Senior Information Security Risk Analyst Porto Salvo

Senior Information Security Risk Analyst
Lisboa
Porto Salvo, Lisboa, Portugal

Senior Information Security Risk Analyst

IQVIA

Solutions to help life sciences organizations drive healthcare forward and get the right treatments to patients, faster.

Job Overview: The Information Security Risk Analyst is part of the IQVIA information security organization, responsible for maintaining and executing IQVIA's risk management program, which is designed to ensure that the company's IT systems and information assets are adequately protected. The individual will be responsible for identifying and evaluating information security risks and controls in a manner that meets IQVIA's regulatory and other compliance requirements. The individual will proactively engage the various clients, business units and other internal departments and organizations to analyze and advise on practices that meet IQVIA's defined policies and standards for information risk management.

The ideal candidate will have a background in information security, risk management, and compliance, with the ability to identify vulnerabilities and implement effective security measures. They will demonstrate an ability to work independently and in an organized manner. They will communicate effectively and demonstrate strong technical ability and experience, as well as diplomacy and the ability to work calmly under pressure.

Essential Responsibilities

• Conduct comprehensive risk and control assessments and reviews of various operations, including determining scope, assessing risks, executing test procedures, reporting results, and making recommendations for improvement.
• Evaluate compliance with legal, regulatory, operational, and IT policies and procedures, and partner with stakeholders to develop sustainable remediation plans to security issues and control gaps, actively driving issues and risks to closure.
• Work with others to help identify advanced security risks and exposures, determine the causes of security
  - compliances, design, and recommend solutions to prevent and mitigate future incidents.
• Follow up on deficiencies identified in monitoring reviews,
  - assessments, automated assessments, and internal and external audits to ensure that appropriate remediation measures have been taken.
• Monitor and track supplier security advisories and notifications.
• Prepare detailed reports on information security risks, findings, and recommended actions for senior management.
• Evolve the risk monitoring program to identify opportunities for enhancements and manage the risk exception process.
• Partner with the technology organization to implement and maintain IQVIA's integrated control framework, which includes requirements from NIST CSF, COBIT, HIPAA, and other frameworks.

Qualifications

• Bachelor's degree in Information Security, Computer Science, or a related field.
• Equivalent work experience may substitute for degree.
• 3+ years of experience in information security and risk management.
• Strong knowledge of information security frameworks, standards, and best practices.
• Excellent analytical and
  - solving skills.
• Strong communication and interpersonal skills.
• Ability to work independently and as part of a team.
• Professional certifications such as CISSP, CISM, CISA, or CRISC are a plus.