Information Security Analyst

at  EMMES

COLUMBIA OR PANAMA REMOTE

Emmes Group: Building a better future for us all.
Emmes Group is transforming the future of clinical research, bringing the promise of new medical discovery closer within reach for patients. Emmes Group was founded as Emmes more than 47 years ago, becoming one of the primary clinical research providers to the US government before expanding into public-private partnerships and commercial biopharma. Emmes has built industry leading capabilities in cell and gene therapy, vaccines and infectious diseases, ophthalmology, rare diseases, and neuroscience.
We believe the work we do will have a direct impact on patients’ lives and act accordingly. We strive to build a collaborative culture at the intersection of being a performance and people driven company. We’re looking for talented professionals eager to help advance clinical research as we work to embed innovation into the fabric of our company. If you share our motivations and passion in research, come join us!

Qualifications:

• Bachelor’s degree preferably in Engineering, Computer Science, Information technology systems security or related field. Master’s degree preferred.
• Incumbent typically will possess a minimum 5 years of related work experience.
• 4+ years’ experience in writing information security policies, procedures, standards, and guidelines.
• Able to write complex, technical documentation focusing on information security.
• Experience with FedRAMP and/or ISO audit and certification initiatives.
• Experience working with federal government agencies and in-depth knowledge of FISMA/FedRAMP certification and accreditation requirements as well as NIST, FIPS and OMB standards.
• Experience with securing cloud platforms and with implementing security principles in DevOps.
• Demonstrated knowledge of Information Technology Infrastructure Library (ITIL) with respect to security administration and information technology governance in a multi-platform environment.
• Experience in cybersecurity and risk metrics for reporting.
• Demonstrated ability to work under pressure and strong emotional intelligence with demonstrated sustained leadership in international organizations that involve multiple stakeholders.
• Possesses one or more current industry credentials such as CISSP, CISM, CISA, CRISC or other security certifications.
• Strong and clear communication and writing skills

Supports and reinforces the company’s technical capabilities for compliance with governance frameworks and policies. Supports the monitoring of all day-to-day operational aspects of technical security measures throughout the organization and maturing Emmes cybersecurity framework and capabilities.

Responsibilities:

• Works closely with the IT and other managers to ensure the security administration and protection of information assets including data, systems, databases, networks, and other resources.
• Possesses solid understanding of technical information security principles as these apply to networking, software development, operating systems, cloud computing, etc. Identifies cybersecurity architecture, goals, objectives and metrics. Ability to explain security concepts to various audiences.
• Supports the improvement of security processes – awareness, incident response, breach response, vulnerability management, patch management, etc. Proposes program enhancements.
• Continuously monitors and evaluates new cybersecurity risks, threats and information security trends; develops effective security risk mitigation strategies. Provides risk evaluation and guidance for IT and non-IT projects, including evaluation and recommendation of appropriate technical controls.
• Assists with internal and external compliance audits. Provides subject matter expertise to ensure the security program complies with relevant laws, regulations and policies. Closely collaborates with IT, QA and other teams as needed to coordinate the information security aspects of FISMA/FedRAMP, ISO27001, and other compliance.
• Ensures that security policies, standards and guidelines are followed and applied consistently.
• Develops security policies, procedures, standards, and guidelines for the organization.
• Tracks and reports on information security metrics.
• Oversees the implementation of the disaster recovery policies and standards to align with the company business continuity management program goals. Coordinates the implementation of plans and procedures to ensure business critical services are recovered in the event of disasters or other incidents. Provides direction, support and subject matter expertise in these areas.
• Assists in response to potential security breaches, coordinates response, and recommends corrective actions. Escalates as appropriate.
• Ensures accomplishment of all objectives in accordance with policies, procedures, and strategic direction, as well as regulatory standards. Maintains current knowledge of industry and regulatory healthcare trends in addition to developments for the enterprise technology.
• Educates leadership on appropriate security risk and mitigation strategies. Prepares reports for senior management.

Qualifications:

• Bachelor’s degree preferably in Engineering, Computer Science, Information technology systems security or related field. Master’s degree preferred.
• Incumbent typically will possess a minimum 5 years of related work experience.
• 4+ years’ experience in writing information security policies, procedures, standards, and guidelines.
• Able to write complex, technical documentation focusing on information security.
• Experience with FedRAMP and/or ISO audit and certification initiatives.
• Experience working with federal government agencies and in-depth knowledge of FISMA/FedRAMP certification and accreditation requirements as well as NIST, FIPS and OMB standards.
• Experience with securing cloud platforms and with implementing security principles in DevOps.
• Demonstrated knowledge of Information Technology Infrastructure Library (ITIL) with respect to security administration and information technology governance in a multi-platform environment.
• Experience in cybersecurity and risk metrics for reporting.
• Demonstrated ability to work under pressure and strong emotional intelligence with demonstrated sustained leadership in international organizations that involve multiple stakeholders.
• Possesses one or more current industry credentials such as CISSP, CISM, CISA, CRISC or other security certifications.
• Strong and clear communication and writing skills.