Senior Compliance Analyst & Information Security Engineer

You are inspired to contribute to the overall client's vision by applying end-to-end product security and privacy operations to keep our products and services secure and privacy compliant throughout the entire lifecycle.

You believe in the potential of science, technology, data, and insights to improve the standard of care for humankind, and you are eager to help navigate through uncharted territory to lift this potential.

As a member of the Compliance Product Team, you will have the opportunity to work in a team focused on collaboration and teamwork to support the Digital Products domain with state-of-the-art and innovative security and privacy concepts.

• 5+ years in InfoSec, Risk, Privacy, or Audit.
• Strong communication skills in English; global collaboration experience preferred.
• GRC Tooling & Automation
• Experience with low/no-code automation, data modeling, and reporting (e.g., Power BI).
• Strong understanding of RBAC, audit trails, and access controls.
• Frameworks & Compliance
• Knowledge of ISO 27001, SOC 2, HIPAA, GDPR, FedRAMP, C5, etc.
• Familiarity with ISO 31000, NIST RMF, FAIR, COSO.
• Experience with policy management, audit handling, and third-party risk management.
• Cloud security experience (preferably AWS).
• System hardening and vulnerability management skills.
• Understanding of HITRUST, COBIT, and privacy laws.

• Cross-functional stakeholder collaboration experience (Security, Legal, Privacy, Product).
• Project delivery experience using Agile / Waterfall methodologies; strong business analysis skills.
• Experience with certifications (e.g., FedRAMP, C5) and compliance documentation.
• Bonus: Clinical / healthcare software knowledge.
• Certifications preferred: CISA, CISM, CRISC, CISSP.

• You will oversee or consult on technical architecture implementation activities, particularly for new and/or shared solutions, and coordinate compliance activities at a global/regional level.
• You will help others (like engineers and cross-functional team members) interpret laws and regulations (like GDPR, HIPAA, HITRUST) correctly and ensure consistent adherence.
• In addition, you will:
• Assist with audit-related work internally and externally—checking controls compliance, collecting evidence, and coordinating audit work (like ISO 27001, 27017, and 27018).
• Coordinate routine activities like Pen Testing, Disaster Recovery, and related tasks, recording results in tools like Jira, tracking findings, and remediation work.
• Define and implement security and privacy risk management governance and insights.
• Assist in drafting new or updated compliance policies and procedures, including implications for business operations.
• Help prepare and deliver communication and training materials to educate others on compliance landscape and policies.
• Leverage your knowledge of controls for cloud security, mobile application security, data privacy laws, AWS architecture, and services.
• Apply your project management skills to manage multiple projects simultaneously to meet objectives and deadlines.
• Conduct risk assessments by analyzing current risks and identifying potential risks affecting business and product groups.