Sign upLog in

Senior Information Security Analyst (HIPAA / GRC ) (US, Field)

Smith & Nephew Plc

Andover, MA(remote)

Apply
JOB DETAILS
SALARY
$111,750–$167,500 Per Year
SKILLS
Computer Science, Continuous Improvement, Documentation, Fitness, HIPAA (Health Insurance Portability and Accountability Act), ISO (International Organization for Standardization), Information Technology & Information Systems, Information/Data Security (InfoSec), Leadership, Legal Support Skills, LinkedIn, Mentoring, Privacy Controls, Privacy Regulations, Program Planning, Project/Program Management, Risk, Risk Analysis, Risk Management, Security Analysis, Security Compliance, Security Monitoring, Team Player, Time Management, U.S. National Institute of Standards and Technology (NIST), Willing to Travel
LOCATION
Andover, MA
POSTED
4 days ago

Life. Unlimited. At Smith+Nephew we design and manufacture technology that takes the limits off living.

Join us as an Information Security Compliance Analyst and play a key role in shaping and delivering our annual HIPAA programme. This is an opportunity to work closely with leaders across Governance Risk and Compliance, with support and guidance from senior experts while owning essential programme activities that help protect our patients, people and systems.

What will you be doing?

  • In this role, you will become the driving force behind the annual HIPAA programme.

  • You will plan the programme's schedule, coordinate with a wide range of partners, and keep everything running smoothly throughout the year.

  • You will oversee the annual Security Risk Assessment, shaping its scope and collaborating with third party specialists to ensure it is delivered effectively.

  • You will also carry out security assessments on IT systems, follow a structured process to record outcomes and track actions, and keep our documentation and workflows in OneTrust consistently updated.

  • Along the way, you will monitor changes in HIPAA law, support updates to internal policy, and bring insights and recommendations forward to leadership and the Steering Committee.

  • Success in this position comes from blending hands‑on security experience with strong organisation and leadership skills.

  • You enjoy helping a programme run on schedule, working with multiple teams, and being trusted by stakeholders to keep things moving.

  • You can translate security controls into clear activities, understand how they are applied in practice, and turn complex challenges into structured actions. You bring a continuous improvement mindset and a readiness to contribute to the growth of the HIPAA programme year after year.

What will you need to be successful?

Education: Bachelor´s degree in Computer Science or related subject preferred.

Certifications: Privacy or Security certifications would be advantageous but are not essential e.g. any HIPAA certification (CHPS, CHSE, CHPSE, CIPP/US), CISA, CISSP, ISO27001 or equivalent.

Experience:

  • At least 5 years in Information Security, some of which should be in a compliance function.

  • At least 2 years working on HIPAA compliance is required.

  • At least 3 years in Program or Project Management.

  • Prior experience of Privacy Law related Security Controls compliance would be very well received.

  • Experience deploying and assessing Information Security controls, ideally aligned to frameworks such as HIPAA, GDPR TOMS, ISO27001, HiTrust or NIST.

  • Familiarity with tools such as OneTrust or IT risk management platforms, or the ability to learn them quickly.

Travel Requirements: <5%

The anticipated base compensation range for this position is $111,750 to $167,500 USD annually.

The actual base pay offered to the successful candidate will be based on multiple factors, including but not limited to job-related knowledge/skills, experience, and geographic location. Compensation decisions are dependent upon the facts and circumstances of each position and candidate.

In addition to base pay, we offer competitive bonus and benefits, including medical, dental, and vision coverage, 401(k), tuition reimbursement, medical leave programs, parental leave, generous PTO, paid company holidays, 8 hours of volunteer time annually, and a variety of wellness offerings such as EAP.

You Unlimited.

We believe in creating the greatest good for society. Our strongest investments are in our people and the patients we serve.

  • Inclusion and Belonging- Committed to Welcoming, Celebrating and Thriving on Inclusion and Belonging, Learn more about Employee Inclusion Groups on our website (https://www.smith-nephew.com/).

  • Your Future: 401k Matching Program, 401k Plus Program, Discounted Stock Options, Tuition Reimbursement

  • Work/Life Balance: Flexible Personal/Vacation Time Off, Paid Holidays, Flex Holidays, Paid Community Service Day

  • Your Wellbeing: Medical, Dental, Vision, Health Savings Account (Employer Contribution of $500+ annually), Employee Assistance Program, Parental Leave, Fertility and Adoption Assistance Program

  • Training: Hands-On, Team-Customized, Mentorship

  • Extra Perks: Discounts on fitness clubs, travel and more!

#LI-REMOTE

#LI-MA1

Smith+Nephew provides equal employment opportunities to applicants and employees without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability.

Stay connected by joining our Talent Community.

We're more than just a company - we're a community! Follow us on LinkedIn to see how we support and empower our employees and patients every day.

Check us out on Glassdoor for a glimpse behind the scenes and a sneak peek into You. Unlimited., life, culture, and benefits at S+N.

Explore our website and learn more about our mission, our team, and the opportunities we offer.

About the Company

S

Smith & Nephew Plc

The Group has a history dating back 160 years to the family enterprise of Thomas James Smith who opened a small pharmacy in Hull, England in 1856. On his death in 1896, his nephew Horatio Nelson Smith took over the management of the business. Thomas James Smith black and white photograph Image: Thomas James Smith A few days after the declaration of World War 1 in 1914, Horatio Nelson Smith (the nephew of the company founder T. J Smith) met with an envoy of the French President in London. The company was awarded a contract to supply £350,000 of surgical and field dressings, to be delivered in five months. By the late 1990s, Smith & Nephew had expanded into being a diverse healthcare conglomerate with operations across the globe, including various medical devices, personal care products and traditional and pioneering woundcare treatments. In 1998, Smith & Nephew announced a major restructuring to focus management attention and investment on three business units — wound management, endoscopy and orthopaedics — which offered high growth and margin opportunities. Smith & Nephew was incorporated and listed on the London Stock Exchange in 1937 and in 1999 the Group was also listed on the New York Stock Exchange. In 2001, Smith & Nephew became a constituent member of the FTSE-100 index in the UK. This means that Smith & Nephew is included in the top 100 companies traded on the London Stock Exchange measured in terms of market capitalisation. Today, Smith & Nephew is a public limited company incorporated and headquartered in the UK and doing business in many countries around the world.
COMPANY SIZE
2,000 to 2,499 employees
INDUSTRY
Medical Devices and Supplies