Lead Information Security Policy Analyst

PURPOSE AND SCOPE :

The Lead Governance, Risk, and Compliance Analyst will play a key role in leading the development and maintenance of the organization's global governance, risk management, and compliance programs.

This position will support a broad range of activities across the organization.

LEAD INFORMATION SECURITY POLICY ANALYST ADDENDUM

Leads the development and implementation of global cybersecurity policies, standards, and procedures aligned with industry best practices, including NIST CSF and 800-series publications.

Advances the enterprise-wide cybersecurity governance function by fostering a union of business risk and information security practices.

Collaborates with business and IT leaders to analyze key global processes and develop new or adjusted information security requirements.

Works closely with security operations, engineering, and architecture teams to continuously align and improve information security practices.

Articulates information security governance in business terms and champion awareness of requirements and best practices.

Facilitate examinations by security assessors and auditors for compliance obligations, such as HIPAA and ISO 27001.

Establishes, measures, and manages metrics to quantify and report global security posture.

Other duties as assigned.

PRINCIPAL DUTIES AND RESPONSIBILITIES :

Leads the development, implementation, and maintenance of an information security framework aligned with industry leading practices.

Leads the design and documentation of technical, administrative, and physical controls to ensure the business demonstrates compliance with its regulatory and compliance obligations.

Provides strategic direction within IT and information security initiatives to ensure the delivery of compliant and risk-appropriate solutions.

Facilitate examinations by security assessors and auditors for compliance obligations, such as HIPAA and ISO 27001.

Leads security risk assessments and recommends controls to mitigate identified security risks.

Communicates risk findings and recommendations to business stakeholders.

Leads the development and deployment of workforce security training and awareness.

Leads the development and implementation of global cybersecurity policies, standards, and procedures aligned with industry best practices, including NIST CSF and 800-series publications.

Leads the lifecycle management of information security policies.

Provides mentoring and quality reviews for other analysts.

PHYSICAL DEMANDS AND WORKING CONDITIONS :

The physical demands and work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job.

Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Occasional travel may be required due to the nature of the job (

SUPERVISION :

No supervision, but will provide technical direction and mentoring to junior analysts.

EDUCATION :

Bachelor's Degree or an equivalent combination of education and experience

EXPERIENCE AND REQUIRED SKILLS :

7+ years' related experience in cybersecurity governance, risk, compliance, information security, and / or other related roles.

Advanced knowledge of internal control structure, data, and technology

Advanced knowledge of NIST CSF, NIST SP 800-series, HIPAA, FIPS, and ISO 27001 : 2022, and other industry-leading standards and requirements.

Excellent verbal and written communication skills.

Excellent organizational skills.

CISSP, CRISC, CISA, CISM, or other related certifications are preferred.

Demonstrated experience with ServiceNow GRC or a similar tool is preferred.

EO / AA Employer : Minorities / Females / Veterans / Disability / Sexual Orientation / Gender Identity

Fresenius Medical Care North America maintains a drug-free workplace in accordance with applicable federal and state laws.

Fully remote position with occasional travel depending on business need.

Career with a purposeWe offer an opportunity to create and deliver treatments that save and change lives for the better.

We’ll support your ongoing development. And you’ll be part of a dedicated team of people who inspire each other to create the best possible healthcare outcomes each and every day.

Inclusion and diversityJoining Fresenius Medical Care means becoming part of a team that values diversity. We embrace the wealth of different backgrounds, cultures, experiences and opinions that make up our workforce and strive to create an inclusive atmosphere in which all our employees feel valued.

StabilityDeveloping innovative products and continuously improving our renal therapies made us the clear market leader in the production of hemodialysis machines, with sustainable, profitable growth .

This position provides our 125000 employees with the stability and security they need to help improve the lives of our patients.

Learning and developmentWe offer participation in programs at world-class business schools, leadership development, regular training for our nurses, health care professionals and manufacturing staff and digital access to high-quality educational content for all employees worldwide 24 / 7.

Local benefitsOur employees enjoy both local and global opportunities for growth and personal fulfilment. We offer local benefits designed to suit the requirements of the respective country and place of work to create ideal conditions everywhere.

Work-life balanceWe want to empower people to deliver better care. Therefore, we promote a better work-life balance through flexible working hours, part-time models, the possibility to work from home, and more.