Being a member of Enterprise Security Governance Risk and Compliance team provides an exciting opportunity to be part of an innovative and dedicated team of security and audit professionals.
The Senior Governance, Risk & Compliance Analyst will be responsible for the security governance, risk management, and compliance across the enterprise. They will establish corporate security requirements by evaluating business strategies and requirements, researching information security standards, performing risk assessments, identifying integration issues, and provide recommendations for remediating identified risk. Additionally, they will lead the review and formal approval process for policy updates. Key responsibilities will be to ensure Information Security Policy and Standard documents meet or exceed industry standards, compliance requirements and customer/client expectations, coordinating internal and external audits and maintaining the Information Security Program documentation.
- Bachelor's degree in Information Systems, Computer Science, Engineering, Computer Information Systems, Management Information Systems, Accounting or related field or equivalent relevant work experience
- At least 5 years in Information Technology security programs, audits, assessments, risk, or remediation management work experience
- At least 2 years of Privacy law, data protection/security regulations, and frameworks, such as BITS, HiTrust, COBIT, NIST and ISO27002 work experience
- Experience with information security risk management
- Experience with data privacy/protection
- Experience with ISO 31000, 27005, 27001, 270017, HIPAA, NIST 800-53, PCI DSS, SSAE 18and/or other risk-centric standards and frameworks
- Internal or external IT audit experience a plus
- Archer experience a plus
- Cloud Security Alliance experience a plus
- CRM (Certified Risk Manager), PRM (Professional Risk Manager), ISO 27005 Risk Manager, CRMA (Certification in Risk Management Assurance), CERA (Chartered enterprise Risk Analyst), CISA (Certified Information Systems Auditor) or other risk or audit credentials a plus
- Security+, SANS GIAC, CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager) or CISMP (Certificate in Information Security Management Principles) a plus
- Willing to work additional or irregular hours as needed and allowed by local regulations
- Work in accordance with corporate and organizational security policies and procedures, understand personal role in safeguarding corporate and client assets, and take appropriate action to prevent and report any compromises of security within scope of position
- Perform other responsibilities as assigned
Applicants for U.S. based positions with Cerner Corporation must be legally authorized to work in the United States. Verification of employment eligibility will be required at the time of hire. Visa sponsorship is not available for this position.
Some Cerner positions may be obligated to comply with client-facing requirements and occupational health requests, including but not limited to, an immunization set, an annual flu shot, an annual TB screen, an updated background check, and/or an updated drug screen.
Relocation Assistance Available for this Job:
Yes - Domestic/Regional
Virtual Eligible Job