Senior Information Security Analyst
Providence India
- Hyderabad, Telangana
- Temporary
- Full-time
- Develop & maintain infosec, data security governance policies & standards
- Manage security control implementation
- Maintains integrated control framework
- Implement higher-level security requirements and integrate security programs across disciplines
- Security evaluation /Risk assessment for any new/existing products/applications/solutions/medical devices brought by 3rd Party vendors.
- Manage risks related to the use of information technology, information security, privacy, regulatory compliance, and governance.
- Conduct external security audit, attestation & Assessments, IT audit Mgmt
- Support in achieving KPIs and metric for the Risk Management process
- Maintain updated knowledge in the field of GRC to efficiently work on frameworks including NIST CSF, CIS Controls, HIPAA, PCIDSS, ISO27001, GDPR, SOX 404, ITIL, etc.
- Remain current with industry best practices and monitor the legal and regulatory environment for developments.
- Holistic security evaluation for Providence supported applications/solutions and business processes to validate security posture aligning with PSJH Security Policy & Standards.
- Serve as a subject matter expert to ensure and monitor compliance with Industry and Government rules and regulations at Enterprise/Region/Site level.
- Conduct gap analysis and implement Standards Frameworks like ISO 27001, Privacy, GDPR, NIST CSF, HIPAA, PCIDSS, SOX etc.
- Develop and revise Policies, Standards, Processes, and guidelines for the enterprise through change management
- Completes security reviews, attestations requested by regulatory/business partners.
- Support in conducting Internal audits, security risk assessments for HIPAA, PCIDSS, ISO27001, URAC etc
- Support in building an Integrated Control framework on applicable industry standards.
- Regularly collaborate with business leaders, application, and product owners to evaluate security needs and impacts of security decisions on business processes as well as to communicate risks
- Promote and raise awareness of Cyber-Security programs and posture, driving change and influencing proper Cyber Security hygiene within the organization.
- 4-year University (Bachelor's) degree in Computer Science, Information Security, Cyber Security or related field.
- Minimum 4 years of experience in an Information Security/GRC role.
- Minimum 2 years of experience in IT GRC Role/ Internal Audit Role.
- Preferred 2 years of experience in Healthcare, Pharma or Bio-Technology organization.
- Strong project management skills to simultaneously work on multiple projects concurrently
- Experience with managing a GRC tool application support life cycle.
- Strong written and oral communication skills with the ability to explain technical ideas to non-technical individuals at any level.
- Adaptable to shifting priorities, demands, and timelines through analytical and problem-solving capabilities. Able to react to project adjustments and alterations promptly and efficiently.
- Ability to collaborate with leaders throughout the organization.
- Ability to effectively prioritize and execute tasks in a high-pressure environment.
- Preferred knowledge of Information Security standards (ISO/IEC 27001, 27002, NIST CSF, NIST SP 800-53, CIS Controls).