Information Security Analyst
At ICON, it’s our people that set us apart. Our diverse teams enable us to become a better partner to our customers and help us to fulfil our mission to advance and improve patients’ lives.
Our ‘Own It’ culture is driven by four key values that bring us together as individuals and set us apart as an organisation: Accountability & Delivery, Collaboration, Partnership and Integrity. We want to be the Clinical Research Organisation that delivers excellence to our clients and to patients at every touch-point. In short, to be the partner of choice in drug development.
That’s our vision. We’re driven by it. And we need talented people who share it.
If you’re as driven as we are, join us. You’ll be working in a dynamic and supportive environment, with some of the brightest and the friendliest people in the sector, and you’ll be helping shape an industry.
The role:
We are currently recruiting for an Information Security Analyst to work in the Governance, Risk & Compliance segment of our Cyber Security Team. This is a really great time to join this division as it is undergoing significant development and you will be joining at a time of exciting change with lots of opportunities for growth and development.
Responsibilities:
· Perform activities in the support of one or more information security management practices, such as security compliance, security risk assessment and management, security policy management.
· Ensure activities are performed in accordance with company policies and industry standard frameworks (e.g., NIST CSF, NIST RMF and ISO 27001).
· Perform information security risk assessments, security compliance continuous monitoring, and/or various regulatory or contractual compliance activities.
· Work with other key stakeholders (e.g., quality assurance, legal, data protection office, business continuity, and other information technology business units) to ensure the organization analyzes and communicates information security risks and status of controls compliance effectively.
· Participate in the development of training and communication materials for key stakeholders of the process within your area of control or expertise.
· Advise and educate stakeholders on managing cybersecurity risks and information assurance activities in accordance with ICON’s policies and procedures.
· Participate in authoring and reviewing information security policies and procedures pertaining to information security risk management and information assurance activities.
· Assist in the development of reports relating to the effectiveness of the cybersecurity risk management and assurance program.
· Perform ancillary tasks to support the strategic mission and objectives of the Cyber and Information Security department, as needed.
· Research and stay current on new technical literature applicable to information security, risk management, and information assurance.
· Assist in the development of metrics relating to the Cybersecurity Risk Management and Assurance team’s business functions/processes.
Desired Qualifications:
· Working technical knowledge of industry best practices and commonly used frameworks & standards (e.g., NIST 800-53/171, COSO, SOC/SSAE 18, COBIT, ISO 27001-2,) and various regulations pertaining to information security, cyber risk management, compliance, and data privacy (e.g., SOX, GDPR, HIPAA, GxP/GALP/GMP).
· Prior experience using an integrated risk management tool (e.g., ServiceNow) and/or vendor risk management tool (e.g., Process Unity) is a plus.
· Possess basic-to-intermediate understanding of risks and controls pertaining to technical, management, and operations security controls, system development lifecycle, business continuity, disaster recovery, data center controls, cloud computing, third-party risk management and privacy.
· Holds a CISSP, CISM, CISA, CRISC, ISO 27001 Lead Auditor or Implementer or similar certification; desirable but not required.
Minimum Requirements:
· Fundamental relationship management and communications skills.
· Fundamental ability to solve problems and apply skills to determine risk or compliance deviations.
· Bachelor's degree in Computer Science, Information Systems, Cybersecurity, Enterprise Risk Management or related field or equivalent experience and one year of risk management, cybersecurity, compliance or related experience (or combined equivalent education, training, and experience).
· Excellent written and verbal communication skills.
· Read, write and speak fluent English, with strong documentation and organizational skills.
Benefits of Working in ICON:
Our success depends on the quality of our people. That’s why we’ve made it a priority to build a culture that rewards high performance and nurtures talent.
We offer very competitive salary packages. And to keep them competitive, we regularly benchmark them against our competitors. Our annual bonuses reflect delivery of performance goals – both ours and yours.
We also provide a range of health-related benefits to employees and their families and offer competitive retirement plans – and related benefits such as life assurance – so you can save and plan with confidence for the years ahead.
But beyond the competitive salaries and comprehensive benefits, you’ll benefit from an environment where you are encouraged to fulfil your sense of purpose and drive lasting change.
ICON is an equal opportunity and inclusive employer and is committed to providing a workplace free of discrimination and harassment. All qualified applicants will receive equal consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.
If, because of a medical condition or disability, you need a reasonable accommodation for any part of the application process, or in order to perform the essential functions of a position, please let us know through the form below.
