Senior Information Security Analyst

Are you ready for the Most Impactful Work of Your Life?
Working at Signant Health puts you at the very heart of the world’s most exciting sector - a high-growth, dynamic company in an extraordinary industry. We’re radically changing the clinical trial landscape, driving change through the technology and innovations we create and the services we deliver to our customers.
Where do you fit in?
The Senior Information Security Compliance Analyst assists the Chief Information Security Officer in the execution of all assurance activities related to the availability, integrity and confidentiality of customer, business partner, employee, and business information in compliance with the organization's information security policies. They will also play an integral role in the development and maturity of the enterprise information security program and function, as well as, a number of key assurance activities, including corporate-wide information security management, certification, awareness, and vendor management programs. Lastly, the Senior Information Security Compliance Analyst will serve as the primary point-of-contact for most assurance business-as-usual activities and customer audits.
**As part of our team, your main responsibilities will be**:
1. Assist the CISO in the development, implementation, and monitoring of enterprise information security program. Ensure policies and SOPs are written, approved, published, and kept up to date.
2. Serve as program lead for enterprise Information Security certification programs:

- ISO 27001
- SSAE-18 SOC2
- HIPAA/HITRUST
- Etc.

**3. Serve as program lead for the following programs**:

- Enterprise Information Security Awareness program:
i. Develop Biannual Global Information Security Awareness Trainings.
ii. Administer Biannual Phishing Simulation Campaigns.
iii. Develop and deliver role/function-specific security awareness training, as needed.
- Enterprise Business Continuity Program:
i. Create, update, and disseminate Enterprise Business Continuity Program Governance materials.
ii. Work with internal departments on the creation and testing of Departmental Business Continuity Plans
iii. Develop and execute necessary internal and external Business Continuity Alerting and Coordination activities.
- Information Security Vendor Management Program:
i. Implement and maintain Vendor Management Tracking
ii. Coordinate with the internal Procurement team on new vendor assessments, which include:
a. Implementing, maintaining, and executing online vendor assessment questionnaires when needed.
b. Obtaining and reviewing relevant vendor security attestations and other relevant information security materials
c. Creating and disseminating the necessary assessment summary documentation.
iii. Ensure vendor periodic reassessments occurred within pre-defined timeframe
4. Serve as main POC for organization on Information Security assurance business-as-usual and customer audit activities. This includes, but is not limited to the following:

- Completion of vendor/RFI(P) information security assessments.
- Developing applicable Memos-To-File (MTFs) for sign-off by the Chief Information Security Officer
- Representing Information Security in customer audits (both on-site and remote)

**You’ll need to bring**:
1. Degree in business administration, project management, or a technology-related field required.
2. Professional security management certification (preferred)
3. Minimum of 3-5 years of experience in a combination of risk management, information security and IT jobs
**4. Experience in developing and administering the following**:

- Information Security Compliance Programs.
- SSAE-18 SOC2
- ISO 27001
- Information Security Risk Assessment/Audit program.
- Information Security Awareness Program

5. Experience in writing Policies, Standard Operating Procedures, Working Instruction, etc.
6. Excellent written and verbal communication skills and high level of personal integrity.
7. Ability to function independently with mínimal supervisory input.
**We’d be thrilled to hear that you also have**:1. Experience in administering the following programs**:

- Enterprise Business Continuity Program
- Information Security Vendor Assessment Program

2. Experience with the development and administration of Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs).
3. Prior participation in Customer Audits
4. Information Security or IT Risk Management/Audit certification
5. Ability to lead and motivate cross-functional, interdisciplinary teams.
Does this sound like something you’d like to explore? Then we’d love to hear from you
LI-IM1
At Signant Health, accepting difference isn’t enough—we celebrate it, we support it, and we nurture it for the benefit of our team members, our clients and our community. Signant Health is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, s