Sr IT Security, Risk & Compliance Analyst

What if the work you did every day could impact the lives of people you know? Or all of humanity?

At Illumina, we are expanding access to genomic technology to realize health equity for billions of people around the world. Our efforts enable life-changing discoveries that are transforming human health through the early detection and diagnosis of diseases and new treatment options for patients.

Working at Illumina means being part of something bigger than yourself. Every person, in every role, has the opportunity to make a difference. Surrounded by extraordinary people, inspiring leaders, and world changing projects, you will do more and become more than you ever thought possible.

Position Summary:

The Sr. IT Security Risk & Compliance Analyst will work within the security certifications team to support and mature a strong security certifications program. With an immediate goal to provide operation support in maintaining ISO:27001 and SOC 2 certifications for Illumina’s cloud-based analytics products. The role will bring the necessary subject matter expertise in the ISO and SOC 2 security certifications space and work with the program manager based in the AMR region to meet future business needs. The position requires ability to operate with remote supervision, with high customer satisfaction, efficiency, and accountability towards the success of the program. This position interacts with all tiers of staff and management and must possess good project management and organizational skills.

 

Responsibilities:

·       Responsible for ensuring various process owners maintain the required ISO:27001 and SOC 2 security controls.

·       Documenting evidence that supports compliance with security requirements

·       Coordinates data gathering, logging and upkeep of periodic activities as defined within the security management process.

·       Develops and maintains periodic review of ISMS program based polices.

·       Advises project teams and internal GIS customers on ISO and SOC 2 certification scope, and compliance approach.

·       Assist and lead process improvement projects to enhance control strength.

·       Operate independently to manage end to end compliance activities within projects.

·       Develops and maintains metrics to demonstrate security control’s health throughout the year.

·       Assist in maintaining ISO and SOC 2 security risks, open action items and drive them for closure.

·       Support internal security audits conducted as part of ISO and SOC 2 programs.

·       Schedule, maintain and facilitate SME walkthroughs during external and internal audits.

·       Work within the GRC audit tool to maintain audit schedules, control strength ratings and SME ownership assignments.

·       Facilitate and maintain ISO and SOC 2 program’s non-conformance actions including root-cause analysis and investigation status.

 

Listed responsibilities are an essential, but not exhaustive list, of the usual duties associated with the position. Changes to individual responsibilities may occur due to business needs.

 

Requirements:

·       Experience with ISO:27001 and SOC 2 requirements and security regulations within other frameworks – e.g., 21 CFR Part 820/11, ISO 13485, FDA, SOX, HIPAA and GAMP.

·       Strong organizational skills to maintain and manage activities around ISO and SOC 2 certification projects.

·       Experience working within a distributed team in multiple geographical locations.

·       Strong oral and written skills to persuade, direct and advise stakeholders on security compliance processes.

·       Understanding of cloud infrastructure and general IT controls

·       Ability to articulate security & compliance requirements & strategy and provide tailored approach to meet the business needs.

·       Experience and leadership in fast-paced project implementations.

·       Excellent customer service and communication skills.

·       Experience with software development lifecycle activities, methodologies, testing and validation.

·       Experience with common IT infrastructure and applications, e.g., virtualization, directory services, storage, DBMS.

All listed requirements are deemed as essential functions to this position; however, business conditions may require reasonable accommodations for additional task and responsibilities

 

Experience/Education:

·       Typically requires a Bachelor’s degree and a minimum of 5 years of related experience.

Illumina believes that everyone has the ability to make an impact, and we are proud to be an equal opportunity employer committed to providing employment opportunity regardless of sex, race, creed, color, gender, religion, marital status, domestic partner status, age, national origin or ancestry, physical or mental disability, medical condition, sexual orientation, pregnancy, military or veteran status, citizenship status, and genetic information.