Listing Description
We are tech transformation specialists, uniting human expertise with AI to create scalable tech solutions.
With over 6,500 CI&Ters around the world, we’ve built partnerships with more than 1,000 clients during our 30 years of history. Artificial Intelligence is our reality.
The GRC Security Analyst will play a key role in maintaining and enhancing our Governance, Risk, and Compliance program while ensuring adherence to industry standards and regulatory requirements in the medical device sector. This position requires a detail-oriented and proactive individual with a strong understanding of security governance/compliance practices.
Key Responsibilities:
Third-Party Risk Assessments:
- Lead and execute third-party risk assessments annually, ensuring alignment with internal risk standards and external compliance requirements.
Cybersecurity Controls Monitoring:
- Maintain and enhance the cybersecurity control framework by:
• Mapping existing controls
• Collecting evidence of execution
• Identifying gaps or nonconformities
• Aligning overlapping requirements under a unified structure
- Ensure adherence to frameworks such as HITRUST, HIPAA, Spain ENS certification.
Enterprise Risk Management:
- Continuously identify, log, and analyze:
• Control nonconformities
• Unresolved/high-risk vulnerabilities across different sources
- Maintain the Risk Registry.
- Deliver timely risk treatment updates and reports to stakeholders.
Policies and Procedures Development:
- Create and maintain cybersecurity-related policies and procedures.
- Ensure documentation complies with regulatory and contractual standards.
Audit Support:
- Serve as a key contributor in audit readiness efforts.
- Ensure all cybersecurity processes, controls, and documentation meet external auditors' expectations.
- Support audit engagements by providing evidence and clarification as needed.
Required Skills and Qualifications:
- Conducting risk assessments, identifying potential vulnerabilities, and recommending mitigation strategies for medical device operations.
- Collaborating with cross-functional teams to ensure effective communication and implementation of GRC policies, procedures, and controls.
- Leading efforts to maintain and update GRC-related documentation, including risk assessments, policies, and procedures.
- Participating in internal and external audits, providing necessary support and documentation to demonstrate compliance.
- Strong understanding of GRC frameworks, industry standards, and regulatory requirements.
- Excellent analytical skills and attention to detail.
- Ability to work independently and within cross-functional teams.
- Excellent communication skills, with the ability to collaborate with both technical and non-technical stakeholders.
- Strong problem-solving skills, capable of making informed decisions under pressure.
- Fluent English skills.
- Bachelor’s degree in Computer Science, Information Security, or related field.
- Experience in GRC, compliance, or related roles.
- Experience in the medical device industry.
- Familiarity with compliance standards such as:
• FDA regulations
• HIPAA
• ISO
• NIST cybersecurity framework
- Relevant certifications (a plus, not required):
• CISSP
• CISA
• CRISC
• Or equivalent
#LI-AM2
#Midsenior
Our benefits:
-Health and dental insurance
-Meal and food allowance
-Childcare assistance
-Extended paternity leave
-Wellhub (Gympass)
-TotalPass
-Profit-sharing (PLR)
-Life insurance
-CI&T University
-Discount club
-Free online platform dedicated to physical, mental, and overall well-being
-Pregnancy and responsible parenting course
-Partnerships with online learning platforms
-Language learning platform
And many more!
More details about our benefits here: https://ciandt.com/br/pt-br/carreiras
Collaboration is our superpower, diversity unites us, and excellence is our standard.
We value diverse identities and life experiences, fostering a diverse, inclusive, and safe work environment. We encourage applications from diverse and underrepresented groups to our job positions.
Listing Details
- Citizenship: Not Provided
- Incentives: Not Provided
- Education: Not Provided
- Travel: Not Provided
- Telework: Not Provided