Careers is looking for a Senior Analyst, InfoSec Governance Risk & Compliance (GRC) to support the global oversight of our Security GRC program. Reporting to the Senior Manager of Security Assurance and Compliance, you will play a key role in risk management, stakeholder engagement, and driving security compliance through a quantitative framework.
What You'll Do
- Support information security risk management programs and act as an advocate for risk management.
- Engage with stakeholders to support the identification of security risks and risk exceptions to treatment.
- Ensure identified security risks impacting the company are effectively evaluated and communicated.
- Collaborate with stakeholders on remediation and risk mitigation activities, tracking progress of action plans.
- Manage dashboards that deliver practical, meaningful security risk metrics to internal and external stakeholders.
- Participate in technical design and process reviews, supporting stakeholders in risk identification.
- Assist in building a security-focused culture through partnership with business, information services, and risk teams.
- Drive Security Compliance through a quantitative risk framework and drive visibility for compliance.
- Conduct and automate gap assessments for IaaS, PaaS and SaaS environments.
- Support a security advocacy program.
What We're Looking For
- A minimum of 3-5 years' experience supporting security (technical and non-technical) risks.
- Excellent written and verbal communication skills; ability to convey security concepts to non-technical audiences.
- Ability to articulate and demonstrate a risk-relevant approach for Information Security Risk Management.
- Basic understanding of IT Systems, Network Security Concepts, Cloud Security concepts, Virtualization, Threat and Vulnerability Management.
- Ongoing familiarity with emerging and prevalent technologies and IT systems.
- Strong analytical, risk-based problem solving and critical thinking skills.
- Ability to work independently on assigned tasks with minimal direction and/or supervision.
- Familiarity with Security Risk Frameworks such as FAIR, OCTAVE or CRAMM.
- Solid understanding and experience with securing IaaS, PaaS and SaaS.
- Understanding of secure code development frameworks and practices.
- Demonstrated ability to collaborate with technical and non-technical teams.
- Strong attention to details, highly organized.
- Strong work ethic with a flexible and adaptable approach.
- Must be self-motivated and comfortable in a fast-paced, demanding and dynamic work environment.
Nice to Have
- Security certifications are a strong plus (CISA, CISSP, CRISC, CISM or equivalent).
- Experience in working in a global cross-functional project team, along with strong technical expertise.
- Experience in automation.
- Experience in security frameworks such as ISO 27001, 27002, 27005; NIST.
- Bachelor's degree.
Team & Environment
You will be part of the Security GRC team, reporting to the Senior Manager of Security Assurance and Compliance.
Benefits & Compensation
- Medical, dental and vision insurance.
- 401k retirement savings plan.
- Flexible paid vacation.
- Discretionary annual cash bonus or incentive compensation.
- Discretionary equity grants.
- Compensation range: $100,000.00 - $150,000.00 plus discretionary equity grants in accordance with Jazz’s Long Term Equity Incentive Plan.
Work Mode
This is a remote position open to candidates in the US.
Jazz Pharmaceuticals is an equal opportunity/affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any characteristic protected by law.
