Senior Information Security Analyst (R1023375) in Warsaw, PL at IQVIA™

Date Posted: 11/9/2018

Job Snapshot

Job Description

This is a key Compliance role within the global Information Security organization.  The individual fulfilling this role will partner closely with IT professionals both within the core CIO organization and those in the Global Business Units developing and supporting technology solutions used throughout our industry. The Compliance Analyst will ensure that IQVIA technology solutions and the underlying environments they run on adhere to the corporate Information Security control framework as well as globally recognized security standards and country regulations.

To support these objectives, responsibilities of the Compliance Analyst may include maintaining and expanding the online compliance resource library, aligning security control to authoritative sources such as ISO 27001 and HITRUST, tracking remediation of open audit findings and quality issues, verifying staff training and qualification, and monitoring the accuracy of the application portfolio. This work will include designing and running various reports, coordinating the activity of accountable stakeholders, and tracking follow-up.  In general, the Compliance Analyst will serve as an expert in the security controls and processes that support and enforce regulations, guidelines, policies and procedures, and supporting management in promoting and assessing compliance.

RESPONSIBILITIES

  • Managing a portfolio of tasks as part of the delivery of the ongoing global Information Security Compliance program
  • Managing and providing support to customer audits on IQVIA IT systems and technology product offerings as well as hosting third-party audits required to maintain certifications
  • Developing, implementing, and monitoring compliance with internal security policies and procedures defined in the IQVIA Integrated Information Framework
  • Managing or supporting as necessary deployment, management, and maintenance of information security safeguards and their associated software related to compliance requirements
  • Assisting with planning, implementation and maintenance of system security administration and user access including appropriate segregation of duties based on compliance requirements
  • Providing support and coordination for annual testing of internal controls over financial reporting for Sarbanes-Oxley as applicable to IQVIA infrastructure and systems, including coordination of control owners’ remediation plans
  • Providing support and coordination for regular Service Organization Controls (SOC) audits conducted in accordance to ISAE3402 and SSAE16 professional standards
  • Providing support and coordination to audit and other assessment activities pertaining to regulatory frameworks related to security of healthcare information such as HIPAA, EU GDPR, Japan PrivacyMark and/or other applicable regional frameworks
  • Providing support and coordination to audit and other assessment activities pertaining to obtaining or ongoing maintenance or information security certification regimes such as ISO27001 or equivalent
  • Monitoring progress of remedial actions to ensure both regulatory issues and compliance-related information security issues are resolved and are closed in a timely manner with the root cause identified, delivering a sustainable solution
  • Assisting with executing an appropriate monitoring program including but not limited to: sample collateral checks of control design, sample review of control operation, review of relevant compliance metrics, and issue analysis
  • Managing and supporting investigation and resolution activities related to information security compliance incidents
  • Engaging with and managing activities of third-party specialist service providers where necessary to support information security compliance related activities, including carrying out of special reviews, assessments and investigations
  • Reporting regularly to management on the status of assigned activities including issues, risks and remediation actions
  • Cooperating with other organizational teams in compliance activities, including internal and external audits

 All responsibilities are essential job functions unless noted as nonessential (N).

REQUIRED KNOWLEDGE, SKILLS AND ABILITIES

  • Candidates should possess an Associates or Bachelor's degree, and preferably have experience within a regulated industry environment
  • Knowledge of IT processes (SDLC, ITIL) supporting pharmaceutical research and development processes in a regulated environments
  • Excellent written and verbal communication skills
  • Effective organization and time management skills
  • Ability to write with purpose, clarity and accuracy
  • Ability to work both within a team environment and independently to initiate and prioritize tasks
  • Ability to establish and maintain effective working relationships with coworkers and management in a global environment
  • Skilled with word-processing, spreadsheet, and presentation applications
  • SharePoint experience

MINIMUM REQUIRED EDUCATION AND EXPERIENCE

  • Candidate should have a minimum of 5 years IT compliance experience, strong communication and interpersonal skills; or equivalent combination of education, training and experience
  • CISA, CISM, CRISC, or CISSP certification a plus

PHYSICAL REQUIREMENTS

  • Extensive use of telephone and face-to-face communication requiring accurate perception of speech
  • Extensive use of keyboard and mouse requiring repetitive motion of fingers and wrists
  • Regular sitting for extended periods of time
  • There is the potential for some travel (up to 15%)


Job ID: R1023375