Senior Analyst - Cybersecurity Risk Management

2+ years

Not Disclosed

Remote Remote - Europe Remote, USA

10 Nov. 6, 2024

Job Description

Job Type: Full Time Remote Education: B.Sc./ M.Sc./ M.Pharm/ B.Pharm/ Life Sciences Skills: Causality Assessment, Clinical SAS Programming, Communication Skills, CPC Certified, GCP guidelines, ICD-10 CM Codes, CPT-Codes, HCPCS Codes, ICD-10 CM, CPT, HCPCS Coding, ICH guidelines, ICSR Case Processing, Interpersonal Skill, Labelling Assessment, MedDRA Coding, Medical Billing, Medical Coding, Medical Terminology, Narrative Writing, Research & Development, Technical Skill, Triage of ICSRs, WHO DD Coding

Job Title: Senior Analyst, Cybersecurity Risk Management
Company: Fortrea
Location: Remote
#LI-Remote
#FutureofTech
#LI-SK2

About Fortrea:

Fortrea is a leading global contract research organization (CRO) with a dedication to scientific rigor and decades of clinical development experience. We provide a broad range of clinical development, patient access, and technology solutions to pharmaceutical, biotechnology, and medical device companies across over 20 therapeutic areas. Operating in more than 90 countries, Fortrea is committed to transforming drug and device development, advancing medical treatments, and improving patient outcomes worldwide.

Position Overview:

Fortrea is looking for a Senior Analyst, Cybersecurity Risk Management to help build, maintain, and manage Fortrea's cybersecurity risk management program. This is an exciting opportunity for someone with experience in cybersecurity risk management to play a pivotal role in enhancing our cyber risk management framework and mitigating cybersecurity risks across the organization. The Senior Analyst will collaborate with cross-functional teams, third-party vendors, and offshore partners, and oversee audits of third-party vendors.

This is a remote position that offers the flexibility to work from anywhere.

Key Responsibilities:

Cybersecurity Risk Management:

Establish & Maintain Cybersecurity Risk Program: Build and maintain a cybersecurity risk management program aligned with industry standards (e.g., NIST Cybersecurity Framework, NIST 800-37, ISO/IEC 27001) and regulatory requirements (SOX, GDPR, HIPAA).
Cyber Risk Identification & Mitigation: Identify, assess, and prioritize cybersecurity risks and their potential impact on the organization’s assets and systems. Develop and implement risk mitigation strategies and controls to reduce cyber risks.
Metrics & Reporting: Develop and maintain cybersecurity metrics, risk registers, and action plans. Regularly report the organization’s cybersecurity risk posture to key stakeholders.
Cyber Risk Register Management: Oversee and manage the cyber risk register, ensuring alignment with enterprise risk management goals.
Stay Updated on Cybersecurity Trends: Continuously monitor emerging security threats, trends, and regulatory changes, and adjust risk strategies accordingly.

Third-Party Cybersecurity Risk Management:

Third-Party Risk Assessment: Evaluate and assess cybersecurity risks associated with third-party suppliers and service providers to ensure compliance with the organization's security standards.
Collaboration with Teams: Collaborate with cross-functional teams to develop and implement risk mitigation strategies and controls for third-party vendors.
Documentation & Action Plans: Develop and maintain documentation related to third-party cybersecurity risk assessments and the corresponding action plans.

Qualifications:

Required:

Bachelor’s degree in Computer Science, Cybersecurity, or a related field.
Experience:
- Significant experience in cybersecurity risk management and risk assessment.
- Strong knowledge of cybersecurity policies, standards, and controls.
- Familiarity with industry frameworks such as NIST Cybersecurity Framework, NIST RMF, and ISO/IEC 27001.
- In-depth understanding of regulatory standards (e.g., HIPAA, SOX, GDPR, PCI, SOC2).
- Experience with control testing and validation (e.g., NIST 800-53).
- Proven ability to develop cybersecurity metrics and reporting strategies.
- Hands-on experience with implementing risk management processes and risk registers within enterprise GRC platforms (e.g., ServiceNow, OneTrust).

Preferred:

Certifications: CISSP, CRISC, or similar certifications are preferred or a willingness to obtain them.
Experience in Regulated Environments: Experience working in a health authority-regulated environment (e.g., healthcare, pharmaceutical).
Offshore Collaboration: Experience leading or working with offshore teams is a plus.

What You Will Get:

Competitive salary based on skills and experience.
Comprehensive Benefits Package including:
- Health insurance (Medical, Dental, Vision)
- Life Insurance, STD/LTD
- 401(K) plan
- Paid Time Off (PTO) or Flexible Time Off (FTO)
- Employee Stock Purchase Plan (ESPP)
- Company bonus (where applicable)

Why Fortrea?

Fortrea offers a collaborative work environment that fosters innovation and personal growth. By joining our cybersecurity risk management team, you will help shape the future of clinical development, playing a critical role in safeguarding the organization’s digital assets while supporting our mission to revolutionize the development process and deliver life-changing therapies to patients around the world.

Fortrea is an Equal Opportunity Employer:
Fortrea is committed to diversity and inclusion in the workplace and is proud to be an Equal Opportunity Employer. We do not tolerate harassment or discrimination of any kind and make employment decisions based on business needs and individual qualifications. We encourage all to apply.

Application Deadline:
Rolling applications until the position is filled.

For more information about how we collect and store your personal data, please see our Privacy Statement.