This job posting may have expired!
Use our `search` to find similar offers.
Similar jobs

Security Risk and Compliance Analyst

Medpace Holdings, Inc.

United States, OH, Cincinnati

Job Summary

Medpace is one of the leading Clinical Research Organizations in Healthcare. We seek an experienced Information Security Compliance Analyst with experience in auditing and compliance activities, substantial diligence, and can manage projects autonomously. You will be part of the Information Security team that secures the company's digital infrastructure by designing, implementing, and improving Medpace’s cybersecurity architecture. You will also ensure compliance with Information Security frameworks, regulations, and data privacy authorities.

Responsibilities

  • Perform SOX, SOC2, and GxP audits;
  • Drive organizational alignment to the NIST Cyber Security Framework and perform annual reviews;
  • Mature an organizational risk management program;
  • Help advance the supply chain security evaluation program;
  • Develop and modify corporate information security policies and procedures, including writing, reviewing, and updating policy documents;
  • Evaluation of customer information security requirements within contracts to ensure compliance;
  • Complete customer security questionnaires and help maintain an information security question/answer database;
  • Perform customer-facing security presentations; and
  • Support the development of Information Security training.

Qualifications

  • Minimum of bachelor’s degree, preferably in Information Technology.
  • Minimum of two years of experience in Information Security auditing or compliance activities.
  • Auditing and policy writing experience.
  • Understanding of security best practices and how to implement them business-wide.
  • Previous employment or experience in a highly regulated industry such as healthcare, financial, or defense experience with standards such as ISO, NIST, HIPPA, and/or SOC2.
  • Vendor risk management platforms (Security Scorecard, BitSight, Black Kite, etc.).
  • Experience with a security information and event management system (SIEM) for audit.

Job posted: 2023-04-28

3