Senior Governance, Risk & Compliance Security Analyst
Being a member of Enterprise Security Governance Risk and Compliance team provides an exciting opportunity to be part of an innovative and dedicated team of security and audit professionals.
The Senior Governance, Risk & Compliance Analyst will be responsible for the security governance, risk management, and compliance across the enterprise. They will establish corporate security requirements by evaluating business strategies and requirements, researching information security standards, performing risk assessments, identifying integration issues, and provide recommendations for remediating identified risk. Additionally, they will lead the review and formal approval process for policy updates. A significant responsibility will be to ensure Information Security Policy and Standard documents meet or exceed industry standards, compliance requirements and customer/client expectations and maintaining the Information Security Program documentation.
At least 8 years of total combined higher education and related work experience including:
At least 2 years of information systems security work experience
At least 6 years of higher education and/or additional work experience directly related to the duties of the job including:
Bachelor's degree in Accounting, Information Systems, Computer Science, Computer Engineering, Software Engineering or Mathematics or related field
At least 3 years in Information Technology security programs, audits, assessments, risk, or remediation management work experience
At least 2 years of Privacy law, data protection/security regulations, and frameworks, such as BITS, COBIT, NIST and ISO27002 work experience
Experience with information security risk management
Experience with data privacy/protection
Experience with ISO 31000, 27005, 27001, HIPAA and/or other risk-centric standards and practices helpful
Demonstrates the ability to work on multiple projects simultaneously and prioritize work to meet adapting deadlines
Experience with/in FISMA, NIST Risk Management Framework, NIST 800-53 Security Controls, CNSSI 1253 and privacy overlay controls
Security+, SANS GIAC, CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager) or CISMP (Certificate in Information Security Management Principles)
Plan, conduct, and document security compliance assessments based on a variety of standards, laws, and regulations
Develop detailed recommendations for mitigating findings and process improvement projects
Willing to work additional or irregular hours as needed and allowed by local regulations
Work in accordance with corporate and organizational security policies and procedures, understand personal role in safeguarding corporate and client assets, and take appropriate action to prevent and report any compromises of security within scope of position
Perform other responsibilities as assigned
Must be willing to live or reside in Kansas City or live in a virtually approved city
Applicants for U.S. based positions with Cerner Corporation must be legally authorized to work in the United States. Verification of employment eligibility will be required at the time of hire. Visa sponsorship is not available for this position.
Some Cerner positions may be obligated to comply with client-facing requirements and occupational health requests, including but not limited to, an immunization set, an annual flu shot, an annual TB screen, an updated background check, and/or an updated drug screen.
Relocation Assistance Available
Yes - Domestic/Regional
Cerner is a place where people are encouraged to innovate with confidence and focus on what is important - people's health and the care they receive. We are transforming health care by developing tools and technologies that make it more efficient for care providers and patients to navigate the complexity of our health. From single offices to entire countries, Cerner solutions are licensed at more than 25,000 facilities in over 35 countries.
Cerner's policy is to provide equal opportunity to all people without regard to race, color, religion, national origin, ancestry, marital status, veteran status, age, disability, pregnancy, genetic information, citizenship status, sex, sexual orientation, gender identity or any other legally protected category. Cerner is proud to be a drug-free workplace.
Job Family Group
Cerner's policy is to provide equal opportunity to all people without regard to race, color, religion, national origin, ancestry, marital status, veteran status, age, disability, pregnancy, genetic information, citizenship status, sex, sexual orientation, gender identity or any other legally protected category. Cerner is proud to be a drug-free workplace. Applicants for U.S. based positions with Cerner Corporation must be legally authorized to work in the United States. Verification of employment eligibility will be required at the time of hire. Visa sponsorship is not available for this position.