Senior Information Security Analyst (HIPAA / GRC ) (US, Field)

Smith+Nephew·Remote(United States)
Cybersecurity

WFA Digital Insight

As demand for experienced information security professionals continues to rise, with a 25% increase in job postings over the past year, Smith+Nephew's Senior Information Security Analyst role stands out in the current remote job market. With a growing need for experts who can navigate complex security regulations, particularly in the healthcare industry, this role requires a unique blend of technical expertise and compliance knowledge. Candidates should be well-versed in HIPAA and GRC, with a strong understanding of security risk assessments and compliance frameworks. With Smith+Nephew's commitment to innovation and patient care, this role offers a chance to make a meaningful impact in a forward-thinking company.

Job Description

About the Role

As a Senior Information Security Analyst at Smith+Nephew, you will play a critical role in shaping and delivering the company's annual HIPAA programme. This is a unique opportunity to work closely with leaders across Governance, Risk, and Compliance, with the support and guidance of senior experts. You will be responsible for owning essential programme activities that help protect patients, people, and systems. The role requires a strong understanding of security regulations, particularly HIPAA, and the ability to navigate complex compliance frameworks.

You will be part of a dynamic team that values collaboration, innovation, and continuous improvement. Smith+Nephew is committed to creating a work environment that is inclusive, supportive, and empowering, allowing you to grow both personally and professionally.

The company's mission is to design and manufacture technology that takes the limits off living, and as a Senior Information Security Analyst, you will be instrumental in ensuring the security and integrity of sensitive data and systems.

What You Will Do

  • Plan and coordinate the annual HIPAA programme, ensuring timely completion and compliance with regulatory requirements
  • Conduct security risk assessments and collaborate with third-party specialists to ensure effective delivery
  • Oversee the implementation of security controls and ensure compliance with regulatory requirements
  • Monitor changes in HIPAA law and support updates to internal policies and procedures
  • Collaborate with cross-functional teams to ensure security and compliance are integrated into all aspects of the business
  • Develop and maintain documentation and workflows in OneTrust, ensuring consistency and accuracy
  • Provide insights and recommendations to leadership and the Steering Committee on security and compliance matters
  • Identify areas for continuous improvement and implement changes to enhance the HIPAA programme
  • Collaborate with external partners and vendors to ensure compliance with security and regulatory requirements
  • Develop and deliver training and awareness programmes to educate employees on security and compliance best practices

What We Are Looking For

  • Bachelor's degree in Computer Science or a related field, with a strong understanding of security regulations and compliance frameworks
  • At least 5 years of experience in information security, with a minimum of 2 years in a compliance function
  • Strong knowledge of HIPAA and GRC, with experience in security risk assessments and compliance audits
  • Experience with program or project management, with the ability to coordinate and lead cross-functional teams
  • Familiarity with tools such as OneTrust or IT risk management platforms, with the ability to learn quickly
  • Strong analytical and problem-solving skills, with the ability to translate complex technical concepts into clear, actionable recommendations
  • Excellent communication and interpersonal skills, with the ability to collaborate effectively with stakeholders at all levels
  • Certifications such as CHPS, CHSE, CHPSE, CIPP/US, CISA, CISSP, or ISO27001 are advantageous but not essential

Nice to Have

  • Experience with privacy law-related security controls and compliance
  • Familiarity with frameworks such as GDPR TOMS, HiTrust, or NIST
  • Experience with cloud-based security solutions and technologies
  • Strong understanding of emerging trends and technologies in information security

Benefits and Perks

  • Competitive salary and bonus structure
  • Comprehensive benefits package, including medical, dental, and vision coverage
  • 401(k) matching program and tuition reimbursement
  • Generous PTO and paid holidays, with flexible work arrangements
  • Opportunities for professional growth and development, with a commitment to continuous learning and improvement
  • Access to a range of wellness offerings, including EAP and employee assistance programmes
  • Discounted stock options and employee stock purchase plan
  • Paid community service day and volunteer time off

How to Stand Out

  • When applying for this role, be sure to highlight your experience with HIPAA and GRC, as well as your knowledge of security risk assessments and compliance frameworks.
  • Showcase your ability to translate complex technical concepts into clear, actionable recommendations, and demonstrate your experience in collaborating with cross-functional teams.
  • Familiarize yourself with tools such as OneTrust or IT risk management platforms, and be prepared to discuss your experience with these technologies.
  • Emphasize your analytical and problem-solving skills, and be prepared to provide examples of how you have applied these skills in previous roles.
  • Research Smith+Nephew's mission and values, and be prepared to discuss how your own values and goals align with those of the company.
  • Be prepared to discuss your experience with continuous improvement and your approach to identifying areas for improvement in a compliance programme.

This is a remote position listed on WFA Digital, the platform for professionals who work from anywhere. Browse more remote jobs across all categories.