Information Security Analyst

Starkey Hearing Technologies
United States, Minnesota, Eden Prairie
Nov 18, 2024
Description At Starkey, we are in the business of connecting people and changing lives. As a world leader in the manufacturing and delivering of advanced hearing solutions, we go to work each day to ensure every person on the planet has the opportunity to hear their very best. Founded in 1967, Starkey is known for its innovative design, development and distribution of comprehensive digital hearing systems. Headquartered in Eden Prairie, Minnesota, Starkey has more than 5,000 employees globally, operates 29+ facilities and does business in more than 100 markets worldwide.Here's a video about the people behind Starkey's groundbreaking innovation: https://www.youtube.com/watch?v=GjhRQ7qzlI0 JOB SUMMARY DESCRIPTION / PRIMARY PURPOSE OF JOB The Information Security Analyst will be part of the team that leads the Information Security and Privacy function within the company and will be responsible for having an understanding of business processes, data required to perform business functions and the global regulations governing this data. This role will assist in scaling our security and privacy program through process improvement and tool creation necessary to ensure the integrity, availability and protection of critical information systems that support Starkey's global business. This role will be expected to enable the business through decision making that is grounded in business outcomes and will work across the business with users and technical groups. This role provides guidance and recommend data protecting actions based upon Starkey's policies. The individual must be a results-oriented person who can achieve tangible improvements in the security and privacy program. JOB RESPONSIBILITIES/RESULTS Work closely with users and technical groups to understand corporate requirements related to security risk and regulatory compliance and ensure those requirements are met. Establish and oversee formal risk analysis and self-assessments program for various information systems and business processes. Assess risk and advise on security and/or privacy standards, best practices and solutions. Advise on 'security by design' practices and implementations across multiple business units and geographies where Starkey operates. Ensure Information Security policies and procedures are communicated and followed by the organization, tracking any exceptions. Work closely with IT, PMO, and other functional area specialists to ensure adequate security solutions are in place throughout all IT systems and platforms to mitigate identified risks sufficiently, and to meet business objectives and regulatory requirements. Drive our corporate wide Information Security Awareness program. Help ensure compliance with HIPAA, PCI, GDPR and other appropriate regulations. Provide metrics on security and privacy risk management program maturity and progress. Maintain expertise on regulatory trends through training, research and development in order to mitigate potential exposures. JOB REQUIREMENTS Education 4-year degree in Computer Science, MIS, Math, Engineering, or equivalent work experience. Experience 3-5 years of experience in a global company that is governed by HIPAA, PCI or GDPR with specific skills in two or more of the following areas: Audit/Risk Management Threat and Vulnerability Management Application Security Security Operations Center/Security Incident Response Governance, Risk and Compliance Anti-virus consoles and deployments SIEM monitoring and deployment Firewall rule review/configuration Virtualized, Hybrid and Cloud environments NIST, ISO or other security program frameworks Experience communicating technical security requirements to business units, create strategy and implement security and/or privacy plans utilizing strong and effective writing skills Knowledge / Technical Requirements Understanding of security and privacy best practices Understanding of tools and techniques for building a security and privacy program Good understanding of the organization's goals and objectives Competencies, Skills & Abilities Ability to conceptualize complex business and technical requirements into comprehensible models and templates. Demonstrated technical experience, with the ability to interface effectively with a broad range of people and roles, including managers, IT leaders, and technology vendors. Ability to manage projects and coordinate with other team members to complete project tasks. Highly self-motivated and directed, with keen attention to detail. Strong organizational skills and ability to multi-task in a global business environment. Ability to maintain the goals and culture of the organization. #LI-MP1 Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)