Lead Information Security Analyst - IT Governance
Providence India
- Hyderabad, Telangana
- Permanent
- Full-time
- Conduct risk review of Security Exception request, collaborate with other security teams to review overall risk.
- Security evaluation /Risk assessment for any new/existing products/applications/solutions/medical devices brought by 3rd Party vendors.
- Manage risks related to the use of information technology, information security, privacy, regulatory compliance, and governance.
- Develop & maintain infosec, data security governance policies & standards
- Maintains integrated control framework
- Implement higher-level security requirements and integrate security programs across disciplines
- Conduct external security audit, attestation & Assessments, IT audit Mgmt
- Support in achieving KPIs and metric for the Risk Management process
- Maintain updated knowledge in the field of GRC to efficiently work on frameworks including NIST CSF, CIS Controls, HIPAA, PCIDSS, ISO27001, GDPR, SOX 404, ITIL, etc.
- Remain current with industry best practices and monitor the legal and regulatory environment for developments.
- Holistic security evaluation for Providence supported applications/solutions and business processes to validate security posture aligning with PSJH Security Policy & Standards.
- Serve as a subject matter expert to ensure and monitor compliance with Industry and Government rules and regulations at Enterprise/Region/Site level.
- Conduct gap analysis and implement Standards Frameworks like ISO 27001, Privacy, GDPR, NIST CSF, HIPAA, PCIDSS, SOX etc.
- Develop and revise Policies, Standards, Processes, and guidelines for the enterprise through change management
- Completes security reviews, attestations requested by regulatory/business partners.
- Support in conducting Internal audits, security risk assessments for HIPAA, PCIDSS, ISO27001, URAC etc
- Support in building an Integrated Control framework on applicable industry standards.
- Regularly collaborate with business leaders, application, and product owners to evaluate security needs and impacts of security decisions on business processes as well as to communicate risks
- Promote and raise awareness of Cyber-Security programs and posture, driving change and influencing proper Cyber Security hygiene within the organization.
- 4-year University (Bachelor's) degree in Computer Science, Information Security, Cyber Security or related field.
- Minimum 4 years of experience in an Information Security/GRC role.
- Minimum 2 years of experience in IT GRC Role/ Internal Audit Role.
- Preferred 2 years of experience in Healthcare, Pharma or Bio-Technology organization.
- Strong project management skills to simultaneously work on multiple projects concurrently
- Experience with managing a GRC tool application support life cycle.
- Strong written and oral communication skills with the ability to explain technical ideas to non-technical individuals at any level.
- Adaptable to shifting priorities, demands, and timelines through analytical and problem-solving capabilities. Able to react to project adjustments and alterations promptly and efficiently.
- Ability to collaborate with leaders throughout the organization.
- Ability to effectively prioritize and execute tasks in a high-pressure environment.
Contact our also, read our .Providence’s vision to create ‘Health for a Better World’ aids us to promote individuality, diversity of thought and background, and acknowledge its role in the organization’s success. This makes us committed towards equal employment opportunity regardless of race, religion or belief, color, ancestry, marital status, gender, sexual orientation, age, nationality, ethnic origin, pregnancy, or related needs, mental or sensory disability, HIV Status, or any other category protected by applicable law. We strive to address all forms of discrimination or harassment and provide a safe and confidential process to report any misconduct.Contact our also, read our .