Senior Cybersecurity Analyst

• Collaborate with cross-functional teams to guide the implementation and configuration of cybersecurity tools throughout the enterprise.
• Analyze emerging technologies and design and build architectures and solutions to enable secure implementation of new technologies.
• Guide business units, application development teams, and third-party vendors to achieve program requirements and enable the business.
• Support leadership in developing strategies, policies, and standards to protect company information and technology assets.
• Attend regular project and implementation meetings and serve as the security consultant to help determine and guide secure practices.
• Stay updated with current and proposed security changes impacting regulatory, privacy, and security industry best practices.
• Contribute to the development of a risk-based cybersecurity program that meets regulatory requirements and aligns with industry-leading information and cybersecurity practices.
• Work with various cross-functional teams to ensure compliance with laws, regulations, and policies.
• Perform analysis of emerging technologies and design and build architectures and solutions to enable secure implementation of new technologies.

Required Qualifications

• 6 - 10 years of experience in the field.
• Bachelor's degree in information security, Computer Science, or a related field; or equivalent experience.
• Knowledge of General Computer Controls, including Information Security, Information System Operations, Vendor Management, Business Continuity, Networks, Database, System Software, Hardware, and Application Development controls.
• Strong team player with effective communication skills within cross-functional groups and the ability to perform peer reviews of work products and documents.
• Excellent organizational skills with critical attention to detail and deadlines, and the ability to handle multiple tasks simultaneously.
• Expertise in industry standards such as the NIST cybersecurity framework, ISO 27001/2, SOC2, HITRUST, and FedRAMP information security standards.
• Knowledge of national and international regulatory compliances and frameworks such as NIST, ISO, SOX, GDPR, HIPAA, and FDA.
• Understanding of OWASP, CVSS, and the MITRE ATT&CK framework.
• Self-motivated and well-organized.

Preferred Qualifications

• Excellent oral and written communication skills for interaction with all levels of management and staff, including the ability to communicate regulatory requirements, security objectives, policies, and standards in business terms.
• CISM Certification (or similar) is strongly preferred.
• Experience in medical device product security.
• Familiarity with threat modeling methodologies and their application.
• Audit and Risk Management experience.
• Analytical and problem-solving mindset.
• Ability to work calmly under pressure and with tight deadlines.
• Effective decision-making skills.