Job Information
ThermoFisher Scientific IT Security Engineer III in Sofia, Bulgaria
Job Description
Position Summary:
As a member of the Corporate Infrastructure and Security - Risk & Assessments team, the Security Engineer is responsible for:
Providing key input and assistance in the development and implementation of a global cybersecurity risk management program
Maintaining and executing the risk management policy throughout the entire risk lifecycle
Executing various risk analysis processes within the team including intake and analysis of reported risks, risk management, and ensuring teams are properly managing plans to reduce or eliminate risk
Ensure consistency of security practice and standards across the organization
Conduct Information Security assessments including and documenting controls, identifying potential gaps and or inconsistencies and making sound recommendations for improvement and/or migration
Collaborate on the technical definitions and oversee implementation of security controls and requirements for systems, infrastructure and solutions
Provide consultative advice ensuring security design for systems aligns with business needs and the company’s security posture
Cultivate and maintain strong working relationships with IT teams, Legal, Privacy, and Internal Audit.
The ideal candidate will have good research, writing, and presenting skills, a desire to solve complex problems, and the drive to complete assignments on-time with minimal oversight.
This position will be part of a team that will be responsible for driving visibility and have understanding of information security risk management to contribute and influence strategic decision making across the enterprise.
Risk Key Responsibilities:
Intake and analysis of identified cyber security issues and risks from a variety of sources including security assessments, compliance checks, automated vulnerability systems, and other internally or externally reported risks.
Complete analyses and reports to develop a comprehensive view of risk across the company.
Assist and track for accurate risk measurement and response activities, provide necessary information and analysis to help business leaders prioritize risks
Review and track action plans developed by risk owners and ensure plans are completed appropriately
Perform ad-hoc risk analysis as assigned
Review and advise on internal security capabilities in the context of negotiations with customers or auditors.
Perform other duties as assigned.
Minimum Requirements/Qualifications:
5+ years’ experience in risk analysis, information risk management, , data privacy, information technology, or equivalent with exposure to cybersecurity and/or information security risk.
Bachelor’s Degree in Risk Management, Information Assurance, Information Security, Cybersecurity, IT, Law or Data Privacy or equivalent work experience.
Experience with risk analysis.
Ability to explain complex risk management topics to a broad audience
Understanding of relevant industry frameworks such as ISO 27001 series, NIST 800-53, FISMA and others
General understanding of cybersecurity technologies and controls with the ability to bridge the gap between governance and technical concepts
Excellent writing skills, with experience as a writer or technical editor is considered a plus
Demonstrated ability to complete work with minimal direction and self-identify tasks
Excellent written and oral communication skills with experience presenting to senior leadership
Strong interpersonal, organizational, and excellent documentation skills
Excellent customer service skills
Relevant certifications such as CRISC, CISSP or CISA are considered a plus
Experience of various risk management frameworks such as the NIST Risk Management Framework or Center for Internet Security Risk Assessment Methodology will be considered plus.
Non-Negotiable Hiring Criteria:
Customer service mindset
Strong attention to detail, organizational skills, time management
Excellent verbal and written communication skills
The ability to interact professionally with a diverse group: executives, managers, and subject matter experts.
Ability to take direction and independently work through projects as required
Thermo Fisher Scientific is an EEO/Affirmative Action Employer and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability or any other legally protected status.
ThermoFisher Scientific
- ThermoFisher Scientific Jobs