Sr Info Security Risk Analyst

Description

Syneos Health® is a leading fully integrated biopharmaceutical solutions organization built to accelerate customer success. We translate unique clinical, medical affairs and commercial insights into outcomes to address modern market realities.  

Every day we perform better because of how we work together, as one team, each the best at what we do. We bring a wide range of talented experts together across a wide range of business-critical services that support our business. Every role within Corporate is vital to furthering our vision of Shortening the Distance from Lab to Life®.

Discover what our 29,000 employees, across 110 countries already know: 
WORK HERE MATTERS EVERYWHERE

Why Syneos Health

We are passionate about developing our people, through career development and progression; supportive and engaged line management; technical and therapeutic area training; peer recognition and total rewards program.

We are committed to our Total Self culture – where you can authentically be yourself. Our Total Self culture is what unites us globally, and we are dedicated to taking care of our people. 

We are continuously building the company we all want to work for and our customers want to work with. Why? Because when we bring together diversity of thoughts, backgrounds, cultures, and perspectives – we’re able to create a place where everyone feels like they belong. 

Job Summary

This role participates in the information security risk management program to reduce the risks to the level that is acceptable to the organization. The role requires a deep knowledge of security control frameworks, staying abreast of the evolving threat landscape, and having experience working in a cybersecurity risk management, and/or audit environment.  The role cooperates with various internal and external stakeholders to ensure that Syneos Health and its third parties meet or exceed internal and external cybersecurity and legal requirements. This role requires a good understanding of information security principles, risk assessment methodologies, and industry best practices. Adapts to an ever-changing cybersecurity risk landscape and helps to evolve Syneos Health’s cybersecurity program to meet and address these challenges.

Job Responsibilities

·     Serves as a senior member of the working team for Risk Management within the Governance, Risk, and Assurance (GRA) function.

·     Conducts information security risk assessments of internal processes, IT solutions, and third parties as an information security risk subject matter expert.

·     Conducts comprehensive internal and external audits, assessments, and compliance reviews relating to information security and risk management.

·     Collaborates with cross-functional teams to ensure risk management practices align with business objectives and compliance requirements.

·     Identifies, analyzes, assesses, monitors, and tracks risks in the information security risk register.

·     Monitors, tracks, and manages risk mitigations and exceptions to ensure cyber security policies and standards are established, implemented, and followed.

·     Collaborates with internal stakeholders (Security Operations, Information Technology, Governance, Risk and Assurance, Privacy, Regulatory & Compliance, etc.) and third parties as part of the risk management program.

·     Participates in ad-hoc, non-systematic risk assessment requests.

·     Stays updated with the latest cybersecurity trends, emerging threats, and industry developments to provide proactive risk mitigation recommendations.

Qualifications

Required Qualifications

·      Bachelor’s degree in computer science, Information Security, or a related field is required. Relevant certifications such as CISSP, CISA, CRISC, or ISO 27001 auditor are mandatory.

·     Minimum 5 years’ experience working as an Information Security Risk Analyst or in a similar role focused on information security risk management.

·     Possess strong process knowledge, and ability to design and/or improve risk management processes.

·     Experience in utilizing tools for risk profile data collection is desirable e.g., OSINT and GRC.

·     Good knowledge of cybersecurity principles, governance, and regulatory compliance

·     Deep understanding of risk assessment methodologies, vulnerability management, and security control frameworks (e.g., NIST, ISO 27001, COBIT)

·     Familiarity with security controls, technologies, and best practices to mitigate cyber risks.

·     Proficient in Microsoft Office (Excel, PowerPoint, Word)

·     Demonstrate sound judgment and decision-making skills when dealing with complex cybersecurity risks.

·     Strong communication and interpersonal skills to collaborate effectively with cross-functional teams and stakeholders.

·     Ability to work independently as well as collaboratively in a team environment, prioritize tasks, and manage time effectively.

·     Excellent analytical and problem-solving skills.   

Disclaimer:

Tasks, duties, and responsibilities as listed in this job description are not exhaustive.  The Company, at its sole discretion and with no prior notice, may assign other tasks, duties, and job responsibilities.  Equivalent experience, skills, and/or education will also be considered so qualifications of incumbents may differ from those listed in the Job Description.  The Company, at its sole discretion, will determine what constitutes as equivalent to the qualifications described above.   Further, nothing contained herein should be construed to create an employment contract.  Occasionally, required skills/experiences for jobs are expressed in brief terms.  Any language contained herein is intended to fully comply with all obligations imposed by the legislation of each country in which it operates, including the implementation of the EU Equality Directive, in relation to the recruitment and employment of its employees.  The Company is committed to compliance with the Americans with Disabilities Act, including the provision of reasonable accommodations, when appropriate, to assist employees or applicants to perform the essential functions of the job.