Sr. Analyst, IT Security Governance Risk and Compliance

Vantive is a vital organ therapy company on a mission to extend lives and expand possibilities for patients and care teams everywhere. For 70 years, our team has driven meaningful innovations in kidney care. As we build on our legacy, we are deepening our commitment to elevating the dialysis experience through digital solutions and advanced services, while looking beyond kidney care and investing in transforming vital organ therapies. Greater flexibility and efficiency in therapy administration for care teams, and longer, fuller lives for patients— that is what Vantive aspires to deliver.

We believe Vantive will not only build our leadership in the kidney care space, it will also offer meaningful work to those who join us. At Vantive, you will become part of a community of people who are focused, courageous and don’t settle for the mediocre. Each of us is driven to help improve patients’ lives worldwide. Join us in advancing our mission to extend lives and expand possibilities.

Your role at Vantive

Experienced and highly skilled subject matter expert for the Governance, Risk, and Compliance (GRC) function within the Information Security team.Execute and establish processes supporting key areas of GRC, including internal controls, third-party risk, security awareness and training. Manage activities related to internal application assessments against a documented security control framework. Responsible for facilitating the documentation of internal controls, policies and standards supporting the IT organization in alignment with industry standard security measures.

What you'll be doing

• Demonstrate solid technical knowledge of industry security practices, attain solid business knowledge, handle complex problems, possess strong knowledge of the organizational policies, standards and procedures, alongside security frameworks and benchmarking, have strong communication and interpersonal skills.

• Ensure familiarity with relevant laws, regulations, and industry standards, such as HIPAA, GDPR, NIST, and ISO 27001.

• Collaborate within a team environment to create and lead training and awareness programs to educate employees on security best practices and the importance of compliance.

• Maintain knowledge of emerging trends and technologies in cybersecurity and risk management, and recommend improvements to existing security risk and compliance processes.

• Manage and report on key performance indicators (KPIs) to measure the effectiveness of security risk and compliance programs.

•  Support and engage in third party risk management, including collaboration with key stakeholders such as Procurement, IT, and Global Business Units that engage with external vendors.

• Responsible for providing guidance, and supporting the development of company internal control guidelines and standard security documents in alignment with critical security frameworks.

• Must be well versed in industry standard security frameworks such as NIST 800-53, NIST CSF, ISO 27001, Cyber Essentials, etc.

• 3 to 5 years of experience with audit, controls, security awareness, and third party supplier management programs, or equivalent work experience with security governance, risk and compliance.  

• Determine and manage priorities, timelines, and schedules.

•  Interact regularly with customers and vendors to understand their business and to anticipate compliant IT solutions needed.

• Participate in the research, analysis, selection, and implementation of new governance and compliance tools, technologies and/or services.

• Strong verbal and written communication skills used to execute training and awareness objectives. Experience with successful phishing solutions and routine awareness campaigns is preferred.

What you'll bring

• Strong communication and interpersonal skills.Project management and team leadership experience required.

• Strong sense of business knowledge, including healthcare and technology.

• Ability to organize and analyze data effectively.

• Effective and impactful action through collaboration and communication.

• Bachelor’s degree in computer science, information assurance, cybersecurity, or a related field.

• At least 5 years of experience in a security risk and compliance role, preferably in the healthcare or finance industries.

• In-depth knowledge of relevant laws, regulations, and industry standards, such as HIPAA, PCI, GDPR, ISO 27001 and NIST.

• Strong understanding of security risk assessment and mitigation techniques, including vulnerability management and penetration testing.

• Experience with GRC platforms, process engineering, and other security technologies.

• Excellent communication and interpersonal skills, with the ability to collaborate with cross-functional teams and stakeholders.

• Strong analytical and problem-solving skills, with the ability to identify and mitigate potential security risks.

• Certifications such as CISSP, CISM, or CISA preferred.

Reasonable Accommodation

Vantive is committed to working with and providing reasonable accommodations to individuals with disabilities globally. If, because of a medical condition or disability, you need a reasonable accommodation for any part of the application or interview process, please click on the link here and let us know the nature of your request along with your contact information. Form Link

Recruitment Fraud Notice

Vantive has discovered incidents of employment scams, where fraudulent parties pose as Vantive employees, recruiters, or other agents, and engage with online job seekers in an attempt to steal personal and/or financial information. To learn how you can protect yourself, review our Recruitment Fraud Notice.