Senior Security & Privacy Compliance Analyst

at  Abbott Laboratories

ABOUT ABBOTT

Abbott is a global healthcare leader, creating breakthrough science to improve people’s health. We’re always looking towards the future, anticipating changes in medical science and technology.

MINIMUM REQUIREMENTS

• Undergraduate degree in computer science, information technology, related subject matters or equivalent work experience.
• Knowledge of information security controls and standards, particularly ISO 27001/27002. ISO27001:2022 Lead Auditor.
• Knowledge of privacy frameworks, rules and regulations related to privacy (e.g., GDPR).
• Relevant Experience in an information security and / or privacy role, preferably in an environment involving critical data and confidentiality management requirements.
• General knowledge of enterprise security technologies, including SIEM, IDS/IPS systems and firewalls, antivirus, enterprise vulnerability scanning and testing, data at rest encryption technologies, etc.
• Experience managing and responding to audits and other tests of security controls, developing audit plans and procedures, and reporting the results of such audits.
• Experience writing/developing security / privacy policies and procedures and other relevant documentation.
• CISSP, CISM, CRISC, CISA, GIAC, or other security certifications desired.
• Strong analytical and problem-solving skills.
• Excellent communication (oral, written, presentation), interpersonal and consultative skills.

• The Security & Privacy Compliance Analyst implements, manages and reports UK region’s compliance initiatives, procedures and processes relating to information security and privacy. Provides guidance to the UK business and stakeholders on security and data privacy issues and manages data security and privacy risks / incidents. Specific duties and responsibilities include, but are not limited to the following:
• Implements and monitors UK’s Information Security Management System (ISMS) according to the ISO 27001:2022 standard, including preparing for all audits, leading quarterly meetings with stakeholders and maintaining certification.
• Manages ongoing accreditation to The Data Security and Protection Toolkit (DSPT) according to the DSPT standard and National Health Service (NHS) security control areas, leads compliance to NHS standards by reviewing change controls and performing self-assessment and audits to maintain accreditation in good standing.
• Develops, tests, documents, evaluates, tracks and improves information security controls for all UK ISO 27001 in-scope components, resources, applications, privacy and security protocols.
• Develops and tracks security metrics and risks to monitor Information Security program performance and risk profile.
• Implements security audit guidelines and workflow process, testing the capability, reliability and effectiveness of Abbott’s security systems, applications, protocols and procedures.
• Assists with periodic risk assessments, risk treatment plans, and completion of risk treatment activities.
• Collaborates with appropriate stakeholders to document and implement necessary policies and procedures to comply with ISO 27001 standards and to maintain certification.
• Manages and transitions all corresponding processes, procedures, documentation and audits from ISO27001:2013 to ISO27001:2022 Standard requirements.
• Hosts, leads and manages Steering Committee meetings (e.g. IGG) with stakeholders and leaders as required.
• Reviews and manages security and privacy requirements in third-party guidelines and agreements.
• Works with appropriate personnel to respond to client generated security assessments and questionnaires, particularly those NHS-related to ensure Abbott’s security and confidentiality requirements are met.