Senior Analyst - Cybersecurity Risk Management

As a leading global contract research organization (CRO) with a passion for scientific rigor and decades of clinical development experience, Fortrea provides pharmaceutical, biotechnology, and medical device customers a wide range of clinical development, patient access and technology solutions across more than 20 therapeutic areas. With over 19,000 staff conducting operations in more than 90 countries, Fortrea is transforming drug and device development for partners and patients across the globe.

Are you ready to redefine what’s possible, and discover your extraordinary potential at Fortrea?

As a Senior Analyst, Cybersecurity Risk Management you will help build, maintain, and manage Fortrea’s cyber risk management program. You will play a pivotal role in enhancing the cyber risk management framework and mitigation of cyber risks across the organization. You will also get involved in third-party vendor risk assessments, collaborate with cross-functional teams, vendors,

and work with offshore partners, oversee audits of third-party vendors.

Fortrea is a company dedicated to the idea that people at all levels of our organization should reflect the communities we serve. Diversity, equity, inclusion, and belonging are more than just concepts; they are woven into our DNA. We believe in cultivating a workspace where all employees can thrive.

Our mission is to help our clients bring the miracles of medicine to market sooner -- join us for your next career move.

Here are some of the responsibilities of this role:

Responsibilities include, but are not limited to:

• Establish a cybersecurity risk management program designed to identify, report, and respond to cyber security risks in accordance with industry standards and frameworks, (NIST Cybersecurity Framework, NIST 800-37, ISO/IEC 27001) and regulations (SOX, GDPR, HIPAA)

• Own and drive requirements for cybersecurity risk management tools.

• Identify, assess, and prioritize cybersecurity risks, and potential impacts on the organizations assets and systems.

• Develop and implement risk mitigation strategies and controls to reduce the organizations cyber risk.

• Develop and maintain metrics, risk register, reporting and action plan.

• Present regular reports on the organization’s cybersecurity risk posture to stakeholders.

• Manage the cyber risk register and ensure alignment with enterprise risk management.

• Align with enterprise risk management to manage the cyber risk register.

• Stay updated on the latest changes in security trend, threats, and regulatory changes.

Third-party Cyber Security Risk Management

• Evaluate and assess cybersecurity risks associated with third-party suppliers and service providers to ensure they meet the organizations security standards.

• Collaborate with cross-functional teams to develop and implement risk mitigation strategies and controls.

• Develop and maintain documentation related to third party risk assessments and action plans.

Qualifications

• Bachelor’s degree in in Computer Science, cybersecurity, or related field

Experience

• Minimum 5-7 years’ experience in cybersecurity risk management

• Solid understanding of cybersecurity policies, standards, and controls

• Experience and solid understanding of industry standards (NIST Cybersecurity Framework, NIST RMF and ISO/IEC 27001 etc.), and regulatory standards such as (HIPAA, SOX, GDPR, SOC2, PCI

etc.)

• Experience with control testing and validation (e.g. NIST 800-53 etc.)

• Experience developing cybersecurity metrics and reporting involving various areas and stakeholders

• Experience with implementing risk management processes, risk register within enterprise GRC management platforms (e.g., ServiceNow, OneTrust)

• Ability to think strategically, innovatively, and execute effectively

• Proven experience in collaborating across various IT and business domains

Preferred Qualifications Include:

• CISSP or CRISC or similar preferred or willingness to achieve certification

• Experience working in a health authority regulated environment

• Experience leading or working with offshore team

The application deadline is June 23th , 2024.

#LI-Remote

Fortrea is actively seeking motivated problem-solvers and creative thinkers who share our passion for overcoming barriers in clinical trials. Our unwavering commitment is to revolutionize the development process, ensuring the swift delivery of life-changing ideas and therapies to patients in need. Join our exceptional team and embrace a collaborative workspace where personal growth is nurtured, enabling you to make a meaningful global impact.