Senior Information Security Risk Analyst
Job Overview
The Information Security Risk Analyst is part of the IQVIA information security organization, responsible for maintaining and executing IQVIA's risk management program, which is designed to ensure that the company's IT systems and information assets are adequately protected.
The individual will be responsible for identifying and evaluating information security risks and controls in a manner that meets IQVIA's regulatory and other compliance requirements. The individual will proactively engage with various clients, business units, and other internal departments and organizations to analyze and advise on practices that meet IQVIA's defined policies and standards for information risk management.
The ideal candidate will have a background in information security, risk management, and compliance, with the ability to identify vulnerabilities and implement effective security measures. They will demonstrate an ability to work independently and in an organized manner. They will communicate effectively and demonstrate strong technical ability and experience, as well as diplomacy and the ability to work calmly under pressure.
Essential Responsibilities
- Conducts comprehensive risk and control assessments and reviews of various operations, including determining scope, assessing risks, executing test procedures, reporting results, and making recommendations for improvement.
- Evaluates compliance with legal, regulatory, operational, and IT policies and procedures, and partners with stakeholders to develop sustainable remediation plans to security issues and control gaps, actively driving issues and risks to closure.
- Works with others to help identify advanced security risks and exposures, determine the causes of security non-compliances, and design and recommend solutions to prevent and mitigate future incidents.
- Follows up on deficiencies identified in monitoring reviews, self-assessments, automated assessments, and internal and external audits to ensure that appropriate remediation measures have been taken.
- Monitors and tracks supplier security advisories and notifications.
- Prepares detailed reports on information security risks, findings, and recommended actions for senior management.
- Evolves the risk monitoring program to identify opportunities for enhancements and manages the risk exception process.
- Partners with the technology organization to implement and maintain IQVIA's integrated control framework, which includes requirements from NIST CSF, COBIT, HIPAA, and other frameworks.
Qualifications
- Bachelor's degree in Information Security, Computer Science, or a related field.
- Equivalent work experience may substitute for a degree.
- 3+ years of experience in information security and risk management.
- Strong knowledge of information security frameworks, standards, and best practices.
- Excellent analytical and problem-solving skills.
- Strong communication and interpersonal skills.
- Ability to work independently and as part of a team.
- Professional certifications such as CISSP, CISM, CISA, or CRISC are a plus.
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
mais rapidamente
