Information Security and Data Privacy Analyst - Contractor

The Kestra team has over 400 years of experience in the external and internal cardiac medical device markets. The company was founded in 2014 by industry leaders inspired by the opportunity to unite modern wearable technologies with proven device therapies. Kestra’s solutions combine high quality and technical performance with a wearable design that provides the greatest regard for patient comfort and dignity. Innovating versatile new ways to deliver care, Kestra is helping patients and their care teams harmoniously monitor, manage, and protect life. 

 The Information Security and Data Privacy Analyst provides analysis and tactical execution related to information security, data privacy, and related risk management programs. This position is hands-on and must collaborate with stakeholders from a variety of business functions including IT, Legal, Quality, Regulatory, R&D, Operations, and others. This position takes direction from IT leadership and will assist in the management of 3rd party service providers related to these programs. 

ESSENTIAL DUTIES

• Assist in the risk management activities for Information Security, Data Privacy, and IT General Controls programs 
• Execute plans for these programs to support overall business strategy in collaboration with the Kestra Leadership Team 
• Review and revise policy and procedures to increase efficiency, reduce duplicate efforts, and systematically mature Information Security, Data Privacy, and IT General Controls 
• Execute strategies to comply with relevant domestic and international privacy regulations 
• Assist in the internal and external audits of security, privacy, and IT controls, such as SOX, HIPAA/HITRUST, etc. 
• Utilize standardized management systems and frameworks related to these programs 
• Manage program initiatives using project management methodologies, develop project plans, gain resource commitments, and report on status to stakeholders and leadership 
• Evangelize for security and privacy awareness throughout the company 
• Analyze threat and risk vulnerabilities; develop and execute mitigation strategies 
• Execute strategies to monitor and retain records that demonstrate compliance to internal and external auditors 
• Assist in vendor management of third party consultants and managed service providers for program initiatives 
• Analyze processes, procedures, and metrics to develop a high-functioning, lean organization 
• Develop working relationships with other functional departments to coordinate activities, define standards, leverage resources, and maintain consistent environments 

COMPETENCIES 

• Ability to be a self-starter, seek new and better methods, and work with minimum supervision 
• Demonstrates deep expertise in industry best practices 
• Ability to collaborate within a Team environment and across functions 
• Capability to discern relevant facts and in turn, effectively resolve issues by making good decisions (compliance, quality, integrity, ethics, and critical thinking ability) 
• Ability to be flexible in a fast-paced goal-oriented environment 
• Demonstrates the understanding of deadlines and time limits, ability to accomplish goals, and the desire to win 

Requirements

EDUCATION/EXPERIENCE REQUIRED

• BS or BA in Computer Science, Information Technology, Business Administration, or related field  
• Minimum of 7-10 years’ experience in Information Security or Data Privacy 
• Formal certification in Information Security Management, Data Privacy, Information Systems Audit, or related field  
• Exposure to and understanding of Sarbanes-Oxley Section 404 and related assessments of internal controls 
• Exposure to and understanding of state, federal and international data privacy regulations such as CCPA, HIPAA, and GDPR 
• Exposure to and understanding of ISO 27001 and NIST Cybersecurity Framework 

Preferred:

• Ability to think creatively and holistically 
• Strong teambuilding and influence skills 
• Proven experience successfully executing a strategic plan 
• Broad knowledge in IT systems and infrastructure  
• Broad knowledge of process improvement methodologies such as Six Sigma, Lean or TQM 
• Experience in setting compliance directions and strategies  
• Excellent written and verbal communication skills  
• Strong project management skills  
• Strong analytical skills  
• Prior experience in medical technology or other life science industries 

WORK ENVIRONMENT

• Indoor open office environment
• Minimal noise volume typical to an office environment
• Extended hours when needed
• Drug-free, as per FDA regulations

PHYSICAL DEMANDS

• Frequent repetitive motions that may include wrists, hands and/or fingers, such as keyboard and mouse usage
• Frequent stationary position, often standing or sitting for prolonged periods of time
• Frequent computer use
• Frequent phone and other business machine use
• Occasional lifting required, up to 20 pounds

TRAVEL

• Occasional travel, less than 10%

OTHER DUTIES

This job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the Team Member. Duties, responsibilities, and activities may change or new ones may be assigned at any time with or without notice.

Benefits

• Contract/1099
• Remote
• We provide training and technology
• Billing rate ($50-$90/hour)