This is a key Compliance role within the global Information Security organization. The individual fulfilling this role will partner closely with IT professionals both within the core CIO organization and those in the Global Business Units developing and supporting technology solutions used throughout our industry.
The Compliance Analyst will ensure that IQVIA technology solutions and the underlying environments they run on adhere to the corporate Information Security control framework as well as globally recognized security standards and country regulations.
To support these objectives, responsibilities of the Compliance Analyst may include maintaining and expanding the online compliance resource library, aligning security control to authoritative sources such as ISO 27001 and HITRUST, tracking remediation of open audit findings and quality issues, verifying staff training and qualification, and monitoring the accuracy of the application portfolio.
This work will include designing and running various reports, coordinating the activity of accountable stakeholders, and tracking follow-up.
In general, the Compliance Analyst will serve as an expert in the security controls and processes that support and enforce regulations, guidelines, policies and procedures, and supporting management in promoting and assessing compliance.
Managing a portfolio of tasks as part of the delivery of the ongoing global Information Security Compliance program
Managing and providing support to customer audits on IQVIA IT systems and technology product offerings as well as hosting third-party audits required to maintain certifications
Developing, implementing, and monitoring compliance with internal security policies and procedures defined in the IQVIA Integrated Information Framework
Managing or supporting as necessary deployment, management, and maintenance of information security safeguards and their associated software related to compliance requirements
Assisting with planning, implementation and maintenance of system security administration and user access including appropriate segregation of duties based on compliance requirements
Providing support and coordination for annual testing of internal controls over financial reporting for Sarbanes-Oxley as applicable to IQVIA infrastructure and systems, including coordination of control owners’ remediation plans
Providing support and coordination for regular Service Organization Controls (SOC) audits conducted in accordance to ISAE3402 and SSAE16 professional standards
Providing support and coordination to audit and other assessment activities pertaining to regulatory frameworks related to security of healthcare information such as HIPAA, EU GDPR, Japan PrivacyMark and / or other applicable regional frameworks
Providing support and coordination to audit and other assessment activities pertaining to obtaining or ongoing maintenance or information security certification regimes such as ISO27001 or equivalent
Monitoring progress of remedial actions to ensure both regulatory issues and compliance-related information security issues are resolved and are closed in a timely manner with the root cause identified, delivering a sustainable solution
Assisting with executing an appropriate monitoring program including but not limited to : sample collateral checks of control design, sample review of control operation, review of relevant compliance metrics, and issue analysis
Managing and supporting investigation and resolution activities related to information security compliance incidents
Engaging with and managing activities of third-party specialist service providers where necessary to support information security compliance related activities, including carrying out of special reviews, assessments and investigations
Reporting regularly to management on the status of assigned activities including issues, risks and remediation actions
Cooperating with other organizational teams in compliance activities, including internal and external audits
All responsibilities are essential job functions unless noted as nonessential (N).
REQUIRED KNOWLEDGE, SKILLS AND ABILITIES
Candidates should possess an Associates or Bachelor's degree, and preferably have experience within a regulated industry environment
Knowledge of IT processes (SDLC, ITIL) supporting pharmaceutical research and development processes in a regulated environments
Excellent written and verbal communication skills
Effective organization and time management skills
Ability to write with purpose, clarity and accuracy
Ability to work both within a team environment and independently to initiate and prioritize tasks
Ability to establish and maintain effective working relationships with coworkers and management in a global environment
Skilled with word-processing, spreadsheet, and presentation applications
MINIMUM REQUIRED EDUCATION AND EXPERIENCE
Candidate should have a minimum of 5 years IT compliance experience, strong communication and interpersonal skills; or equivalent combination of education, training and experience
CISA, CISM, CRISC, or CISSP certification a plus
Extensive use of telephone and face-to-face communication requiring accurate perception of speech
Extensive use of keyboard and mouse requiring repetitive motion of fingers and wrists
Regular sitting for extended periods of time
There is the potential for some travel (up to 15%)