Job Details

ID #21696480
State Massachusetts
City Boston
Job type Contract
Salary USD $65 65
Source Amtex System Inc.
Showed 2021-10-25
Date 2021-10-25
Deadline 2021-12-23
Category Et cetera
Create resume

Principal IT Security & Privacy Risk Analyst

Massachusetts, Boston, 02115 Boston USA

Vacancy expired!

Amtex Systems Inc is an information technology and talent solutions company offering talent and BI consulting to the companies in US for over 20 years. Our solutions are designed to fill resource gaps, by providing the right candidates who deliver value to the organization. Our propensity to nurture and build strong relationships with our clients helps us better understand their business demands and gives us the ability to provide services that are on time and rise above the rest. About us: Amtex Systems Inc is an information technology and talent solutions company offering talent and BI consulting to the companies in US for the last 20 years. Our solutions are designed to fill resource gaps, by providing the right candidates who deliver value to the organization. Our propensity to nurture and build strong relationships with our clients helps us better understand their business demands and gives us the ability to provide services that are on time and rise above the rest. Title: Principal IT Security & Privacy Risk Analyst Location: REMOTE Duration: 9 months European Union-EU/GDPR experience is a must, bio/pharma/medical device/healthcare experience is a must ideally the candidate will have some of those certifications Must Haves: Must have Global experience especially EU (European Union). PHARMA/BIOTECH exp. Day to Day: The Principal IT Security & Privacy Risk Analyst will be responsible for managing and implementing the IT Third Party Risk Management (TPRM) work streams to support overall IT TPRM Program. Responsibilities include risk identification, data analysis, process design and implementation with appropriate business stakeholders and vendors. The ability to lead with risk based knowledge, confidence, and effective partnerships is critical to our department mission. This position reports to the Senior Director, IT Governance, Risk, and Compliance and Cybersecurity. Primary Duties and Responsibilities The Principal IT Security & Privacy Risk Analyst will be dedicated to supporting IT Third Party Risk Management Program (TPRM), a shared service across multiple lines of business responsible for risk identification, analysis, process design and implementation of related control practices across the enterprise. Responsible for developing a vendor compliance culture as a risk advisor with a well-rounded operational risk management background and as a business advocate supporting stakeholders in the use of well controlled practices in managing our vendors Responsible for coordinating and scheduling information security & data protection impact assessments with business owners, working with team members to conduct assessments and develop remediation plans using evolving business processes and tools, documenting the effort in a Third Party Risk Management tool and following up with business owners on remediation plans. Participate on projects of moderate to high complexity and provide complex reporting, analysis, and assessments at the functional, business line or enterprise level. Assist in guiding business owners and end-users on the implementation of solutions that comply with IT Security and Privacy policies and standards. Apply a teamwork philosophy with technology and partners, service, or platform owners to integrate all technology security components and address control gaps. Consult on regulatory compliance requirements, reporting, and questions. Provide support and consulting for audits, help compose management responses, and drive appropriate remediation activities. Assist in prioritizing departmental tasks including new information security risk assessments, data privacy impact assessments, and associated exception requests according to related processes and procedures. Assess, identify, and escalate issues appropriately. Document assessments, exceptions, findings, and remediation plans in a Third Party Risk Management tool. Develop on-going technology risk reporting, monitor key trends, and define metrics to measure control effectiveness Required to demonstrate the ability to influence IT TPRM strategy by making decisions on moderately complex to complex issues with minimal direction. This role allows for considerable latitude in determining objectives and approaches to assignments. Qualifications Bachelor's degree (B.A. / B.S.) or equivalent in computer science, business administration, or equivalent discipline from an accredited college or university or equivalent experience 8-10 years of relevant experience, preferably in a global environment 4-6 years' experience in vendor risk management, enterprise risk management, operational risk management, audit, and risk/control framework 2-4 years' operational experience 2-3 years' experience in pharma, biotech, healthcare preferred Ability to manage enterprise wide projects with a focus on assessing risks, design, and implementation Strong focus on developing effective working relationships. Ability to explain technical issues to non-technical people Advanced knowledge of one or more technology controls or security domains, disciplines, and practices. Sound to advanced knowledge of business, technology controls, security, and risk issues. Demonstrated ability to participate in projects of moderate to high complexity. Ability and commitment to serve as a subject matter expert on business-specific, cross-functional and enterprise initiatives. Knowledge of GDPR, HIPAA, HITECH and other appropriate information security and information privacy regulatory requirements for healthcare entities required Knowledge of NIST 800-53, ISO 27K, SOC 2, ISAE 3400 required. Readiness to participate in projects of moderate to high complexity and provide complex reporting, analysis, and assessments at the functional, business line or enterprise level. Must be eligible for employment under regulatory standards applicable to the position. Preferred Qualifications / Certifications CTPRP Certified Third-Party Risk Professional CTPRA Certified Third-Party Risk Assessor CRISC - Certified in Risk and Information Systems Control CISA Certified Information Systems Auditor HCISSP Healthcare Certified Information Systems Security Professional CIPP Certified Information Privacy Professional CIPT Certified Information Privacy Technologist CHPS Certified in Healthcare Privacy and Security Any of the following certifications is a plus: CPHIMS Certified Professional in Healthcare Information and Management Systems GIAC Global Information Assurance Certification Security Essentials (GSEC) CIPM Certified Information Privacy Manager PCIP Payment Card Industry Professional PMP Project Management Professional ITIL - ITIL v4.0 Foundation, Managing Professional, Strategic Leader CGDPRLI Certified GDPR Lead Implementer CGDPRLA Certified GDPR Lead Auditor

Vacancy expired!

Subscribe Report job