating of draft policies, standards, and procedures documents and solicit feedback from key intemal and extemal stakeholders, maintain version control.
Establish and adhere to quality control standards for creating and internally publishing information security policies, standards, and procedures.
Communicate with internal and external stakeholders the requirements in the information security policies and standards of Teladoc's Information Security and Risk Programs.
Tasks include prepare, document and/or review System Security Plans (SSPs), Risk Assessment Reports, Certification and Accreditation (C&A) packages, and System Requirements Traceability Matrices (SRTMs). Perform risk assessment analysis and ATOS.
Promote security education and awareness across Teladoc by enhancing the enterprise security awareness program.
Qualifications Expected for Position
Prioritization, time management and strong communication skills are essential for this role as, eventually, it will be managing activities with internal and external parties, both technical and non technical.
Strong background in cyber governance, risk, and compliance Extensive experience in performing vendor risk assessments inventory maintenance and other data processing activities.
Experience in cybersecurity, risk management, assurance, and audit standards/models/frameworks such as ISO 27001, NIST, HITRUST, FedRAMP, PCI, SOX, FDA, GDPR, HIPAA.
Experience with integration of security programs after mergers and acquisitions including involvement of due diligence activities when required.
Experience with risk management to secure cloud environments both public and private.
Bachelor's degree from an accredited, four-year undergraduate program.
Relevant Industry certifications such as CISA CISSP, CISM or any other.
5-7 years of experience in a purely information security role.
Prior working experience performing HIPAA, HITRUST, FedRamp, NIST, ISO, GDPR, CCPA assessments.
Working knowledge of IOT Medical Devices and FDA Postmarket/Postmarket requirements and UL2900-1/2.
As part of our hiring process, we verify identity and credentials, conduct interviews (live or video), and screen for fraud or misrepresentation. Applicants who falsify information will be disqualified.
Teladoc Health will not sponsor or transfer employment work visas for this position. Applicants must be currently authorized to work in the United States without the need for visa sponsorship now or in the future.
Why join Teladoc Health?
Teladoc Health is transforming how better health happens. Learn how when you join us in pursuit of our impactful mission.
Chart your career path with meaningful opportunities that empower you to grow, lead, and make a difference.
Join a multi-faceted community that celebrates each colleague’s unique perspective and is focused on continually improving, each and every day.
Contribute to an innovative culture where fresh ideas are valued as we increase access to care in new ways.
Enjoy an inclusive benefits program centered around you and your family, with tailored programs that address your unique needs.
Explore candidate resources with tips and tricks from Teladoc Health recruiters and learn more about our company culture by exploring #TeamTeladocHealth on LinkedIn.
As an Equal Opportunity Employer, we never have and never will discriminate against any job candidate or employee due to age, race, religion, color, ethnicity, national origin, gender, gender identity/expression, sexual orientation, membership in an employee organization, medical condition, family history, genetic information, veteran status, marital status, parental status, or pregnancy). In our innovative and inclusive workplace, we prohibit discrimination and harassment of any kind.
Teladoc Health respects your privacy and is committed to maintaining the confidentiality and security of your personal information. In furtherance of your employment relationship with Teladoc Health, we collect personal information responsibly and in accordance with applicable data privacy laws, including but not limited to, the California Consumer Privacy Act (CCPA). Personal information is defined as: Any information or set of information relating to you, including (a) all information that identifies you or could reasonably be used to identify you, and (b) all information that any applicable law treats as personal information. Teladoc Health’s Notice of Privacy Practices for U.S. Employees’ Personal information is available at this link.
