Responsibilities
System and Organization Controls 2 (SOC2)
- Lead and manage support for all PCI, SOC 2 and other associated annual attestation programs.
- Conduct process audits and evidence reviews monthly to ensure compliance by Information Technology.
- Conduct procedural audits, checking for effectiveness and compliance with regulations and company policies.
Β
Risk Assessments
- Conduct and/or coordinate Information Technology security risk assessments for technology and security frameworks implemented by HLUS.
- Organize and maintain the cyber security risk portfolio within Fujifilmβs Risk Register System
- The analyst will research leading practices which will support recommendations on how to appropriately integrate or align Fujifilmβs Data Governance, Data Management, Information Security, Organization and Risk Management policies and procedures as needed.
- The analyst will work directly with application and data owners to drive the risk mitigation process.
- Define and implement risk ratings, models, and hierarchies to identify the impact, severity, and overall risk of identified vulnerabilities.
- Assign a preliminary risk profile by identifying the information security risk factors based on data classification, design, and functional purpose and use.
- Complete a risk assessment evaluation which will articulate risk and impact analysis when security controls cannot be met by an initiative to ensure transparency and appropriate level of acceptance. Prepare and present findings to Information Security management and business sponsors.
- Participate in the strategy and day-to-day operations of the Data Protection team, ensuring risk management process and procedures are aligned.
- Evaluate third-party risks resulting from the requirements of business, customers, partners, vendors, suppliers, and technology or data related products. Prepare and present findings to Information Security management and business sponsors.
- Regularly contribute to executive management reports covering Information Security risk treatment, risk mitigation and risk metrics.
Β
Track
- Review penetration and vulnerability testing results with key stakeholders. Provide scoring to prioritize remediation efforts.
- Track, measure, validate, and report on risk identification, stakeholder notification, and remediation efforts for penetration and vulnerability testing.
Β
Analysis
- Assist the Legal Department with litigation matters. Perform eDiscovery searches to extract emails from O365 mailboxes. Assist the IT Infrastructure Helpdesk team with identifying individuals that may need their IT equipment retained for legal matters.
-
-
- Collaborate and build relationships with IT colleaguesβ core business partners for continued security education and awareness.
-
Β
- 2 - 4 years of risk analysis, audit, compliance, or other experience in a similar field of work.
- Computer Science degree is preferred in IT, systems engineering, or related qualifications.
- CISM, PCIP, ISA, or equivalent certifications preferred.
- Experience working in a Shared Service Organization structure, supporting multiple industries/companies.
- Experience working in a Healthcare industry, with strong knowledge in regulatory requirements (e.g., HIPAA, FDA, HITRUST, etc.)
Β
Desired Skills
- Must possess strong analytical, troubleshooting and organization skills.
-
- Consistently demonstrates quality and effectiveness in work documentation and organization skills.
- Proven experience or knowledge of data governance and privacy tools such as OneTrust, DLP solutions, and/or others is beneficial to this role.
- Strong understanding of industry frameworks and best practices (ex. NIST, ISO, OWASP, CIS, etc.)
- Detailed understanding of network design, security protocols and cloud integration security
-
- The ideal candidate must be able to convey complex security issues and risks while maintaining a positive relationship with key stakeholders.
- Have strong written and verbal communication skills and can summarize highly technical security findings into non-tech savvy responses.
Β
Expectations
Within 6-9 Months:
- Learn IT systems and operations of the Fujifilm HLUS Shared Service supported operations.
- Demonstrate skills applicable with the responsibilities listed in this job description.
Β
Within 9-18 Months:
- Learn IT systems and operations of the Fujifilm HLUS Shared Service supported operations.
- Have a firm understanding and working knowledge of all supported Fujifilm group IT operations within the Americas region to make improvement recommendations and ensure that the organization's data and infrastructure are protected by enabling the appropriate security controls.
Β
Salary and Benefits:
- $75,000 β 80,000 depending on experience.
- Medical, Dental, Vision
- Life Insurance
- 401k
- Paid Time Off
Β
Β
Β
Β
EEO/AGENCY NOTES
Β
Fujifilm is an equal opportunity employer to all, regardless of age, ancestry, color, disability (mental and physical), exercising the right to family care and medical leave, gender, gender expression, gender identity, genetic information, marital status, medical condition, military or veteran status, national origin, political affiliation, race, religious creed, sex (includes pregnancy, childbirth, breastfeeding and related medical conditions), and sexual orientation, and any other status protected by federal, state, or local law.
Β
To all agencies: Please, no phone calls or emails to any employee of Fujifilm about this requisition. All resumes submitted by search firms/employment agencies to any employee at Fujifilm via-email, the internet or in any form and/or method will be deemed the sole property of Fujifilm, unless such search firms/employment agencies were engaged by Fujifilm for this requisition and a valid agreement with Fujifilm is in place. In the event a candidate who was submitted outside of the Fujifilm agency engagement process is hired, no fee or payment of any kind will be paid.
*#LI-REMOTE
Β