Senior IT Security, Gov, Risk & Compliance Analyst

By living according to a common set of values, we create a culture that unifies, embraces the uniqueness we all bring to the company, and positions Integer for long-term success.

At Integer, our values are embedded in everything we do.

Customer

We focus on our customers’ success

Innovation

We create better solutions

Collaboration

We create success together

Inclusion

We always interact with others respectfully

Candor

We are open and honest with one another

Integrity

We do the right things and do things right

Job Summary:

IT Governance, Risk & Compliance Analyst, will play a key technical role in the maintenance, configuration and support of the organization’s Governance, Risk and Compliance (GRC) program. This analyst will regularly support the socialization, establishment, and maintenance of GRC tables/workflows and aid in the coordination of audit and regulatory compliance projects. Additionally, the analyst will assist in maintaining risk management processes (i.e., open risks, risk register, corrective action plans) that govern the information security program. The role will also play an integral part in the maintenance of the organization’s third-party program to meet security goals while remaining aligned with client and regulatory requirements.  Demonstrates strong personal skills and business acumen.

Accountabilities & Responsibilities:

• Adheres to Integer’s Values and all safety, environmental, security and quality requirements including, but not limited to: Quality Management Systems (QMS), Safety, Environmental and Security Management Systems, U.S. Food and Drug Administration (FDA) regulations, company policies and operating procedures, and other regulatory requirements.
• Manage projects, workflows, processes, and/or reporting including requirements gathering, control testing, and control deployment reporting.
• Execute strategy for dealing with increasing number of audits, compliance checks and external assessment processes for internal/external auditors, PCI DSS, ITAR, HIPAA and CMMC/NIST 800-171.
• Perform security and compliance assessments on new and existing systems, processes, technology.
• Develop and/or maintain documentation related to GRC, including user guides and system baselines.
• Must be able to assess computer hardware, software, and systems for security risks.
• Participate in the development and maintenance of relationships with various business functions including internal audit and third-party auditors.
• Participate in disaster recovery and business continuity planning.
• Assist in internal and external audits and reviews of assigned business processes to evaluate adequacy of controls within IT and track recommendations for corrections of weaknesses, and improvements in IT operations.
• Perform business impact analysis.
• Perform periodic gap assessments to validate compliance on an ongoing basis.
• Assist in risk analysis and management program by managing open risks, accepted risks (i.e., risk register) and corrective action plans (i.e., plan of actions and milestones: POAM).
• Collaborate, coordinate and communicate across disciplines and departments.
• Performs other duties as required.

Education & Experience:

• Minimum Education: Bachelor’s Degree in Computer Science, or equivalent (6+ years) work experience.
• Minimum Experience: 4+ years of experience with IT Security Governance, Risk, and Compliance; Experience in a publicly held IT organization preferred

Knowledge & Skills:

• Special Skills:
  • Understanding on how to quantify risk and put these risks in business terminology.
  • Understanding of security configuration of different infrastructure technologies.
  • Knowledge of security frameworks such as NIST Cybersecurity Framework, HIPAA, HITRUST or ISO is a plus.
  • Knowledge of securing network technologies, client, and server operating systems.
  • Experience with legal and regulatory compliance standards such as DFARS, ITAR/EAR, PCI-DSS, SOX, GDPR, etc.
  • Strong MS Excel skills for data analysis and manipulation.
  • Familiarity with dashboard creation (i.e., MS Excel or similar tools).
  • Communication (written, verbal and listening), project management, problem solving, troubleshooting, organizational, goal setting, and time management skills.
  • Ability to present to a small to midsize audiences.
  • Ability to maintain confidentiality of information.
  • Ability to work independently as well within a team.
  • Ability to organize, prioritize, and coordinate multiple work activities and meet target deadlines.
  • Ability to be flexible when there are schedule or priority changes and last-minute requests.
  • Proficient with MS Office Tools.
  • Experience with vendor relations.
  • Project Management.

• Specialized Knowledge:
  • CISSP or similar security certification Preferred- In addition, CISSP-ISSEP, CISA, CRISC, and ITIL ITSM Foundation is desirable.
  • Working knowledge security framework models such as NIST CSF, ISO 27000 series, COBIT, etc.
• Other:
  • Displays the highest standard of integrity (demonstrated by an unblemished career history, complete lack of criminal convictions etc.), and willing to undergo vetting and/or personality assessments to verify, if necessary.
  • Travel 0-15% of time depending on business needs.

U.S. Applicants: Equal Opportunity Employer. In addition, veterans and individuals with disabilities are encouraged to apply.