Sr Governance Risk And Compliance Analysts

What will you be responsible for?

• Develop, maintain, monitor and enforce IT policies and procedures
• Development, implementation and compliance of information risk management across the enterprise
• Support establishing information security governance framework
• Manage risks related to the use of information technology, information security, privacy, regulatory compliance and governance.
• Drive risk management and governance strategies for emerging technology areas
• Implement higher-level security requirements and integrate security programs across disciplines.
• Maintain updated knowledge in the field of Risk management and Compliance to efficiently work on frameworks including NIST CSF, CIS Controls, HIPAA, PCI DSS, ITIL, etc.
• Remain current with industry best practices and monitor the legal and regulatory environment for developments.
  
  
  

• Serve as a subject matter expert to ensure and monitor compliance with Industry and Government rules and regulations at Enterprise/Region/Site level. Conduct gap analysis and implement Standards Frameworks like NIST 800 53, CSF, ISO 27001, PCI DSS, HIPAA, NIST, SOX
• Develop and revise Policies, Standards, Processes and guidelines for the enterprise through change management
• Manage and report overall Governance posture and Report Risk performance against established enterprise risk metrics
• Manage Phishing awareness campaigns
• Manage framework for control governance
• Advise business-led technology projects on IT Governance awareness and standards compliance
  
  
  

• 4-year University (Bachelor’s) degree in Computer Science, Information Security, Cyber Security or related field.
• Minimum 5 years of experience in an Information Security/GRC role.
• Minimum 2 years of experience in IT Governance Role.
• Preferred 2 years of experience in Healthcare, Pharma or Bio-Technology organization.
• Enthusiastic, results oriented, having a strategic outlook for Security
• Experience with managing a GRC tool application support life cycle
• Strong written and oral communication skills with the ability to explain technical ideas to non-technical individuals at any level.
• Ability to drive, prioritize, and monitor security programs as per agreed timelines
• Ability to react to high pressure dynamic changing environments
• Ability to communicate IT risk concepts to non-technical people
• Strong problem solving and analytical skills
• Adaptable to shifting priorities, demands, and timelines through analytical and problem-solving capabilities. Able to react to project adjustments and alterations promptly and efficiently.
• Ability to work both independently and as part of a team to deliver quality work product in a timely manner.