Senior IT Security Risk and Compliance Analyst

At Illumina, we are expanding access to genomic technology to realize health equity for billions of people around the world. Our efforts enable life-changing discoveries that are transforming human health through the early detection and diagnosis of diseases and new treatment options for patients.

Job Description

 

Position Summary:

The Sr. IT Security Risk & Compliance Analyst will work within the security certifications team to support and mature a strong security certifications program. With an immediate goal to provide operation support in maintaining ISO:27001, C5 and SOC 2 certifications for Illumina’s cloud-based analytics products. The role will bring the necessary subject matter expertise in the ISO, C5 and SOC 2 security certifications space and work with the program manager based in the AMR region to meet future business needs. The position requires ability to operate with remote supervision, with high customer satisfaction, efficiency, and accountability towards the success of the program. This position interacts with all tiers of staff and management and must possess good project management and organizational skills.

 

Responsibilities:

·       Responsible for ensuring various process owners maintain the required ISO 27001, C5 and SOC 2 and various additional security framework requirements (e.g. NIST, PCI, HIPAA)

·       Management and custodian duties related to GRC tool (AuditBoard)

·       Documenting evidence that supports compliance with security requirements

·       Coordinates data gathering, logging and upkeep of periodic activities as defined within the security management process.

·       Develops and maintains periodic review of ISMS program based polices.

·       Advises project teams and internal GIS customers on ISO, C5 and SOC 2 certification scope, and compliance approach.

·       Assist and lead process improvement projects to enhance control strength.

·       Manage Quarterly compliance requirements for various security frameworks

·       Operate independently to manage end to end compliance activities within projects.

·       Develops and maintains metrics to demonstrate security control’s health throughout the year.

·       Assist in maintaining ISO, C5 and SOC 2 security risks, open action items and drive them for closure.

·       Support internal security audits conducted as part of ISO, C5 and SOC 2 programs.

·       Schedule, maintain and facilitate SME walkthroughs during external and internal audits.

·       Work within the GRC audit tool to maintain audit schedules, control strength ratings and SME ownership assignments.

·       Facilitate and maintain ISO, C5 and SOC 2 program’s non-conformance actions including root-cause analysis and investigation status.

 

Listed responsibilities are an essential, but not exhaustive list, of the usual duties associated with the position. Changes to individual responsibilities may occur due to business needs.

 

Experience/Education:

·       Experience with ISO:27001 and SOC 2 requirements and security regulations within other frameworks – e.g., 21 CFR Part 820/11, ISO 13485, FDA, SOX, HIPAA and C5.

·       Strong organizational skills to maintain and manage activities around ISO, C5 and SOC 2 certification projects.

·       Strong experience with GRC tool configuration and maintenance – (e.g. AuditBoard)

·       Experience working within a distributed team in multiple geographical locations.

·       Strong oral and written skills to persuade, direct and advise stakeholders on security compliance processes.

·       Understanding of cloud infrastructure, cybersecurity threats, vulnerabilities and risk management

·       Ability to articulate security & compliance requirements & strategy and provide tailored approach to meet the business needs.

·       Experience and leadership in fast-paced project implementations.

·       Excellent customer service and communication skills.

·       Experience with software development lifecycle activities, methodologies, testing and validation.

·       Experience with common IT infrastructure and applications, e.g., virtualization, directory services, storage, DBMS.

·       Security certifications such as Security+, CEH, CISA, CISM, or equivalent are a plus

 

All listed requirements are deemed as essential functions to this position; however, business conditions may require reasonable accommodations for additional task and responsibilities.

 

Experience/Education:

·       Typically requires a bachelor’s degree and a minimum of 5 years of related experience.

#LI-HYBRID

#illuminacareers

We are a company deeply rooted in belonging, promoting an inclusive environment where employees feel valued and empowered to contribute to our mission. Built on a strong foundation, Illumina has always prioritized openness, collaboration, and seeking alternative perspectives to propel innovation in genomics. We are proud to confirm a zero-net gap in pay, regardless of gender, ethnicity, or race. We also have several Employee Resource Groups (ERG) that deliver career development experiences, increase cultural awareness, and offer opportunities to engage in social responsibility. We are proud to be an equal opportunity employer committed to providing employment opportunity regardless of sex, race, creed, color, gender, religion, marital status, domestic partner status, age, national origin or ancestry, physical or mental disability, medical condition, sexual orientation, pregnancy, military or veteran status, citizenship status, and genetic information. Illumina conducts background checks on applicants for whom a conditional offer of employment has been made. Qualified applicants with arrest or conviction records will be considered for employment in accordance with applicable local, state, and federal laws. Background check results may potentially result in the withdrawal of a conditional offer of employment. The background check process and any decisions made as a result shall be made in accordance with all applicable local, state, and federal laws. Illumina prohibits the use of generative artificial intelligence (AI) in the application and interview process. If you require accommodation to complete the application or interview process, please contact accommodations@illumina.com. To learn more, visit: https://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf. The position will be posted until a final candidate is selected or the requisition has a sufficient number of qualified applicants. This role is not eligible for visa sponsorship.