Information Security Compliance Analyst

Role: Information Security Compliance Analyst

Location: Kharadi, Pune

Life Unlimited. At Smith+Nephew, we design and manufacture technology that takes the limits off living.

Are you ready to play a key role in safeguarding patient data and strengthening our global compliance posture. We are looking for an experienced compliance analyst to run the company's annual HIPAA Program, reporting to the Senior Director Governance Risk & Compliance. HIPAA training will be provided for any candidates without direct experience.

What will you be doing?

• In this role you will be supported by the HIPAA Security Officer, HIPAA Privacy Officer and GRC Senior Director, who can provide guidance, additional direction and act as points of escalation HIPAA Program is owned by the Head of Compliance, with strategy directed by a cross-functional Steering Committee.

• You will work closely with our Senior Director of Governance Risk and Compliance, the HIPAA Security Officer and the HIPAA Privacy Officer, as well as the Head of Compliance who owns the programme.

• You will be managing activities and stakeholders to deliver the annual program. Managing annual program activities, competing annual risk assessments, assessing IT systems, maintaining records in OneTrust and reporting to Leadership.

• Through clear communication, structured management and sound judgement, you will help maintain the highest standards of security and compliance across our systems and processes.

What will you need to be successful?

• Bachelor´s degree in Computer Science or related subject preferred.
• Certifications: Privacy or Security certifications would be advantageous but are not essential e.g. any HIPAA certification (CHPS, CHSE, CHPSE, CIPP/US), CISA, CISSP, ISO27001 or equivalent.
• Work from Office – 3 days in a week in UK Shift (12:30 PM IST to 9:30 PM IST)
• Experience: 5 years in Information Security, at least 3 years working on working on Security Compliance programs.
• At least 2 years in Program or Project Management. Prior experience of Privacy Law related Security Controls compliance would be very well received.
• Strategy: Provide inputs into HIPAA Strategy.  
• Program Management: Plan the program schedule each year, based on strategy provided by leadership, and manage execution against this schedule.
• Organise stakeholders and external resources. Creating and eventually presenting materials to SteerCo. Organising cadences and report metrics.
• Security Risk Assessment (SRA): Plan and scope the annual HIPAA Security Risk Assessment (SRA) in collaboration with leadership.
• Develop HIPAA SRA testing templates based on last year’s assessment. Support execution of the HIPAA SRA by a third-party consultancy, against scope agreed with leadership. Manage any remedial actions from the SRA.
• IT System Assessments: Performing HIPAA Security Assessments on IT Systems, following a defined process and template.  Tracking of remedial actions.
• Monitor the HIPAA Law for changes and propose changes to HIPAA Policy, Procedures and Standards based such changes or other inputs from the SRA process or program execution
• Tracking and reporting any HIPAA risks to leadership. Managing HIPAA records and workflow in OneTrust tool.
• Prior experience in deploying and assessing Information Security controls is essential. Prior experience in Program or Project Management is essential, preferably with a compliance context.
• Prior experience using OneTrust and experience in IT Risk Management are optional.

You Unlimited.

We believe in crafting the greatest good for society. Our strongest investments are in our people and the patients we serve.

Inclusion + Belonging: Committed to Welcoming, Celebrating and Thriving. Learn more about Employee Inclusion Groups on our website (https://www.smith-nephew.com/).

Other reasons why you will love it here!

• Your Future: Major medical coverage + policy exclusions and insurance non-medical limit. Educational Assistance.
• Work/Life Balance: Flexible Personal/Vacation Time Off, Privilege Leave, Floater Leave.
• Your Wellbeing: Parents/Parents-in-Law’s Insurance (Employee Contribution of 8,000/- annually), Employee Assistance Program, Parental Leave.
• Flexibility: Hybrid Work Model (For most professional roles)
• Training: Hands-On, Team-Customized, Mentorship
• Extra Perks: Free Cab Transport Facility for all employees; One-Time Meal provided to all employees as per shift. Night shift allowances.

#YS1