IT Risk Analyst (Pharmaceutical Experience)

Biotechnology United States


Duties and Responsibilities include, but are not limited to, the following:

  • Defines, documents, reports and tracks technology risk across IOPS
  • Reviews technology controls across IOPS to identify potential vulnerabilities and weaknesses
  • Works across the IT Team to help identify technology risks and mitigation initiatives for existing technologies and systems
  • Conducts risk assessments for all new technology projects, applications and services, identifying risks and agreeing mitigation actions
  • Monitors and tracks identified risks and mitigation actions
  • Verification/auditing of controls and risk/control indicators
  • Helps mitigate key risks by identifying and recommending changes to policies and procedures
  • Maintains awareness of emerging security risks and trends and raises awareness of risks where appropriate
  • Supports Regulatory and Internal audits related to Technology Risk and Information Security
  • Works across IT to ensure security best practices are identified and integrated into all facets of projects including designs/configuration, and implementations
  • Assists in documenting standards, processes, and procedures for security incident response
  • Security awareness – tracking cyber security behavior of individuals and teams within IOPS during Phishing scenarios sent out to us by Corporate Information Security and communicating out to IOPS on Cyber/Information Security related themes throughout the year.


Education and Experience:

  • Requires BS/BA in Information Technology or related field with 3-5 years’ Risk or Security experience or equivalent combination of education and experience.
  • Experience of a regulatory environment, information security best practices (ISO 27001:2013, NIST Cyber Security framework etc.)


Knowledge, Skills & Abilities:

  • Proven track record in technology risk identification and management
  • Knowledge and experience of the wider and emerging technology space, such as infrastructure, database, networks, mobile device management and cloud technologies
  • Experience of information risk governance and an understanding of risk analysis, management techniques and methodologies
  • Strong analytical skills with the capability to assess the information provided, and provide clear and appropriate direction