Senior Information Security Analyst (HIPAA / GRC ) (US, Field)

Life. Unlimited. At Smith+Nephew we design and manufacture technology that takes the limits off living.

Join us as an Information Security Compliance Analyst and play a key role in shaping and delivering our annual HIPAA programme. This is an opportunity to work closely with leaders across Governance Risk and Compliance, with support and guidance from senior experts while owning essential programme activities that help protect our patients, people and systems.

What will you be doing?

• In this role, you will become the driving force behind the annual HIPAA programme.

• You will plan the programme’s schedule, coordinate with a wide range of partners, and keep everything running smoothly throughout the year.

• You will oversee the annual Security Risk Assessment, shaping its scope and collaborating with third party specialists to ensure it is delivered effectively.

• You will also carry out security assessments on IT systems, follow a structured process to record outcomes and track actions, and keep our documentation and workflows in OneTrust consistently updated.

• Along the way, you will monitor changes in HIPAA law, support updates to internal policy, and bring insights and recommendations forward to leadership and the Steering Committee.

• Success in this position comes from blending hands‑on security experience with strong organisation and leadership skills.

• You enjoy helping a programme run on schedule, working with multiple teams, and being trusted by stakeholders to keep things moving.

• You can translate security controls into clear activities, understand how they are applied in practice, and turn complex challenges into structured actions. You bring a continuous improvement mindset and a readiness to contribute to the growth of the HIPAA programme year after year.

What will you need to be successful?

Education: Bachelor´s degree in Computer Science or related subject preferred.

Certifications: Privacy or Security certifications would be advantageous but are not essential e.g. any HIPAA certification (CHPS, CHSE, CHPSE, CIPP/US), CISA, CISSP, ISO27001 or equivalent.

Experience:

• At least 5 years in Information Security, some of which should be in a compliance function.

• At least 2 years working on HIPAA compliance is required.

• At least 3 years in Program or Project Management.

• Prior experience of Privacy Law related Security Controls compliance would be very well received.

• Experience deploying and assessing Information Security controls, ideally aligned to frameworks such as HIPAA, GDPR TOMS, ISO27001, HiTrust or NIST.

• Familiarity with tools such as OneTrust or IT risk management platforms, or the ability to learn them quickly.

Travel Requirements:  <5%

Smith+Nephew provides equal employment opportunities to applicants and employees without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability.