Job Description

Sr InfoSec Risk Analyst

São Paulo, 巴西 R1455367 混合模式

São Paulo, 巴西

职位描述

Job Overview

The Information Security Risk Analyst is part of the IQVIA information security organization, responsible for maintain and executing IQVIA's risk management program, which is designed to ensure that the company's IT systems and information assets are adequately protected.

The individual will be responsible for identifying and evaluating information security risks and controls in a manner that meets IQVIA's regulatory and other compliance requirements. The individual will proactively engage the various clients, business units and other internal departments and organizations to analyse and advise on practices that meet IQVIA's defined policies and standards for information risk management.

The ideal candidate will have a background in information security, risk management, and compliance, with the ability to identify vulnerabilities and implement effective security measures. They will demonstrate an ability to work independently and in an organized manner. They will communicate effectively and demonstrate strong technical ability and experience, as well as diplomacy and the ability to work calmly under pressure.

Essential Responsibilities

Conducts comprehensive risk and control assessments and reviews of various operations, including determining scope, assessing risks, executing test procedures, reporting results and making recommendations for improvement
Evaluates compliance with legal, regulatory, operational and IT policies and procedures, and partners with stakeholders to develop sustainable remediation plans to security issues and control gaps, and actively drives issues and risks to closure
Works with others to help identify advanced security risks and exposures, determine the causes of security non-compliances, designs and recommends solutions to prevent and mitigate future incidents
Follows up on deficiencies identified in monitoring reviews, self-assessments, automated assessments, and internal and external audits to ensure that appropriate remediation measures have been taken
Monitors and tracks supplier security advisories and notifications
Prepares detailed reports on information security risks, findings and recommend actions for senior management
Evolves the risk monitoring program to identify opportunities for enhancements and manages the risk exception process
Partners with the technology organization to implement and maintain IQVIA's integrated control framework, which includes requirements from NIST CSF, COBIT, HIPAA and other frameworks

Qualifications

Bachelor's degree in Information Security, Computer Science, or a related field
Equivalent work experience may substitute for degree
3+ years of experience in information security and risk management
Strong knowledge of information security frameworks, standards and best practices
Excellent analytical and problem-solving skills
Strong communication and interpersonal skills
Ability to work independently and as part of a team
Professional certifications such as CISSP, CISM, CISA or CRISC are a plus

IQVIA is a leading global provider of clinical research services, commercial insights and healthcare intelligence to the life sciences and healthcare industries. We create intelligent connections to accelerate the development and commercialization of innovative medical treatments to help improve patient outcomes and population health worldwide. Learn more at https://jobs.iqvia.com

现在申请