Senior Compliance Analyst (ISO 27000, FedRAMP, C5, ENS, Ukraine) #15242

Purpose Of The Job

Senior Compliance Analyst. As a member of the Compliance Product Team, you are given this opportunity in a team with a strong focus on collaboration and teamwork to support the Digital Products domain with state of the art and innovative security and privacy concepts. You will oversee or consult on technical architecture implementation activities, particularly for new and/or shared solutions. You coordinate compliance activities at a global/regional level. You help others (like engineers, cross functional team members) interpret laws and regulations (like GDPR, HIPAA, HITRUST and other regulations) correctly and ensure consistent adherence.

Main Tasks And Responsibilities

Conducting or being the subject of security and/or privacy audits

Help with audit related work internally and externally - check controls compliance, collect evidence

and coordinate audit work (like ISO 27001, 27017 and 27018)

Coordinate routine activities like Pen Testing, Disaster Recovery and tasks stemming from them,

recording of results in tools like Jira, tracking any findings and remediation work,

Define and implement security and privacy risk management governance and insights,

Assist in drafting new or updated compliance policies and procedures, including specifying actual or

potential implications to existing business operations and practices,

Help prepare and deliver communication and training materials/sessions to educate others on the

evolving compliance landscape and potential new or updated policies and related changes,

Leverage your working knowledge of controls for cloud security, mobile application security, data

privacy laws, AWS architecture and services,

Put in practice your project management skills and ability to manage multiple projects simultaneously

to meet objectives and key deadlines

Conduct Risk assessments by analyzing the current risks and identifying potential risks that are

affecting the business and product groups

Education, Skills And Experience

MUST HAVE:

Compliance with great knowledge in GRC tooling preferably GRC hands on experience and ability to identify and

automate Quality Privacy Risk and Compliance tasks throughout multiple internal and external

stakeholders integrated into our services to help in upcoming FedRAMP, C5 or similar attestations and

authorizations.

Understands Quality, Risk, Privacy and Compliance from a technical perspective and is able to articulate

and communicate the same in a written format with Fluency in English. Ability to understand what the

stakeholders or consumers do and bring it to surface. Knowledge to write clear Policy and Standard

Operating Procedures.

Working with cloud environments required

Expert planner with business process definition experience and a strong IT aptitude

System hardening, analysis and vulnerability management

Understanding of applicable and accepted audit and risk frameworks (such as COBIT, NIST, and

ISO), standards (ISO 27000 family, HITRUST) and government guidelines and laws (HIPAA, GDPR)

Clinical workflow solutions or in a clinical environment a plus

Would Be a Plus

Knowledge of AWS and Cloud Security

Strong organizational skills and ability to prioritize and manage multiple projects simultaneously if

needed

Effective at engaging with teams in various functions and across different levels

Pro-active and confident individual who is committed to driving change.

Ability to communicate complex and highly technical information clearly and concisely.