Information Security Risk Analyst (GRC)
About The Position
The Information Security Risk Analyst helps with identifying, developing, implementing, and maintaining processes across the organization to reduce information and information system risks. This position demonstrates awareness and knowledge of a variety of information security concepts, practices, and procedures, and supports the establishment and implementation of relevant policies, standards, guidelines and procedures. In this position, you will: Assist the Director of Information Security in achieving the team’s goals. Work with the Team on Risk and Compliance activities. Partner with business units to better understand how security can be applied in a dynamic agile driven company. Provide direction in technical areas such as conducting risk assessments. security solutions. Possess industry-specific knowledge regarding regulations and controls, such as Sarbanes Oxley, Gramm Leach Bliley (GLB), Data Privacy, ISO 27001, FedRamp, and NIST 800, as well as technical approach and best practices advice is required. Experience with automated GRC tools (e.g., RSA Archer) is a plus. Biogen is looking for an Information Security Risk Analyst / Generalist with 5-7 years of information security policy creation and ISO 27001 / NIST-CSF experience to take on the challenge of helping to build a compliant information security program using NIST 800 series. The Information Security Risk Analyst is a hands-on position responsible for assisting with safeguarding and protecting Biogen’s information and information systems.
Requirements
- Security Risk Analyst with knowledge and practical understanding of multiple security domains.
- Ability to understand and engage applicable industry-related regulatory requirements (e.g., FDA, FIPS, EU Annex 11).
- Ability to work on several task
- 5-7 years of information security policy creation and ISO 27001 / NIST-CSF experience
- knowledge regarding regulations and controls, such as Sarbanes Oxley, Gramm Leach Bliley (GLB), Data Privacy, ISO 27001, FedRamp, and NIST 800, as well as technical approach and best practices advice is required.
Nice To Haves
- Experience with automated GRC tools (e.g., RSA Archer) is a plus.
Responsibilities
- Participate in the writing, implementation and continuous improvement of information security policies, standards, and procedures.
- Promote information security awareness through awareness and education programs.
- Manage various projects, including effective project tracking, issue handling, and follow up.
- Serve as an information security liaison to Biogen business units and third parties to create and/or provide feedback on items assigned or influenced by the team (e.g., information security best practices, policy and procedure development, employee education and awareness, security exceptions).
- Perform information security risk and control assessments and report on information security risks and recommend mitigation strategies; document and monitor information security remediation and control improvements.
- Maintain confidentiality of all investigations, reports, and other confidential and sensitive information associated with position.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
Number of Employees
1,001-5,000 employees
