Senior Technical Project Manager - Cybersecurity

TELUS Health is empowering every person to live their healthiest life. Guided by our vision, we are leveraging the power of our leading edge technology and focusing on the uniqueness of each individual to create the future of health. As a global-leading health and well-being provider – encompassing physical, mental and financial health – TELUS Health is improving health outcomes for consumers, patients, healthcare professionals, employers and employees.

• Lead the FedRAMP authorization program from initial gap assessment through full Authority to Operate (ATO)
• Coordinate cross-functional teams across Cloud Engineering, DevSecOps, Security, and Compliance to implement NIST 800-53 controls
• Oversee creation and maintenance of System Security Plans (SSP), Plan of Actions & Milestones (POA&M), and supporting documentation
• Act as primary liaison with Third Party Assessment Organizations (3PAOs) and federal sponsor agencies
• Manage remediation efforts based on audit findings and establish continuous monitoring practices

• Lead project planning, execution, and reporting for FedRAMP Moderate ATO, ISO 27001, and CSA STAR certifications
• Develop and maintain schedules, milestones, deliverables, and dependencies for certification efforts
• Coordinate with internal teams to ensure controls are documented, tested, and evidenced per relevant frameworks
• Manage documentation creation including Security Assessment Reports (SAR), incident response plans, and vulnerability management records
• Oversee continuous monitoring programs and periodic compliance reviews

• Oversee that technical architecture and security control implementations are aligned with NIST 800-53 and FedRAMP baselines
• Partner with Cloud Engineering to build compliant Azure environments for multi-tenant systems
• Lead the implementation data protection mechanisms across the technology stack
• Lead the design and validation of identity management, data flow, and API integrations
• Lead the establishment of vulnerability management and incident response frameworks

• Communicate progress, risks, and dependencies to executive leadership and client stakeholders
• Prepare regular status reports, dashboards, and presentations for senior leadership
• Facilitate executive steering committees and governance forums
• Liaise with external auditors, cloud service providers, and regulatory bodies
• Provide technical mentorship and leadership for compliance best practices

Education and Certifications

• Bachelor's degree in Computer Science, Information Systems, or Engineering Master's preferred

• PMP or equivalent project management certification required

• Cloud certification such as Azure Architect Expert 

• CISSP, CISM, CISA, or FedRAMP Practitioner certification is an asset

Experience

• Ten or more years of experience in IT project management or solution architecture for enterprise or government platforms

• Prior hands-on experience managing FedRAMP certification(s), OR similar cloud security regulatory / assurance programs (e.g. DoD SRG, ISO 27001, SOC 2, GxP etc.). Specifically: familiarity with FedRAMP documentation, continuous monitoring, liaising with 3PAOs, building SSPs, POA&Ms.

• Experience with CSA STAR or familiarity with the Cloud Security Alliance’s CCM or STAR registry, or other related trust & assurance cloud frameworks.

• Deep working knowledge of cloud environments / platforms (e.g. AWS, Azure, GCP), including security control implementation, cloud network/security architecture, identity & access management, encryption, logging, etc.

• Familiar with security / privacy / regulatory requirements relevant to pensions and benefits administration, and/or financial services, in the U.S./Canadian jurisdictions (e.g. privacy laws like PIPEDA, HIPAA, GLBA, state data breach laws; US federal agency or state agency standards if applicable).

• Background in pension administration, benefits management, or financial services technology is an advantage

• Experience working with third party assessment organizations, federal compliance bodies, and cloud providers

Skills and Attributes

• Strategic and hands-on leader with excellent communication skills

• Strong knowledge of NIST 80053 controls, ATO process, and continuous monitoring operations

• Ability to simplify complex technical and compliance concepts

• Collaborative, adaptable, and passionate about secure scalable technology

A bit about us

We’re a people-focused, customer-first, purpose-driven team who works together every day to innovate and do good. We improve lives through our technology solutions and foster a culture of innovation that empowers team members to solve complex problems and create remarkable human outcomes in a digital world. 

TELUS is proud to foster an inclusive culture that embraces diversity. We are committed to fair employment practices and all qualified applicants will receive consideration for employment. We offer accommodation for applicants with disabilities, as required, during the recruitment process. 

Disclaimer:  In accordance with the TELUS Health Solutions Data Center Security Policy, as a condition of employment, all team members whose job functions require they work at a Data Center and/or have access to detailed knowledge of technology related to client service delivery, are subject to a Personnel Security Screening conducted through the Government of Canada.

The health and safety of our team, customers and communities is paramount to TELUS.  Accordingly, we require anyone joining our TELUS Health Care Centres to be fully vaccinated for COVID-19.

Note for Quebec candidates: if knowledge of English is required for this position, it is because the team member will be asked, on a regular basis, to interact in English with external or internal parties or to use English applications or software as part of their tasks.

By applying to this role, you understand and agree that your information will be shared with the TELUS Group of Companies’ Talent Acquisition team(s) and/or any leader(s) who will be part of the selection process.