100% Remote:: IT Risk Analyst-Pharma Domain
- Category: Science/biotech
- Deadline: 01st November 20222022-11-01T00:00:00-0700
- North Carolina
Vacancy expired!
Role : IT Risk AnalystLocation : Cambridge, MA / Raleigh, NC /Remote (MUST WORK ON EST TIME ZONE - 8 AM to 5 PM EST)Note:-
- Preference is for candidate with exp with life sciences (pharmaceutical) background
- Minimum need is for 10+ years profiles.
- Must have Experience building Dashboards and familiarity with Tableau/ Power BI/Advanced Excel. knowledge of using scripts to build dashboards is highly desirable
- Need confirmation from candidate that candidate is willing to work on EST Time Zone - 8 AM to 5 PM EST and be based physically in one of the 50 states in the US.
- Help the IT Risk Management Lead build a process and culture of proactive risk identification by monitoring the IT control environment for changes and emerging risks, to inform business unit and functional group leadership of the top security/compliance risks, overall security health of their organizations and advise on risk treatment
- Develop and maintain collaborative relationships with IT business partners, IT leadership, Control Owners and Internal Audit stakeholders
- Deliver Metrics and Dashboards relevant to IT risk
- Provide training, lessons learned, and best practices guidance to IT leadership and IT personnel (e.g., system owners) to improve IT risk management
- Facilitate documentation and maintenance of IT risk processes and support documentation of security controls and relevant processes
- Promote and support an approved risk management, governance and compliance strategy and plan that supports the achievement of the Global Information Technology Strategy
- A minimum of eight years of related work experience in IT enterprise risk management (conducting risk assessments and providing risk analysis), and/or IT operations, governance, audit and compliance with required knowledge, skills, and abilities
- Technical aptitude and understanding of IT systems and their connection to data collection and processing:
- Knowledge of the following areas: networking, cloud computing, vulnerability management, Identity and Access Management tools, Active Directory, Privileged Access Management, Multifactor Authentication and Single Sign-On concepts, baselines, security monitoring, change management, asset management, incident response, SDLC, encryption, etc.
- Direct experience building, maintaining and operationalizing IT risk metrics.
- Must have Experience building Dashboards and familiarity with Tableau/ Power BI/Advanced Excel. knowledge of using scripts to build dashboards is highly desirable
- Keenly developed business partnering and collaboration skills, adept at establishing and sustaining effective working relationships, both within and between departments.
- Ability to operate effectively in a matrixed environment: Building and managing peer and management-level relationships through achievement of results, accountable to schedule, and allocation of resources and meeting customer needs.
- Solution and results oriented. Strong analytical and problem-solving skills
- Excellent people skills, a team player; strong interpersonal and collaborative skills.
- Excellent written and verbal communication skills including the ability to effectively communicate security- and risk-related concepts to technical and nontechnical audiences
- Strong skills as a negotiator, to facilitate commitment to, and sign-off on, appropriate levels of residual risk from line-of-business managers
- High level of personal integrity, with the ability to handle confidential and otherwise sensitive matters professionally and with the appropriate level of judgment and maturity
- High degree of initiative, dependability, and ability to work with little supervision
- 8+ years of experience in IT risk management or a related discipline (for example, IT risk, IT security operations, governance, audit or compliance)
- Industry certifications relating to risk management and security are highly desired (for example, Certified Risk and Information Systems Control (CRISC), Certified Information Systems Auditor [CISA], Certified Information Systems Security Professional [CISSP]).