Description
Syneos Health® is a leading fully integrated biopharmaceutical solutions organization built to accelerate customer success. We translate unique clinical, medical affairs and commercial insights into outcomes to address modern market realities.
Every day we perform better because of how we work together, as one team, each the best at what we do. We bring a wide range of talented experts together across a wide range of business-critical services that support our business. Every role within Corporate is vital to furthering our vision of Shortening the Distance from Lab to Life®.
Discover what our 29,000 employees, across 110 countries already know:
WORK HERE MATTERS EVERYWHERE
Why Syneos Health
We are passionate about developing our people, through career development and progression; supportive and engaged line management; technical and therapeutic area training; peer recognition and total rewards program.
We are committed to our Total Self culture – where you can authentically be yourself. Our Total Self culture is what unites us globally, and we are dedicated to taking care of our people.
We are continuously building the company we all want to work for and our customers want to work with. Why? Because when we bring together diversity of thoughts, backgrounds, cultures, and perspectives – we’re able to create a place where everyone feels like they belong.
Job Summary
This role is a senior member of the Information Security Assurance program to enhance the control effectiveness and security in the organization. It leads the Assurance efforts, assess security controls, and works closely with cross-functional teams to maintain a secure and compliant environment. The individual in this role possesses deep knowledge of security control frameworks, stays abreast of the evolving threat landscape, and has experience working in a cybersecurity risk and assurance environment. This role will collaborate with various internal stakeholders to ensure that security controls are deployed and functional as per policy requirements and meets or exceeds internal and external cybersecurity and regulatory requirements. This role requires an expert understanding of information security principles, risk assessment methodologies, and industry best practices. Adapts to an ever-changing cybersecurity risk landscape and helps to evolve Syneos Health’s cybersecurity program to meet and address these challenges.
Job Responsibilities
- Serves as a senior member of the working team for the Assurance Program within the Governance, Risk, and Assurance (GRA) function. Participates in the development, implementation, and management of the organization’s Cybersecurity Assurance program.
- Plans, conducts, and oversees internal assessments of security controls, identify opportunities for improvement, and provide assurance to the internal stakeholders and business owners.
- Reviews and evaluates internal controls to ensure they are designed effectively to address regulatory and internal requirements.
- Identifies potential control deficiencies and gaps in the control framework and recommends remediation measures.
- Participates in the efforts to gain assurance from independent third-party partners through penetration testing to strengthen the security posture.
- Collaborates with internal cross-functional teams to communicate the findings and implement corrective actions.
- Maintains accurate documentation of control assessments, testing results, and evidence.
- Prepares comprehensive reports on control assessments and testing outcomes for internal stakeholders.
- Assists in security policy and standards development, reviews, and updates. Assist in annual control plan development.
Qualifications
Required Qualifications
- Bachelor’s degree in computer science, Information Security, or a related field.
Relevant certifications such as CISSP, CISA, CRISC, or ISO 27001 auditor will be considered as an advantage.
- Minimum 4-5 years’ experience working as an Information Security Analyst or in a similar role focused on assurance and compliance management.
- Experience in utilizing tools for risk profile data collection is desirable e.g., OSINT and GRC. Deep understanding of risk assessment methodologies, vulnerability management, and security control frameworks (e.g., NIST, ISO 27001)
- Solid understanding of security controls, technologies, and best practices to mitigate cyber risks. Proficient in Microsoft Office (Excel, PowerPoint, Word)
- Strong communication and interpersonal skills to collaborate effectively with cross-functional teams and stakeholders. Excellent analytical and problem-solving skills
- Ability to work independently as well as collaboratively in a team environment, prioritize tasks, and manage time effectively.
Disclaimer
Tasks, duties, and responsibilities as listed in this job description are not exhaustive. The Company, at its sole discretion and with no prior notice, may assign other tasks, duties, and job responsibilities. Equivalent experience, skills, and/or education will also be considered so qualifications of incumbents may differ from those listed in the Job Description. The Company, at its sole discretion, will determine what constitutes as equivalent to the qualifications described above. Further, nothing contained herein should be construed to create an employment contract. Occasionally, required skills/experiences for jobs are expressed in brief terms. Any language contained herein is intended to fully comply with all obligations imposed by the legislation of each country in which it operates, including the implementation of the EU Equality Directive, in relation to the recruitment and employment of its employees. The Company is committed to compliance with the Americans with Disabilities Act, including the provision of reasonable accommodations, when appropriate, to assist employees or applicants to perform the essential functions of the job.