Senior Analyst, Risk Management GRC

Additional Location(s):  N/A

Diversity - Innovation - Caring - Global Collaboration - Winning Spirit - High Performance

At Boston Scientific, we’ll give you the opportunity to harness all that’s within you by working in teams of diverse and high-performing employees, tackling some of the most important health industry challenges. With access to the latest tools, information and training, we’ll help you in advancing your skills and career. Here, you’ll be supported in progressing – whatever your ambitions.

About the role:
Come join a growing team and be ready to make a huge impact in the Governance, Risk and Compliance space at Boston Scientific. As a Risk Management GRC Senior Cyber Security Analyst, you will focus on maturing and managing the Cyber Security Policy Framework, Exceptions Process and Risk Assessment Process within the Governance Risk and Compliance (GRC) team. You will partner with the Compliance team to help mature and assess the risk registry and ranking within the company.

Your responsibilities will include:

• Define the cyber security Policy Framework leveraging ISO 27001/27002 and NIST
• Update and/or create cyber security policies and procedures, linking existing policies when necessary. 
• Partner with the GRC team to mature the overall risk assessment process, including Third Party risk assessments. 
• Mature the cyber security exceptions process by working cross-functionally to consolidate the intake modules to Archer.
• Mature the risk registry and ranking process within the company and provide meaningful metrics for leadership and the board of directors.
• Respond to General GRC questions or requests for audit responses, customer questionnaires and risk assessments.
• May participate on cross functional projects and/or initiatives as assigned
• Provide metrics and present progress and statuses for leadership 

Required qualifications:

• Bachelor’s degree
• 6 years cyber security and GRC experience
• 5 years project management or project coordinator experience
• Experience developing or maturing cyber security frameworks
• Experience with exceptions management, risk registry, risk assessments and risk ranking.
• Ability to put together meaningful metrics for leadership and board of directors.
• Healthcare, device or equivalent experience

Preferred qualifications:

• Experience in tracking business risk and remediation
• Third Party Assessment Experience
• Policy Exception Experience
• IT Audit Experience
• Boston Scientific Experience
• CISA – Certified Information Security Auditor
• ISO/IEC 27001 Lead Implementor
• CIPP/US - Certified Information Privacy Professional
• CISM – Certified Information Security Manager
• MBA or MHA
• Ability to multi-task and prioritize work in a fast-paced environment
   

Requisition ID: 560287

As a leader in medical science for more than 40 years, we are committed to solving the challenges that matter most – united by a deep caring for human life. Our mission to advance science for life is about transforming lives through innovative medical solutions that improve patient lives, create value for our customers, and support our employees and the communities in which we operate. Now more than ever, we have a responsibility to apply those values to everything we do – as a global business and as a global corporate citizen.

So, choosing a career with Boston Scientific (NYSE: BSX) isn’t just business, it’s personal. And if you’re a natural problem-solver with the imagination, determination, and spirit to make a meaningful difference to people worldwide, we encourage you to apply and look forward to connecting with you!

At Boston Scientific, we recognize that nurturing a diverse and inclusive workplace helps us be more innovative and it is important in our work of advancing science for life and improving patient health. That is why we stand for inclusion, equality, and opportunity for all. By embracing the richness of our unique backgrounds and perspectives, we create a better, more rewarding place for our employees to work and reflect the patients, customers, and communities we serve. Boston Scientific is proud to be an equal opportunity and affirmative action employer.

Boston Scientific maintains a drug-free workplace. Pursuant to Va. Code § 2.2-4312 (2000), Boston Scientific is providing notification that the unlawful manufacture, sale, distribution, dispensation, possession, or use of a controlled substance or marijuana is prohibited in the workplace and that violations will result in disciplinary action up to and including termination.

Please be advised that certain US based positions, including without limitation field sales and service positions that call on hospitals and/or health care centers, require acceptable proof of COVID-19 vaccination status.  Candidates will be notified during the interview and selection process if the role(s) for which they have applied require proof of vaccination as a condition of employment.  Boston Scientific continues to evaluate its policies and protocols regarding the COVID-19 vaccine and will comply with all applicable state and federal law and healthcare credentialing requirements.   As employees of the Company, you will be expected to meet the ongoing requirements for your roles, including any new requirements, should the Company’s policies or protocols change with regard to COVID-19 vaccination.