Information Security Senior Analyst
Dublin HQ (office based with hybrid working)
ICON plc is a world-leading healthcare intelligence and clinical research organisation. From molecule to medicine, we advance clinical research providing outsourced services to pharmaceutical, biotechnology, medical device and government and public health organisations.
With our patients at the centre of all that we do, we help to accelerate the development of drugs and devices that save lives and improve quality of life.
Our people are our greatest strength, are at the core of our culture, and the driving force behind our success. ICON people have a mission to succeed and a passion that ensures what we do, we do well.
The Role:
We are currently recruiting for an Information Security Senior Analyst to work in the Governance, Risk & Compliance segment of our Cyber Security Team. This is a really great time to join this division as it is undergoing significant development and you will be joining at a time of exciting change with lots of opportunities for growth and development.
Responsibilities:
· Provide expertise in one or more information security management practices, such as security compliance, security risk assessment and management, security policy management.
· Align process/activities with the organization’s cybersecurity strategy in accordance with company policies and industry standard frameworks (e.g., NIST CSF, NIST RMF and ISO 27001).
· Lead and perform information security risk assessments, security compliance continuous monitoring, and/or various regulatory or contractual compliance activities.
· Work with other key stakeholders (e.g., quality assurance, legal, data protection office, business continuity, and other information technology business units) to ensure the organization analyzes and communicates information security risks and status of controls compliance effectively.
· Identify training needs and participate in the development of training and communication materials for key stakeholders of the process within your area of control or expertise.
· Advise and educate stakeholders on managing cybersecurity risks and information assurance activities in accordance with ICON’s policies and procedures.
· Participate in authoring and reviewing information security policies and procedures pertaining to information security risk management and information assurance activities.
· Prepare reports for key stakeholders to provide insight on the effectiveness of the cybersecurity risk management and assurance program.
· Perform ancillary tasks to support the strategic mission and objectives of the Cyber and Information Security department, as needed.
· Research and stay current on new technical literature applicable to information security, risk management, and information assurance.
· Assist in the development of and analyze performance metrics relating to the Cybersecurity Risk Management and Assurance team’s business functions/processes.
To be successful in the role, you will ideally have:
· Working technical knowledge of industry best practices and commonly used frameworks & standards (e.g., NIST 800-53/171, COSO, SOC/SSAE 18, COBIT, ISO 27001-2,) and various regulations pertaining to information security, cyber risk management, compliance, and data privacy (e.g., SOX, GDPR, HIPAA, GxP/GALP/GMP).
· Prior experience using an integrated risk management tool (e.g., ServiceNow) and/or vendor risk management tool (e.g., Process Unity) is a plus.
· Possess intermediate-to-advanced understanding of risks and controls pertaining to technical, management, and operations security controls, system development lifecycle, business continuity, disaster recovery, data centre controls, cloud computing, third-party risk management and privacy.
· Proven experience identifying failures or inefficiencies in processes, conflicting business practices and integration issues, and providing alternative solutions.
· Holds a CISSP, CISM, CISA, CRISC, ISO 27001 Lead Auditor or Lead Implementer or similar certification; desirable but not required.
Minimum Requirements:
· Advanced project coordination/management, relationship management, and communications skills.
· Advanced ability to solve problems and apply skills to determine risk exposure or compliance deviations.
· Bachelor's degree in Computer Science, Information Systems, Cybersecurity, Enterprise Risk Management or related field or equivalent experience and five (5) years of risk management, cybersecurity, compliance or related experience (or combined equivalent education, training, and experience).
· Advanced written and verbal communication skills.
· Read, write and speak fluent English, with strong documentation and organizational skills.
Benefits of Working in ICON:
Our success depends on the knowledge, capabilities and quality of our people. That’s why we are committed to developing our employees in a continuous learning culture – one where we challenge you with engaging work and where every experience adds to your professional development.
At ICON, our focus is to provide you with a comprehensive and competitive total reward package that comprises, not only an excellent level of base pay, but also a wide range of variable pay and recognition programs. In addition, our best in class employee benefits, supportive policies and wellbeing initiatives are tailored to support you and your family at all stages of your career - both now, and into the future.
ICON, including subsidiaries, is an equal opportunity and inclusive employer and is committed to providing a workplace free of discrimination and harassment. All qualified applicants will receive equal consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.
If, because of a medical condition or disability, you need a reasonable accommodation for any part of the application process, or in order to perform the essential functions of a position, please let us know through the form below.
#LI-DK1
