Senior Information Security Analyst (HIPAA / GRC ) (US, Field)
Smith & Nephew•Andover, MA
•Onsite
About The Position
Life. Unlimited. At Smith+Nephew we design and manufacture technology that takes the limits off living. Join us as an Information Security Compliance Analyst and play a key role in shaping and delivering our annual HIPAA programme. This is an opportunity to work closely with leaders across Governance Risk and Compliance, with support and guidance from senior experts while owning essential programme activities that help protect our patients, people and systems.
Requirements
- Bachelor´s degree in Computer Science or related subject preferred.
- At least 5 years in Information Security, some of which should be in a compliance function.
- At least 2 years working on HIPAA compliance is required.
- At least 3 years in Program or Project Management.
- Familiarity with tools such as OneTrust or IT risk management platforms, or the ability to learn them quickly.
Nice To Haves
- Privacy or Security certifications would be advantageous but are not essential e.g. any HIPAA certification (CHPS, CHSE, CHPSE, CIPP/US), CISA, CISSP, ISO27001 or equivalent.
- Prior experience of Privacy Law related Security Controls compliance would be very well received.
- Experience deploying and assessing Information Security controls, ideally aligned to frameworks such as HIPAA, GDPR TOMS, ISO27001, HiTrust or NIST.
Responsibilities
- Become the driving force behind the annual HIPAA programme.
- Plan the programme’s schedule, coordinate with a wide range of partners, and keep everything running smoothly throughout the year.
- Oversee the annual Security Risk Assessment, shaping its scope and collaborating with third party specialists to ensure it is delivered effectively.
- Carry out security assessments on IT systems, follow a structured process to record outcomes and track actions.
- Keep our documentation and workflows in OneTrust consistently updated.
- Monitor changes in HIPAA law, support updates to internal policy, and bring insights and recommendations forward to leadership and the Steering Committee.
- Translate security controls into clear activities, understand how they are applied in practice, and turn complex challenges into structured actions.
- Contribute to the growth of the HIPAA programme year after year.
Benefits
- medical, dental, and vision coverage
- 401(k)
- tuition reimbursement
- medical leave programs
- parental leave
- generous PTO
- paid company holidays
- 8 hours of volunteer time annually
- a variety of wellness offerings such as EAP
- 401k Matching Program
- 401k Plus Program
- Discounted Stock Options
- Tuition Reimbursement
- Flexible Personal/Vacation Time Off
- Paid Holidays
- Flex Holidays
- Paid Community Service Day
- Health Savings Account (Employer Contribution of $500+ annually)
- Employee Assistance Program
- Parental Leave
- Fertility and Adoption Assistance Program
- Discounts on fitness clubs, travel and more!
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
Upload and Match Resume
What This Job Offers
Job Type
Full-time
Career Level
Senior
