Sr Info Security Risk Analyst (East Coast US, remote)
Syneos Health/ inVentiv Health Commercial LLC | |
paid time off, sick time, 401(k) | |
United States, North Carolina, Morrisville | |
Dec 21, 2024 | |
Description Sr Info Security Analyst Syneos Health is a leading fully integrated biopharmaceutical solutions organization built to accelerate customer success. We translate unique clinical, medical affairs and commercial insights into outcomes to address modern market realities. Every day we perform better because of how we work together, as one team, each the best at what we do. We bring a wide range of talented experts together across a wide range of business-critical services that support our business. Every role within Corporate is vital to furthering our vision of Shortening the Distance from Lab to Life. Discover what our 29,000 employees, across 110 countries already know: Why Syneos Health
Job Summary Core to Syneos Health, we drive governance of policies and standards, identify, manage cybersecurity-related risks, and provide assurance to stakeholders. The successful candidate will participate in the information security risk management program to reduce the risks to the level that is acceptable to the organization. The candidate will possess deep knowledge of security control frameworks, stay abreast of the evolving threat landscape, and have past experience working in a cybersecurity risk management, and/or audit environment. They will cooperate with various internal and external stakeholders to ensure that Syneos Health and its third parties meet or exceed internal and external cybersecurity and legal requirements. This role requires a good understanding of information security principles, risk assessment methodologies, and industry best practices. In addition to the job responsibilities below, this role understands and adapts to an ever-changing cybersecurity risk landscape and helps to evolve Syneos Health's cybersecurity program to meet and address these challenges. Job Responsibilities: * Serves as a senior member of the working team for Risk Management within the Governance, Risk, and Assurance (GRA) function. * Conducts information security risk assessments of IT solutions (third-party and internally developed) and internal processes. * Assesses information security risks of changes to existing IT solutions. * Identifies, analyzes, assesses, monitors, and tracks risks in the information security risk register. * Monitors and tracks risk mitigations to ensure cyber security policies and standards are established, implemented and followed. * Collaborates with cross-functional teams to ensure risk management practices and IT solutions align with business objectives and compliance requirements. * Utilizes tools from various processes (e.g. vulnerability management, anti-virus, Secure SDLC, etc.) to verify the presence of risks. * Periodically reports to internal stakeholders on overall IT solutions risk profile. * Conducts Information Security Risk Assessment program improvements based on legal, stakeholder, and best practice requirements. * Collaborates with internal stakeholders (Security Operations, Technology Solutions, Governance, Risk and Assurance, Privacy, Regulatory & Compliance, etc.) and third parties as part of the risk management program. * Participates in ad-hoc, non-systematic risk assessment requests. * Stay updated with the latest cybersecurity trends, emerging threats, and industry developments to provide proactive risk mitigation recommendations. AtSyneos Health, we believe in providing an environment and culture in which Our People can thrive, develop and advance. We reward and recognize our people by providing valuable benefits and a quality-of-life balance. The benefits for this position include a company car or car allowance, Health benefits to include Medical, Dental and Vision, Company match 401k, eligibility to participate in Employee Stock Purchase Plan, Eligibility to earn commissions/bonus based on company and individual performance, and flexible paid time off (PTO) and sick time. Because certain states and municipalities have regulated paid sick time requirements, eligibility for paid sick time may vary depending on where you work. Syneos complies with all applicable federal, state, and municipal paid sick time requirements. The annual base salary for this position ranges from $72,540 to $145,000. The base salary range represents the anticipated low and high of the Syneos Health range for this position. Actual salary will vary based on various factors such as the candidate's qualifications, skills, competencies, and proficiency for the role. Qualifications QUALIFICATION REQUIREMENTS * Bachelor's degree in computer science, Information Security, or a related field. Relevant certifications such as CISA, CRISC, or ISO 27001 auditor are highly desirable. * Five years experience working as an Information Security Risk Analyst or in a similar role focused on information security risk management. * Experience in utilizing tools for risk profile data collection is desirable. * Experience in utilizing One Trust platform is desirable. * Good knowledge of cybersecurity principles, governance and regulatory compliance. * Deep understanding of risk assessment methodologies, vulnerability management, and security control frameworks (e.g., NIST, ISO 27001, COBIT) * Familiarity with security controls, technologies, and best practices to mitigate cyber risks. * Proficient in Microsoft Office (Excel, PowerPoint, Word) * Strong communication and interpersonal skills to collaborate effectively with cross-functional teams and stakeholders. * Excellent analytical and problem-solving skills * Ability to work independently as well as collaboratively in a team environment, prioritize tasks, and manage time effectively. |