Senior Compliance Analyst & Information Security Engineer

You are inspired to contribute to the overall client's vision by applying end-to-end product security and privacy operations to keep our products and services secure and privacy compliant throughout the entire lifecycle.

You believe in the potential of science, technology, data, and insights to improve the standard of care for humankind, and you are eager to help navigate through uncharted territory to lift this potential.

As a member of the Compliance Product Team, you will have the opportunity to work in a team with a strong focus on collaboration and teamwork, supporting the Digital Products domain with state-of-the-art and innovative security and privacy concepts.

Requirements

• 5+ years in InfoSec, Risk, Privacy, or Audit
• Strong communication skills in English; global collaboration experience preferred
• Hands-on experience with GRC Tooling & Automation, such as ServiceNow GRC / IRM, Power BI
• Strong understanding of RBAC, audit trails, and access controls
• Frameworks & Compliance: ISO 27001, SOC 2, HIPAA, GDPR, FedRAMP, C5, etc.
• Familiar with ISO 31000, NIST RMF, FAIR, COSO
• Experience with policy management, audit handling, and third-party risk management
• Cloud & Security: Cloud security experience (preferably AWS), system hardening, vulnerability management
• Understanding of HITRUST, COBIT, and privacy laws

Nice to have

• Cross-functional stakeholder collaboration (Security, Legal, Privacy, Product)
• Project delivery experience using Agile / Waterfall methodologies
• Strong business analysis skills
• Experience with certifications (e.g., FedRAMP, C5) and compliance documentation
• Bonus: Clinical / healthcare software knowledge

Certifications Preferred

• CISA, CISM, CRISC, CISSP

Responsibilities

• Oversee or consult on technical architecture implementation activities, especially for new or shared solutions
• Coordinate compliance activities at a global/regional level
• Assist others (engineers, cross-functional teams) in interpreting laws and regulations (GDPR, HIPAA, HITRUST) correctly and ensuring compliance
• Support internal and external audit work: control checks, evidence collection, audit coordination (ISO 27001, 27017, 27018)
• Coordinate routine activities like Pen Testing, Disaster Recovery, recording results, tracking findings and remediation in tools like Jira
• Define and implement security and privacy risk management governance and insights
• Assist in drafting and updating compliance policies and procedures, including implications for business operations
• Prepare and deliver training on compliance landscape and policy updates
• Leverage knowledge of controls for cloud security, mobile application security, data privacy laws, AWS architecture and services
• Manage multiple projects to meet objectives and deadlines
• Conduct risk assessments to identify current and potential risks affecting business and product groups