This site uses cookies. To find out more, see our Cookies Policy

IS Senior Lead Security Analyst, Infrastructure & Security in Portage, MI at Stryker Corporation

Date Posted: 11/16/2018

Job Snapshot

Job Description

Stryker's Senior Lead Security Analyst manages our Global Security Services' audit and risk management program. This position is specifically responsible for working with external and internal auditors, serving as liaison between Information Services (IS) and non-IS auditees, and gathering and presenting evidence as required. This is a terrific opportunity to help build and run Stryker's Global Security Enterprise Risk Management program.

Essential Duties & Responsibilities:

  • This role provides the organization with strategic direction in the establishment of IT risk-based auditing and reporting methodologies, and organization design.
  • Leads, develops and maintains the IS Security risk management program.
  • Collect information and review documentation to ensure that risk scenarios are identified and evaluated.
  • Identify legal, regulatory and contractual requirements and organizational policies and standards related to information systems to determine their potential impact on the business objectives.
  • Identify potential threats and vulnerabilities for business processes, associated data and supporting capabilities to assist in the evaluation of enterprise risk.
  • Create and maintain a risk register to ensure that all identified risk factors and compensating controls are accounted for.
  • Assemble risk scenarios to estimate the likelihood and impact of significant events to the organization.
  • Analyze risk scenarios to determine their impact on business objectives.
  • Develop a risk awareness program and conduct training to ensure that stakeholders understand risk and contribute to the risk management process and to promote a risk-aware culture.
  • Correlate identified risk scenarios to relevant business processes to assist in identifying risk ownership.
  • Validate risk appetite and tolerance with senior leadership and key stakeholders to ensure alignment.
  • Manage and execute programs and strategies associated with projects, audits, and assessments as required via vendor contracts, regulatory obligations, and operational objectives.
  • Works collaboratively with corporate compliance, internal auditing and IS compliance & risk management as well as various technical teams in the design and implementation of audit, risk assessment and regulatory compliance practices for Stryker security.
  • Recommend policies, standards, procedures, and controls to assure the confidentiality, integrity, and availability of the information technology environment.
  • Ensure that identified risks are managed in accordance with the Risk Management program.
  • Represent Global Security Services as it relates to internal and external assessments and/or audits of information service systems and processes, interpret results, and develop and communication recommendations to management.
  • Participate in appropriate opportunities for continuing education, seminars, participation in field-related professional organizations, and so on to remain current on developments in information security profession.
  • Develop and recommend appropriate information security policies, standards, procedures, checklists, and guidelines using generally-recognized security concepts tailored to meet the requirements of the organization.
  • Develop risk/vulnerability assessment programs and questionnaires to aid in the identification and mitigation of security risks.
  • Coordinate the development and ongoing maintenance of IS Security policies and procedures.
  • Ensure that all IS Security policies and procedures are compliant with regulatory requirements.
  • Identify and evaluate risk response options and provide management with information to enable risk response decisions.
  • Review risk responses with the relevant stakeholders for validation of efficiency, effectiveness and economy.
  • Apply risk criteria to assist in the development of the risk profile for management approval.
  • Assist in the development of risk response action plans to address risk factors identified in the organizational risk profile.

Education & Special Trainings:

  • BS in Computer Information Security, Information Systems or equivalent required.
  • Security certifications such as PCI, HIPAA, CISSP, CISM, CRISC, or GIAC preferred.
  • MS in Information Security is a plus.

Required Qualifications & Experience:

  • 5+ years experience in IT or similar field.
  • 2+ years experience in information security, cyber security, or similar functional areas.
  • Experience establishing strategic plans and leading teams in the implementation of the strategy.
  • Experience working with third-party providers.
  • Experience driving change within an organization.
  • Knowledge and demonstrated ability to develop and interpret standards, policies, procedures, and strategies governing the planning and delivery of security solutions.
  • Demonstrated ability to solve complex problems and identify Information Security solutions to challenging business problems.

Work From Home: No

Travel Percentage: Up to 25%

Stryker Corporation is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex, gender identity, sexual orientation, national origin, disability, or protected veteran status. Stryker is an EO employer – M/F/Veteran/Disability.

Stryker Corporation will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information.

Join our talent network

Joining our talent network will enhance your job search and application process. Whether you choose to apply or just leave your information, we look forward to staying connected to you.

Join Our Team