Cybersecurity Analyst

at  Fresenius Medical Care

EDUCATION:

• Bachelor’s degree in management information systems, Computer Science, or business/science related field.

EXPERIENCE AND REQUIRED SKILLS:

• Interest in pursuing a career in Information Security, Cybersecurity and/or Privacy
• Track record of outstanding academic performance and co-curricular activities.
• Has the capacity to apply skills and knowledge to address operational challenges and add value to the business.
• Has strong analytical and problem-solving skills.
• Possess strong interpersonal, leadership & communication skills.
• Eager to learn and has the flexibility and willingness to work on different projects.
• Previous work experience in internship or co-op work experience.

PURPOSE AND SCOPE:

The Cybersecurity Professional Development Associate is a position in a 2-year rotational program designed to offer hands-on experience for recent college graduates exploring career opportunities in Cybersecurity and Privacy roles. This position will rotate through roles in Application Security and Privacy Assurance, with a third rotation chosen based on candidate interest and skillset. Upon completion of the program, the candidate will transition into their next full-time position, based on interest and need within the team, growing their career and contributing as a Fresenius Medical Care (FME) professional. This position sits in the Information Security Office (ISO) department, within Digital Technology & Innovation (DTI), FME’s global IT organization.

PRINCIPAL DUTIES AND RESPONSIBILITIES:

• Be a regular full-time employee of Fresenius Medical Care and qualify for the same competitive salary and benefits as other FME employees.
• Assume full responsibility and contribute as a Digital Technology & Innovation (DTI) team.
• Rotate through three challenging, demanding, and diverse assignments.
• Develop a well-rounded skill set through assignments in the established tracks (see below) for the program.
• Work within multiple ISO and DTI teams during your rotational program at FME.
• Have the opportunity to explore possible crossover assignments within other ISO Teams (i.e. Risk & Compliance, Training & Awareness and Identity Security).
• Be paired with a mentor to assist in the development of your ISO career.
• Obtain training customized to support your individual growth and development.
• Report to a rotation manager in each assignment who will oversee your day-to-day responsibilities.
  Privacy Assurance Rotation responsibilities may include:
  Privacy Policies: Assist in the development, implementing and maintenance of privacy policies and procedures to ensure compliance with relevant laws and regulations (GDPR, CCPA, HIPAA) Risk Assessment: Conduct privacy impact assessments (PIAs) and data protection impact assessments (DPIAs) to identify and mitigate privacy risks. Training & awareness: Assist in the develop and deliver privacy training programs to educate employees about data protection bast practices and company policies Incident response: Assist in the investigation and management of privacy incidents and investigations, including documentation and reporting. Data Subject Requests: Assist in managing and responding to data subject access requests (DSARs) in accordance with legal requirements. Collaboration: Work closely with cross-functional teams, including DTI, Legal and Compliance, to ensure privacy considerations are integrated into all business processes. Monitoring and Reporting: Assist in monitoring the privacy program and provide regular updates.
  Application Security Rotation responsibilities may include:
  Review results of previous vulnerability scan, assessments, and bug bounty submissions to generate innovative approaches for accelerating remediation across business units and IT teams Create comprehensive exploitation strategies that identify exploitable technical or operational vulnerabilities within the environment. Coordinate technical reviews of networks, systems, and programs through cybersecurity inspections, assessments, and processes, ensuring proper conduct as well as accurate presentation of findings. Coordinate across various stakeholder groups, providing status reporting, and act as primary POC for all project related activities, risks, issues, dependencies, deliverables, etc. for the application security domain. Actively participate in creating and providing updates to the standard operating procedures, playbooks, and other similar documentation for continuous improvement of application security operations and efficiencies Create and maintain metric reporting (KPI’s/KRI) for senior management reporting Actively review closed cases, open cases, and threat intelligence to make recommendations for preventative controls to reduce threats to our application environment.