Address
JOB DESCRIPTION:
About Abbott
Abbott is a global healthcare leader, creating breakthrough science to improve people’s health. We’re always looking towards the future, anticipating changes in medical science and technology.
The Opportunity
The Security & Privacy Compliance Analyst reports to the BTS Cybersecurity Compliance Manager. This role will be based in either our Sittingbourne or Maidenhead office.
What are we looking for?
- Demonstrated skills implementing security / privacy processes and programs, ISMS and annual internal and external audits.
- Strong understanding of industry security technology and audit controls with the ability to develop policies and procedures supportive of established audit requirements
- An ability to quickly assess security risks, identify controls/policies to mitigate security risks and establish documented procedures and protocols designed to ensure Abbott’s information is protected and secure
- Relevant experience supporting a privacy program, which may include privacy requirements under the GDPR, and other privacy rules and regulations. Specific desirable qualifications include the following.
Minimum Requirements
- Undergraduate degree in computer science, information technology, related subject matters or equivalent work experience.
- Knowledge of information security controls and standards, particularly ISO 27001/27002. ISO27001:2022 Lead Auditor.
- Knowledge of privacy frameworks, rules and regulations related to privacy (e.g., GDPR).
- Relevant Experience in an information security and / or privacy role, preferably in an environment involving critical data and confidentiality management requirements.
- General knowledge of enterprise security technologies, including SIEM, IDS/IPS systems and firewalls, antivirus, enterprise vulnerability scanning and testing, data at rest encryption technologies, etc.
- Experience managing and responding to audits and other tests of security controls, developing audit plans and procedures, and reporting the results of such audits.
- Experience writing/developing security / privacy policies and procedures and other relevant documentation.
- CISSP, CISM, CRISC, CISA, GIAC, or other security certifications desired.
- Strong analytical and problem-solving skills.
- Excellent communication (oral, written, presentation), interpersonal and consultative skills.
ESSENTIAL JOB RESPONSIBILITIES
- The Security & Privacy Compliance Analyst implements, manages and reports UK region’s compliance initiatives, procedures and processes relating to information security and privacy. Provides guidance to the UK business and stakeholders on security and data privacy issues and manages data security and privacy risks / incidents. Specific duties and responsibilities include, but are not limited to the following:
- Implements and monitors UK’s Information Security Management System (ISMS) according to the ISO 27001:2022 standard, including preparing for all audits, leading quarterly meetings with stakeholders and maintaining certification.
- Manages ongoing accreditation to The Data Security and Protection Toolkit (DSPT) according to the DSPT standard and National Health Service (NHS) security control areas, leads compliance to NHS standards by reviewing change controls and performing self-assessment and audits to maintain accreditation in good standing.
- Develops, tests, documents, evaluates, tracks and improves information security controls for all UK ISO 27001 in-scope components, resources, applications, privacy and security protocols.
- Develops and tracks security metrics and risks to monitor Information Security program performance and risk profile.
- Implements security audit guidelines and workflow process, testing the capability, reliability and effectiveness of Abbott’s security systems, applications, protocols and procedures.
- Assists with periodic risk assessments, risk treatment plans, and completion of risk treatment activities.
- Collaborates with appropriate stakeholders to document and implement necessary policies and procedures to comply with ISO 27001 standards and to maintain certification.
- Manages and transitions all corresponding processes, procedures, documentation and audits from ISO27001:2013 to ISO27001:2022 Standard requirements.
- Hosts, leads and manages Steering Committee meetings (e.g. IGG) with stakeholders and leaders as required.
- Reviews and manages security and privacy requirements in third-party guidelines and agreements.
- Works with appropriate personnel to respond to client generated security assessments and questionnaires, particularly those NHS-related to ensure Abbott’s security and confidentiality requirements are met.
Working at Abbott
At Abbott, you can do work that matters, grow, and learn, care for yourself and family, be your true self and live a full life. You will have access to:
- Career development with an international company where you can grow the career you dream of.
- A company recognized as a great place to work in dozens of countries around the world and named one of the most admired companies in the world by Fortune.
- A company that is recognized as one of the best big companies to work for as well as a best place to work for diversity, working mothers, female executives, and scientists.
Follow your career aspirations to Abbott for diverse opportunities with a company that can help you build your future and live your best life. Abbott is an Equal Opportunity Employer, committed to employee diversity.
Connect with us at www.abbott.com, on Facebook at www.facebook.com/Abbott and on Twitter @AbbottNews and @AbbottGlobal.
The base pay for this position is
N/AIn specific locations, the pay range may vary from the range posted.
JOB FAMILY:
IT Business Relationship Management
DIVISION:
BTS Business Technology Services
LOCATION:
United Kingdom > Maidenhead : Abbott House
ADDITIONAL LOCATIONS:
United Kingdom > Sittingbourne : Sovereign House
WORK SHIFT:
Standard
TRAVEL:
Not specified
MEDICAL SURVEILLANCE:
No
SIGNIFICANT WORK ACTIVITIES:
Not Applicable
