The Senior Information Security Analyst role presents a dynamic opportunity to help the organization ensure the secure operation of the IQVIA global information technology (IT) infrastructure and processes through support and contribution to the delivery of a global information security program.
This role is key to our Information Security team and will provide an excellent opportunity to liaise with key internal and external stakeholders while strengthening our Information Security risk management function.
The Senior Information Security Analyst will provide support and contribute to success of information security risk management workstreams by responding to business requests, resolving queries related to information security, and taking part in risk assessments, while assisting in identifying and responding to attempted efforts to compromise systems security within IQVIA.
The Senior Information Security Analyst will also work together with other members of the IQVIA Information Security team, and liaising regularly with other management teams at IQVIA.
Principal responsibilities will include :
Perform risk assessments of new and existing vendors, products / systems / applications, and services to identify and report on their information security posture, including identification of gaps and recommended mitigation actions
Communicate and report assessment results inclusive of recommendations for mitigation activities and overall risk rating
Identify opportunities to improve risk posture, designing security controls for remediating or mitigating risks, and assessing the residual risk
Generate responses to internal and external client questions, queries, and audits related to information security posture in support of sales opportunities, customer audits, or other stakeholders across the global organization
Assist IQVIA project teams in assessing information security risks pertaining to the respective project scope and recommend suitable risk mitigation plans
Required skills and experience
Significant professional experience in Information Security, Risk Management, IT Controls, IT Audit, or other related area
Proven knowledge of information security concepts and best practices, as well as ability to apply these concepts to business scenarios
Experience in risk assessments, information security controls, information security architecture, network security, information security governance
Knowledge of IT infrastructure, networks, databases, processing systems, web applications, and mobile technology. Previous information technology related work experience is an advantage
High level of accountability and ability to execute; familiar with estimating and planning own work effort including recognizing and escalating risks and issues in relation to delivery; attention to detail
Ability to effectively influence and educate business partners when necessary to help bridge gaps in understanding while maintaining good working relationships
Strong oral and written communication skills, excellent team player and collaborator
Commitment to ongoing professional development
Working knowledge of IT governance frameworks and standards such as CobiT, ITIL, ISO27001
PC proficiency, including MS Word, Excel, Power Point, and Outlook
Bachelor’s degree in information security, computer science, or information technology
A CISSP, CISM, CISA, or equivalent professional certificate is preferred
An ITIL or project management certificates are not required but beneficial