PURPOSE AND SCOPE:
The Lead Governance, Risk, and Compliance Analyst will play a key role in leading the development and maintenance of the organization's global governance, risk management, and compliance programs. This position will support a broad range of activities across the organization.
LEAD INFORMATION SECURITY POLICY ANALYST ADDENDUM
Leads the development and implementation of global cybersecurity policies, standards, and procedures aligned with industry best practices, including NIST CSF and 800-series publications.
Advances the enterprise-wide cybersecurity governance function by fostering a union of business risk and information security practices.
Collaborates with business and IT leaders to analyze key global processes and develop new or adjusted information security requirements.
Works closely with security operations, engineering, and architecture teams to continuously align and improve information security practices.
Articulates information security governance in business terms and champion awareness of requirements and best practices.
Facilitate examinations by security assessors and auditors for compliance obligations, such as HIPAA and ISO 27001.
Establishes, measures, and manages metrics to quantify and report global security posture.
Other duties as assigned.
PRINCIPAL DUTIES AND RESPONSIBILITIES:
Leads the development, implementation, and maintenance of an information security framework aligned with industry leading practices.
Leads the design and documentation of technical, administrative, and physical controls to ensure the business demonstrates compliance with its regulatory and compliance obligations.
Provides strategic direction within IT and information security initiatives to ensure the delivery of compliant and risk-appropriate solutions.
Facilitate examinations by security assessors and auditors for compliance obligations, such as HIPAA and ISO 27001.
Leads security risk assessments and recommends controls to mitigate identified security risks.
Communicates risk findings and recommendations to business stakeholders.
Leads the development and deployment of workforce security training and awareness.
Leads the development and implementation of global cybersecurity policies, standards, and procedures aligned with industry best practices, including NIST CSF and 800-series publications.
Leads the lifecycle management of information security policies.
Provides mentoring and quality reviews for other analysts.
PHYSICAL DEMANDS AND WORKING CONDITIONS:
SUPERVISION:
EDUCATION:
Bachelor's Degree or an equivalent combination of education and experience
EXPERIENCE AND REQUIRED SKILLS:
7+ years' related experience in cybersecurity governance, risk, compliance, information security, and/or other related roles.
Advanced knowledge of internal control structure, data, and technology
Advanced knowledge of NIST CSF, NIST SP 800-series, HIPAA, FIPS, and ISO 27001:2022, and other industry-leading standards and requirements.
Excellent verbal and written communication skills.
Excellent organizational skills.
CISSP, CRISC, CISA, CISM, or other related certifications are preferred.
Demonstrated experience with ServiceNow GRC or a similar tool is preferred.
EO/AA Employer: Minorities/Females/Veterans/Disability/Sexual Orientation/Gender Identity
Fresenius Medical Care North America maintains a drug-free workplace in accordance with applicable federal and state laws.
Fully remote position with occasional travel depending on business need.
Solange die Stellenanzeige angezeigt wird, können Sie sich schnell und einfach bewerben.
Wir teilen unsere Informationen und Erfahrungen untereinander, da wir so aus unseren Fehlern und voneinander lernen können. Wir gehen Herausforderungen gemeinsam an, indem wir uns an Kollegen in der Nähe und in der Ferne wenden. Wir sind offen in unserer Kommunikation.
Wir hinterfragen den Status quo und zeigen Interesse daran, was um uns herum passiert . Wir stellen die nötigen Fragen, um zu verstehen, was getan werden muss. Wir übernehmen Verantwortung für die Ergebnisse.
Wir lassen uns an unseren eigenen Ansprüchen messen, verhalten uns respektvoll und gehen mit gutem Beispiel voran. Unser tägliches Handeln basiert auf Integrität und der Einhaltung unserer Standards.
Wir machen die Dinge heute besser, als sie es gestern waren. Wir bringen unsere Ideen für Verbesserungen und Innovationen ein.
Menschen stärken. Versorgung verbessern. Unser Werte sind unsere Mission.
Wir tun alles, um das Leben der Menschen besser, einfacher und länger zu machen. Unsere Teams arbeiten bereichsübergreifend daran, die komplexe Funktion der Nieren mit Behandlungen zu reproduzieren, die hohen Qualitätsstandards entsprechen, klinische Ergebnisse verbessern, nachhaltig sind und allen Richtlinien entsprechen. Wir fördern Diversität und Inklusion als zentrale Elemente eines positiven, unterstützenden Arbeitsumfelds. Diese Werte helfen uns bei unserer Mission, hochwertige Produkte und Dienstleistungen zu entwickeln, um die Gesundheit und das Wohlbefinden unserer Patienten zu verbessern und Fresenius Medical Care in eine erfolgreiche, nachhaltige Zukunft zu führen.