In this role, you have the opportunity to
Reporting to the Director of Privacy and Security of the Philips HealthSuite Digital Platform (HSDP), the HSDP Security Governance, Risk & Compliance (GRC) Manager is a highly motivated and technically adept Information Security professional responsible for establishing, leading, and managing initiatives related to an information security management system (ISMS) for governance and compliance activities associated with effectively managing and continuously maturity an ISMS and overall risk management lifecycle. Ultimately mitigating risks and protecting the HSDP environment which processes and stores personal, sensitive, confidential, health data, and protected health information (ePHI) for HSDP Clients
We require a self-starter who will be responsible for managing HSDP’s ISMS and providing comprehensive oversight and manage compliance and risk efforts to meet HSDP business objectives. This individual will also assist in ensuring that the Security and Privacy program maintains suitable levels of compliance to applicable laws and regulations through adherence to ISMS policies. The Security GRC Manager will identify noncompliant and ineffective security processes and controls, including those of HSDP critical third parties and prioritize actions associated with risk management and continuous improvement activities.
You are responsible for
Effectively management and continuously improve an established ISMS where risk management, engineering and operational processes are key pillars which align to ISO 27001, ISO 27002, ISO 27018, SOC 2 principles, HIPAA, CSA CMM, HIPAA and HITRUST.
Develop and maintain all relevant documentation, policies, procedures, standards and work instructions for security operations and secure development lifecycles establishing and embedding controls into daily ways of working.
Facilitate the management and reporting of risks identified through various risk assessment to include risk treatment plans and execution to reduce risk to an acceptable level.
Evaluate the impact of new and changing legal and regulatory requirements that may affect HSDP, identifying potential gaps within the ISMS and communicate to affected policy and process owners to create a mitigation plan.
Collaborate with HSDP Operations and implement security controls at various IaaS and PaaS layers as part of continuous integration continuous deployment pipeline.
Build and maintain an auditing and reporting framework that produces artifacts that support security and compliance needs.
Maintain current knowledge of the information security field and the changing threat landscape while implementing improvements in both technical security and compliance domains mitigating risks identified as part of the risk management process.
Provide oversight and management of third-party testing to ensure that controls are adequate to meet legal, regulatory, policy, standards, and security requirements.
Assess service providers identifying third party risks using a standard information gathering questionnaire.
Demonstrate ability to work under pressure and maintain composure during high-stress situations.
To succeed in this role, you should have the following skills and experience
3+ years of related work experience is preferred
Strong relationship building and influencing skills balanced with vision and the ability to innovate.
Strong verbal and written communication skills and public-speaking abilities. Communicating industry standards, best practices, testing techniques, and the interpretation of assessment, and testing/certification results for customers.
Hands-on experience in a global high-technology security role, preferably a combination of risk management, information security, business continuity and security operations.
Expertise in technical and business environment, familiarity with national security standards, experience with business continuity, disaster recovery, auditing, risk management, vulnerability assessments, and cyber-security and incident management.
Current security certification CISSP or CISM or equivalents.
Advanced understanding in one or more of the following areas:
Platform Security, Cloud Computing Security, Data Security, Network Security, Security Assessment, Security Governance, Enterprise Risk Management, Computer Security Incident Response, and Security Compliance Audits.
Information security technologies, markets, and vendors including firewall, intrusion detection, assessment tools, encryption, certificate authority, web, and application development.
Knowledge of risk assessment procedures, policy formation, role-based authorization methodologies, authentication technologies, and security attack pathologies.
Passionate about building secure Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) in the cloud.
Rock-solid security skills.
Thrive in a startup-like environment within a large multinational corporation.
An intelligent, articulate, and persuasive information security professional who can serve as an effective member of the HSDP Security and Privacy team.
Have a pragmatic view of security – Let’s get to a "Yes" attitude.
Ability to handle multiple responsibilities in an unstructured environment where you’re empowered to make a difference.
We’re looking for self-starters who can work collaboratively across teams.
A love to work as part of a team and concentrate on the outcome of the team rather than a quest for their own personal goals.
Significantly 'self-sufficient' and comfortable making recommendations and decisions with less than perfect information.
Strong desire to learn new technologies and the ability to help define and continuously improve processes.
Possess a level of ownership and leadership to coordinate or action projects across multiple teams and drive to a successful conclusion.
Comfortable working within a regulated environment.
Experience with full lifecycle of security software and solutions, including product research and evaluation; testing; selection; deployment; and administration in support of security program.
In this role we offer you
Working at Philips is more than a job. It’s a calling to create a healthier society through meaningful work, focused on improving 3 billion lives a year by delivering innovative solutions across the health continuum at http://www.philips.com/b-dam/corporate/corporateblog/2016/PhilipsChronicDisease_5.jpg . Our people experience a variety of unexpected moments when their lives and careers come together in meaningful ways.
To find out more about what it’s like working for Philips at a personal level, visit the Working at Philips page at http://www.philips.com/a-w/careers/healthtech/working-at-philips/working-at-philips.html on our career website, where you can read stories from our employee blog at http://www.usa.philips.com/a-w/our-people/life-at-philips.html . Once there, you can also learn about our recruitment process at http://www.philips.com/a-w/careers/healthtech.html , or find answers to some of the frequently asked questions at http://www.philips.com/a-w/careers/healthtech/faq.html .
Find out more info about Philips at www.philips.com/na/careers
Ready to start improving lives by putting your personal skills & passions to work?
Philips is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex (including pregnancy), sexual orientation, gender identity, national origin, genetic information, creed, citizenship, disability, protected veteran or marital status.
As an equal opportunity employer, Philips is committed to a diverse workforce. In order to ensure reasonable accommodation for individuals protected by Section 503 of the Rehabilitation Act of 1973, the Vietnam Veterans' Readjustment Act of 1974, and Title I of the Americans with Disabilities Act of 1990, applicants that require accommodation in the job application process may contact 888-367-7223, option 5, for assistance.