Cybersecurity Business Analyst

Fresenius Medical Care

Waltham, Massachusetts

JOB DETAILS
SKILLS
Amazon Web Services (AWS), Analysis Skills, Applications Security, Best Practices, Business Analysis, CISA - Certified Information Systems Auditor, CISSP - Certified Information Systems Security Professional, Cloud Computing, Communication Skills, Computer Science, Computer Security, Computer Systems, Customer Support/Service, Database Design, Enterprise Architecture, Enterprise Protection, External Audit, ISO (International Organization for Standardization), Information Architecture, Information Technology & Information Systems, Information/Data Security (InfoSec), Internal Audit, Internet Security, Interpersonal Skills, Management of Information Systems/Technology (MIS), Microsoft Windows Azure, Network Architecture/Engineering, Network Design, Network Protocols, Network Security, Operating Systems, Operations Security (OPSEC), Physical Demands, Presentation/Verbal Skills, Problem Solving Skills, Process Management, Protective Services, Regulations, Regulatory Requirements, Risk, Risk Analysis, Risk Management, Security Architecture, Security Compliance, Security Infrastructure, Security Protocols, Software Design, Software Development, Team Player, Technical Writing, U.S. National Institute of Standards and Technology (NIST)
LOCATION
Waltham, Massachusetts
POSTED
9 days ago

PRINCIPAL DUTIES AND RESPONSIBILITIES:  

  • Work closely with engineering, operations, and security specialists to ensure adequate security solutions and controls are in place throughout all IT systems and platforms to mitigate identified risks sufficiently, and to meet business objectives and regulatory requirements. 

  • Assess and understand the organization’s current security posture and future architecture requirements, providing recommendations for improvement and risk reduction. 

  • Ensures implemented solutions support cybersecurity architecture objectives (availability, scalability, performance, security, etc.), as appropriate, and monitors implementation activities to ensure architecture and design principles are upheld. 

  • Supports the implementation of technical artifacts (frameworks, standards, and repeatable patterns, etc.) that constitute the enterprise information security architecture and solutions and work with infrastructure teams to ensure adoption. 

  • Serve as a security expert in application development, database design, network and/or platform (operating system) efforts, helping project teams comply with enterprise and security policies, industry regulations, and best practices. 

  • Design security configuration guidelines for information technology devices and systems, as well as mechanisms for assessing compliance within those guidelines. 

  • Participate in the design and implementation of a comprehensive Zero Trust Architecture framework to ensure the confidentiality, integrity, and availability of our systems and data. 

  • Contribute the creation of security policies, access controls, and authentication mechanisms based on Zero Trust principles. 

  • Evaluate existing network and security infrastructure, identify vulnerabilities, and recommend enhancements to align with Zero Trust principles. 

  • Familiarity with OWASP, SANS Top 20 and prevention/remediation techniques and their implementation. 

  • Ability to work in a group development environment as an application security engineer across software engineer, QA engineer and build/test/release engineer teams. 

  • Experience in deploy/maintain/support/analyzing DAST/SAST scan result 

  • Manage the tactical execution of short- and long-term objectives through the coordination of activities with a direct responsibility for results, including costs, methods, and staffing. 

 

PHYSICAL DEMANDS AND WORKING CONDITIONS: 

  • The physical demands and work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job.  Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. 

 

SUPERVISION:  

  • None 

 

EDUCATION:  

  • Bachelor's degree in management information systems, Computer Science, or business/science related field . 

 

EXPERIENCE AND REQUIRED SKILLS  

  • 6-10 years of experience working with internal/external audits or risk management - methods and techniques for the assessment and management of risk. 

  • Familiar with the management, operational, and technical aspects of IT Security in a complex enterprise environment. Additional experience in cyber risk management and assessments will be considered. 

  • Strong understanding of network architecture, protocols, and security technologies. 

  • Familiarity with cloud computing platforms, such as AWS, Azure, or Google Cloud, and their associated security services. 

  • Proficiency in security frameworks and standards, such as ISO 27001, NIST, and CIS. 

  • Ability to operate as a pro-active and result-driven problem solver with excellent analytical and interpersonal skills. 

  • Ability to understand IT processes, management objectives risk appetite and tolerances and impact of objectives, of changes to risk profiles. 

  • CISA, CISSP, CRISC, or other relevant certification(s) desired. 

  • Strong client services orientation and communication skills coupled with a high sense of urgency to keep appropriate partners informed, including solutions to overcome obstacles to deliver to expectation. 

  • Experience in IT governance, risk, and controls, including governance frameworks. 

  • Demonstrated technical writing, communication, and presentation skills. 

  • Ability to work effectively in a team environment.   

  • Creativity in addressing technical challenges.   

  • Proven record to deliver results. 

The rate of pay for this position will depend on the successful candidate’s work location and qualifications, including relevant education, work experience, skills, and competencies.

Annual Rate: $137,000.00 - $229,000.00

Benefit Overview: This position offers a comprehensive benefits package including medical, dental, and vision insurance, a 401(k) with company match, paid time off, parental leave.

Fresenius Medical Care is an equal opportunity employer and does not discriminate on the basis of race, color, religion, sexual orientation, gender identity, parental status, national origin, age, disability, military service, or other non-merit-based factors

About the Company

F

Fresenius Medical Care

Fresenius Medical Care North America is a wholly owned subsidiary of Fresenius Medical Care AG & Co. KGaA, located in Bad Homburg, Germany. Through our dialysis services entity, Fresenius Medical Services, we operate more than 2,100 outpatient dialysis clinics in the U.S. Our Renal Therapies Group is responsible for the manufacture and distribution of a variety of dialysis products and equipment, including dialysis machines, dialyzers and other dialysis-related supplies.
COMPANY SIZE
10,000 employees or more
INDUSTRY
Healthcare Services
FOUNDED
1996
WEBSITE
http://fmcna.com/