Job Description - IT Security Analyst
Company: Philips India Limited
IT Global Services Security & Compliance group within Philips assists business and IT by identifying and evaluating key operational risks and controls, assessing & ensuring compliance with regulatory and corporate internal policies requirements and other compliance activities.
We are looking for an Information Security Analyst who will be responsible for maintaining IT controls on IT Global Systems within Philips. This position involves Information Security Assessment, Information Technology risk management, Threat / Vulnerability Management. Security Incident investigation & remediation and support IT Global Systems support team in definition, deployment and maintenance of internal controls.
Support information security architectural requirements and operation support
Define, deploy and maintain policies, procedures in compliance with corporate level policies and standards.
Identify, track and remediate operational IT vulnerabilities and risks.
Perform Infosec Assessment to check compliance with internal controls and regulatory requirements such as GDPR, SOX, FDA, PCI DSS, eMDR, HIPAA etc
Establish regular governance with Global IT Systems owners to review security controls status.
Liaison with Philips Information Security Office in driving Infosec Improvement Program.
Support internal and external audits & reviews. Identify and submit mitigation evidences for audit issues. Work with action owners to define action plan and track them to closure.
Actively participate in Security Incidents investigation and remediation activities.
Work with different teams to gather security measurement metrics for executive management dashboard.
8+ years of experience in Information Security
Internal controls knowledge and understanding for core IT technologies and processes (e.g., network systems, operating systems, databases, change control tools and processes, computer systems operations, incident handling, information security, data backup, retention, and recovery, IT vendor management, asset management, disaster recovery, etc.)
Experience in regulatory compliance area for Health Care Industry (FDA, eMDR, HIPAA etc), Infosec framework or standard such as COBIT, ISO 27K, NIST is preferred
Certified IS Auditor (CISA)
Certified Information System Security Professional (CISSP)
Certified Information Security Manager (CISM)
Cloud Certified Security Professional (CCSP)
Certified Information Privacy Professional (CIPP)
ISO 27001 Lead Auditor