What are the responsibilities and job description for the Governance Risk and Compliance Analyst position at Starkey?
In this role, you'll collaborate with technical teams and business leaders to ensure Starkey meets security and regulatory compliance. You'll lead risk analysis, advise on security best practices, and drive "security by design" initiatives across global business units. Working with IT, you'll ensure security solutions align with HIPAA, PCI, GDPR, and other regulations, while also spearheading the company's Information Security Awareness program.
At Starkey, we are in the business of connecting people and changing lives. As a world leader in the manufacturing and delivering of advanced hearing solutions, we go to work each day to ensure every person on the planet has the opportunity to hear their very best. Founded in 1967, Starkey is known for its innovative design, development and distribution of comprehensive digital hearing systems.
Headquartered in Eden Prairie, Minnesota, Starkey has more than 5,000 employees globally, operates 29 facilities and does business in more than 100 markets worldwide. Here’s a video about the people behind Starkey’s groundbreaking innovation:
https://www.youtube.com/watch?v=GjhRQ7qzlI0
JOB SUMMARY DESCRIPTION / PRIMARY PURPOSE OF JOB
The Analyst will be part of the team that leads the Information Security and Privacy function within the company and will be responsible for having an understanding of business processes, data required to perform business functions and the global regulations governing this data. This role will assist in scaling our security and privacy program through process improvement and tool creation necessary to ensure the integrity, availability and protection of critical information systems that support Starkey’s global business. This role will be expected to enable the business through decision making that is grounded in business outcomes and will work across the business with users and technical groups. This role provides guidance and recommend data protecting actions based upon Starkey’s policies. The individual must be a results-oriented person who can achieve tangible improvements in the security and privacy program.
JOB RESPONSIBILITIES/RESULTS
- Work closely with users and technical groups to understand corporate requirements related to security risk and regulatory compliance and ensure those requirements are met.
- Establish and oversee formal risk analysis and self-assessments program for various information systems and business processes.
- Assess risk and advise on security and/or privacy standards, best practices and solutions.
- Advise on ‘security by design’ practices and implementations across multiple business units and geographies where Starkey operates.
- Ensure Information Security policies and procedures are communicated and followed by the organization, tracking any exceptions.
- Work closely with IT, PMO, and other functional area specialists to ensure adequate security solutions are in place throughout all IT systems and platforms to mitigate identified risks sufficiently, and to meet business objectives and regulatory requirements.
- Drive our corporate wide Information Security Awareness program.
- Help ensure compliance with HIPAA, PCI, GDPR and other appropriate regulations.
- Provide metrics on security and privacy risk management program maturity and progress.
- Maintain expertise on regulatory trends through training, research and development in order to mitigate potential exposures.
JOB REQUIREMENTS
Education
- 4-year degree in Computer Science, MIS, Math, Engineering, or equivalent work experience.
Experience
- 3-5 years of experience in a global company that is governed by HIPAA, PCI or GDPR with specific skills in two or more of the following areas:
- Audit/Risk Management
- Threat and Vulnerability Management
- Application Security
- Security Operations Center/Security Incident Response
- Governance, Risk and Compliance
- Anti-virus consoles and deployments
- SIEM monitoring and deployment
- Firewall rule review/configuration
- Virtualized, Hybrid and Cloud environments
- NIST, ISO or other security program frameworks
- Experience communicating technical security requirements to business units, create strategy and implement security and/or privacy plans utilizing strong and effective writing skills
Knowledge / Technical Requirements
- Understanding of security and privacy best practices
- Understanding of tools and techniques for building a security and privacy program
- Good understanding of the organization’s goals and objectives
Competencies, Skills & Abilities
- Ability to conceptualize complex business and technical requirements into comprehensible models and templates.
- Demonstrated technical experience, with the ability to interface effectively with a broad range of people and roles, including managers, IT leaders, and technology vendors.
- Ability to manage projects and coordinate with other team members to complete project tasks.
- Highly self-motivated and directed, with keen attention to detail.
- Strong organizational skills and ability to multi-task in a global business environment.
- Ability to maintain the goals and culture of the organization.
This job posting is not necessarily reflective of actual compensation that may be earned, nor a promise of any specific pay for any specific employee, which is always dependent on actual experience, education and other factors
Salary and Other Compensation: The target pay range for this position is between $78,540.00 - $105,000.00 annually. Factors which may affect starting pay within this range may include: geography/market, skills, education, experience and other qualifications of the successful candidate.
This position is eligible for a bonus based upon performance results. There is no guarantee of payout.
Benefits: The following benefits for this position, subject to applicable eligibility requirements, include medical insurance, dental insurance, vision insurance, 401(k) retirement plan, life insurance, short-term disability insurance, long-term disability insurance, employee assistance program, hearing aid benefits, PTO, 6 paid holidays annually, 2 floater days annually, 1 volunteer service day annually, paid paternity leave, and tuition reimbursement.
#LI-MP1
Salary : $78,540 - $105,000
