Principal IT Global eGRC Security Analyst (remote)

Requisition Number

Employment Type

Location

Job Summary

Zimmer Biomet is a global medical technology leader. Our team members are part of a company with a heritage of leadership, a focus on shaping the future, and a mission dedicated to alleviating pain and improving the quality of life for people around the world.

The Principal IT Security Analyst - Global eGRC in this role will enable the development, support and continuous improvement of Zimmer Biomet’s Global Information Security Governance Risk and Compliance (eGRC) Program; and fostering a culture of efficient and effective eGRC market-leading practices.

Responsibilities include: develop, document, implement, and maintain InfoSec governance, risk and compliance strategies, policies, processes, and tools. The person in this role will also be responsible for InfoSec awareness education and culture, liaison for internal & external audits, open issues management, policy management, infosec regulatory requirements and industry standards, and InfoSec certifications maintenance.

Principal Duties and Responsibilities

• Partner with key stakeholders and control owners to design and build an industry leading eGRC Program.
  • Define and maintain risk & control definitions, risk assessments, control testing results, et al. in accordance with regulatory requirements and industry leading practices.
  • Manage, develop, and motivate team members on cybersecurity governance, risk, and compliance
  • Perform and manage risk assessments to support requirements of various security frameworks, such as ISO27001, NIST SP 800-37, NIST SP 800-30, NIST SP 800-161, et al.
• Program, Policy, Standard, & Procedure Lifecycle Management
  • Partner with stakeholders on program, policy, standard, & procedure lifecycle management in accordance with the company’s policy framework, requirements, and authoritative repository.
  • Policy Exception Management
• Audit & Open Issues Management
  • Partner with stakeholders and control owners on Internal Audit engagements and requisite corrective action plans (CAPs) and management responses; and, tracking them with CAP owners through to on-time completion.
  • Partner with key risk partners on continuous monitoring, control testing, and compliance audits
• InfoSec Awareness Training & Culture; and, content lifecycle management
  • Develop and oversee the InfoSec awareness training education and culture program to increase awareness of best practices, and improve awareness & culture across the organization
• Report outcome-based metrics for priorities and areas of responsibility
  • eGRC Program maturity monitoring & reporting
  • Develop and maintain dashboards to track and manage risks and controls
• Continuous improvement of all functions
  • Partner with stakeholders on maintaining and expanding industry leading information security certifications.
  • Coordinate, support, and enable building more mature eGRC practices into our Global eGRC Program.
  • Manage and mature the InfoSec eGRC Program, including working with systems owners to remediate control deficiencies

Expected Areas of Competence

• Hands-on experience with a market-leading eGRC technology platform.
• Solid understanding of cybersecurity industry standards and controls, application security, IT in general, and IT risk management, with a focus on building more security leading-practices into eGRC processes.
• Solid project management and work planning skills; must be able to multitask efficiently and effectively.
• Excellent communication skills and ability to collaborate and build positive relationships with cross-functional multi-disciplinary stakeholders; in particular internal functional teams, corporate IT teams, et al.

Education/Experience Requirements

• Bachelor’s degree and 7+ years of professional related experience, OR Associate degree and 9+ years of related professional experience, OR High School Diploma or equivalent with 11+ years of related professional experience
• 2+ years of professional experience with a market leading eGRC technology platform
• Security certification desired (e.g., CRISC, CISM, CISA, SSCP, CCSP, CISSP)

Additional Information

At Zimmer Biomet, we believe in The Power of Us, which means that we are stronger together. We are committed to creating an environment where every team member feels included, respected, empowered, and celebrated.

As a Zimmer Biomet team member, you will share in our commitment to providing mobility and renewed life to people around the world. This is why we offer you a competitive rewards package that includes medical, dental, vision, life and disability insurance, wellness incentives, employee assistance programs as well as paid time off for vacation and holidays.

EOE/M/F/Vet/Disability

Compensation Range: $ 125000 - 150000