IT Security Analyst

Job Description: Pay range $45–60 hourly W2. Professional with experience in IT audit, risk, and IT compliance management as well as data privacy. Individuals will deal with diverse and oftentimes complex issues, where analysis requires in–depth evaluation of multiple factors. Exercises judgment in evaluating risks and may determine criteria for obtaining solutions together with security experts. Networks with senior internal and external personnel in the area of expertise to provide contextual advice. Will work on the Information Security Program to ensure compliance for IT Security/Privacy and Computer System Validation. The individual will be part of corporate initiatives to ensure compliance with local and global regulations. Additional responsibilities include execution of third party risk assessments and vendor audits to evaluate cyber resiliency of service providers. Collaborate with multiple stakeholders from functions across gRED performing System Risk Assessments (SRA) on critical assets. Advise project teams, technical leads and engineers how to implement and accept SRA compulsory and mitigating controls using a risk based approach Initiate, manage and drive 3rd party Vendor Risk Assessments (VSA) to identify, assess and monitor security and associated compliance risks as needed for gRED vendors and/or Outsourced Delivery Centers Collaborates in the development of procedures and comprehensive tracking of the risk assessment process (SRA's, VSA's etc.) Work with cross–functional teams to ensure applicable regulations, guidelines and internal procedures related to validation of computer systems and associated infrastructure are followed and applied during all stages of the Software Development Life Cycle (SDLC), project phase activities and audit and documentation management Analyze the validation impact of changes through risk assessments and help in formulating the validation strategy for changes to existing or new computer systems and infrastructure Identify and coordinate tasks required to complete qualification and validation activities, including reviews with Quality, obtaining signature approvals, executing qualification protocol or validation project plan, and managing change control (change requests) Keep management apprised of any developments through clear and timely communications Provide inputs on project plans, review upstream deliverables, and fully execute the testing phase thru production support Developing strong working relationships and partnering effectively with IT delivery teams, global Business Quality, Corporate Audit, and the IT security/privacy organizations Demonstrated ability to quickly learn the business in new/unfamiliar areas and rapidly understand business requirements Maintaining industry knowledge and skills in the areas of compliance, audit, and risk management and applying them to improve internal processes and practices Skills 3 – 5+ years of experience in a GxP Validated environment. Risk Assessment experience preferred Formal training and proficiency in software development methodologies and computer systems validation in regulated industries (biotech/pharma) Strong oral and written communication skills Proficient in validation process methodologies, risk management, etc Agile and waterfall SDLC methodology experience preferred Ability to assemble, analyze and evaluate data and to be able to make appropriate and well–reasoned recommendations and decisions to the Business stakeholders and team members Must be able to manage multiple tasks, set priorities, work independently Must be able to adjust priorities for unexpected assignments as needed Customer focus and being a team player are a must Strong desire to learn and adapt to new technologies and working relationships Effective experience in supporting infrastructure qualification/validation and working with global teams is a plus Excellent customer facing communication skills Strong process documentation skills with a familiarity in current cloud/web–based technologies and infrastructure (e.g. Google collaboration suite, Document management platforms, etc.)