FRESENIUS CORE VALUES:

Fresenius Medical Care is a people business. Our success depends on having the best and brightest employees and helping them attain their personal and professional goals while delivering excellence in patient care and business results. Our employees embody our culture which is based on four core values supporting our promise to improve the quality of life of every patient every day. These core values are: Collaborative, Proactive, Reliable, and Excellent.

EDUCATION:

• Bachelor’s degree in information security, computer science, or a related field.
• Relevant certifications such as CISSP, CISA, CISM, or CRISC are highly desirable.

EXPERIENCE AND REQUIRED SKILLS:

• Minimum of 5 years of experience in information security, with a focus on governance, risk management, and/or compliance.
• Proven experience in developing and implementing information security policies and procedures.
• Expert-level knowledge of NIST CSF and 800-series publications.
• Strong understanding of regulatory requirements and industry standards (e.g., GDPR, HIPAA, ISO 27001).
• Excellent analytical and problem-solving skills.
• Effective communication and collaboration skills, with the ability to interact with stakeholders at all levels.
• Familiarity with risk assessment methodologies and tools.
• Demonstrated experience with ServiceNow GRC or a similar tool is preferred.
• Previous experience with data analysis tools such as PowerBI or Tableau is preferred.

PURPOSE AND SCOPE:

The Lead Information Security Governance, Risk, and Compliance Analyst is a key member of the Information Security team responsible for delivering and enhancing the organization’s information security governance, risk management, and compliance programs at a global scale. This role plays a crucial part in ensuring the confidentiality, integrity, and availability of the organization’s information assets, as well as compliance with relevant regulations and standards.

PRINCIPAL DUTIES AND RESPONSIBILITIES:

• Stay abreast of global cybersecurity laws, regulations, and industry standards.
• Develop and maintain information security policies, standards, and procedures.
• Conduct risk assessments and identify vulnerabilities.
• Collaborate with global stakeholders at all levels to develop and implement issue and risk mitigation strategies.
• Monitor and report on the organization’s risk posture to senior management.
• Validate the organization’s compliance with security requirements and internal controls.
• Coordinate and support internal and external compliance audits.
• Develop and deliver information security training programs.
• Foster a culture of security awareness throughout the organization.
• Collaborate with incident response teams to provide guidance on remediation activities to prevent future incidents.
• Other duties as assigned.
  Additional responsibilities may include focus on one or more departments or locations. See applicable addendum for department or location specific functions.