You are inspired to contribute to the overall client's vision by applying end-to-end product security and privacy operations to keep our products and services secure and privacy compliant throughout the entire lifecycle.
You believe in the potential of science, technology, data and insights to improve the standard of care for humankind and you are eager to help navigate through unchartered territory to lift this potential.
As a member of the Compliance Product Team, you will be given this opportunity in a team with a strong focus on collaboration and teamwork to support the Digital Products domain with state of the art and innovative security and privacy concepts.
Requirements
* 5+ years in InfoSec, Risk, Privacy, or Audit.
* Strong communication skills in English; global collaboration experience preferred.
GRC Tooling & Automation
* Hands-on experience with ServiceNow GRC/IRM, RSA Archer: module setup, scripting (JavaScript), UI/workflows, API integrations.
* Low/no-code automation, data modeling, and reporting (e.g., Power BI).
* Strong understanding of RBAC, audit trails, and access controls.
Frameworks & Compliance
* Knowledge of ISO 27001, SOC 2, HIPAA, GDPR, FedRAMP, C5, etc.
* Familiar with ISO 31000, NIST RMF, FAIR, COSO.
* Experience with policy management, audit handling, and third-party risk.
Cloud & Security
* Cloud security experience (preferably AWS).
* System hardening, vulnerability management.
* Understanding of HITRUST, COBIT, and privacy laws.
Nice to have
* Cross-functional stakeholder collaboration (Security, Legal, Privacy, Product).
* Project delivery using Agile/Waterfall; strong business analysis skills.
* Experience with certifications (e.g., FedRAMP, C5) and compliance documentation.
* Bonus: Clinical/healthcare software knowledge.
Certifications Preferred: CISA, CISM, CRISC, CISSP.
Responsibilities:
* You will oversee or consult on technical architecture implementation activities, particularly for new and/or shared solutions. You will coordinate compliance activities at a global/regional level.
* You will help others (like engineers, cross functional team members) interpret laws and regulations (like GDPR, HIPAA, HITRUST and other regulations) correctly and ensure consistent adherence.
In addition, you will:
* Help with audit related work internally and externally - check controls compliance, collect evidence and coordinate audit work (like ISO 27001, 27017 and 27018).
* Coordinate routine activities like Pen Testing, Disaster Recovery and tasks stemming from them, recording of results in tools like Jira, tracking any findings and remediation work.
* Define and implement security and privacy risk management governance and insights.
* Assist in drafting new or updated compliance policies and procedures, including specifying actual or potential implications to existing business operations and practices.
* Help prepare and deliver communication and training materials/sessions to educate others on the evolving compliance landscape and potential new or updated policies and related changes.
* Leverage your working knowledge of controls for cloud security, mobile application security, data privacy laws, AWS architecture and services.
* Put in practice your project management skills and ability to manage multiple projects simultaneously to meet objectives and key deadlines.
* Conduct Risk assessments by analyzing the current risks and identifying potential risks that are affecting the business and product groups.