Senior Analyst
warszawa
responsibilities :
As a Senior Analyst, Cybersecurity Risk Management you will help build, maintain, and manage Fortrea’s cyber risk management program. You will play a pivotal role in enhancing the cyber risk management framework and mitigation of cyber risks across the organization. You will also get involved in third-party vendor risk assessments, collaborate with cross-functional teams, vendors,
and work with offshore partners, oversee audits of third-party vendors.
Fortrea is a company dedicated to the idea that people at all levels of our organization should reflect the communities we serve. Diversity, equity, inclusion, and belonging are more than just concepts; they are woven into our DNA. We believe in cultivating a workspace where all employees can thrive.
Our mission is to help our clients bring the miracles of medicine to market sooner -- join us for your next career move.
Here are some of the responsibilities of this role:
Responsibilities include, but are not limited to:
Establish a cybersecurity risk management program designed to identify, report, and respond to cyber security risks in accordance with industry standards and frameworks, (NIST Cybersecurity Framework, NIST 800-37, ISO/IEC 27001) and regulations (SOX, GDPR, HIPAA)
Own and drive requirements for cybersecurity risk management tools.
Identify, assess, and prioritize cybersecurity risks, and potential impacts on the organizations assets and systems.
Develop and implement risk mitigation strategies and controls to reduce the organizations cyber risk.
Develop and maintain metrics, risk register, reporting and action plan.
Present regular reports on the organization’s cybersecurity risk posture to stakeholders.
Manage the cyber risk register and ensure alignment with enterprise risk management.
Align with enterprise risk management to manage the cyber risk register.
Stay updated on the latest changes in security trend, threats, and regulatory changes.
Third-party Cyber Security Risk Management
Evaluate and assess cybersecurity risks associated with third-party suppliers and service providers to ensure they meet the organizations security standards.
Collaborate with cross-functional teams to develop and implement risk mitigation strategies and controls.
Develop and maintain documentation related to third party risk assessments and action plans.
requirements-expected :
Bachelor’s degree in in Computer Science, cybersecurity, or related field
Minimum 5-7 years’ experience in cybersecurity risk management
Solid understanding of cybersecurity policies, standards, and controls
Experience and solid understanding of industry standards (NIST Cybersecurity Framework, NIST RMF and ISO/IEC 27001 etc.), and regulatory standards such as (HIPAA, SOX, GDPR, SOC2, PCI etc.)
Experience with control testing and validation (e.g. NIST 800-53 etc.)
Experience developing cybersecurity metrics and reporting involving various areas and stakeholders
Experience with implementing risk management processes, risk register within enterprise GRC management platforms (e.g., ServiceNow, OneTrust)
Ability to think strategically, innovatively, and execute effectively
Proven experience in collaborating across various IT and business domains