Careers at ThermoFisher Scientific


What Story Will You Tell?
Apply Now >>    
Job ID :
Location :
US - Maryland - Frederick
Job Description
About Thermo Fisher Scientific
Thermo Fisher Scientific Inc. (NYSE: TMO) is the world leader in serving science, with revenues of more than $20 billion and approximately 65,000 employees globally. Our mission is to enable our customers to make the world healthier, cleaner and safer. We help our customers accelerate life sciences research, solve complex analytical challenges, improve patient diagnostics, deliver medicines to market and increase laboratory productivity. Through our premier brands - Thermo Scientific, Applied Biosystems, Invitrogen, Fisher Scientific and Unity Lab Services - we offer an unmatched combination of innovative technologies, purchasing convenience and comprehensive services.

Position Summary:
The Risk Analyst, Assessments and Authorizations has global responsibility for driving IT Risk Management s part of the Corporate Information Security (CIS) Assessments and Authorizations (A&A) program.
The A&A team is responsible for evaluating IT security risk and ensuring compliance with corporate policies as well as external standards and regulations. The associate risk analyst will perform risk assessments/analysis, ongoing data gathering and analysis identifying and reporting, metrics, overall risk register/management as well as supporting ongoing CIS/IT and or business projects.

Key Responsibilities:
  • Support A&A team operational activities by conducting risk assessments, performing required analysis and work with vendors, requestors and various internal teams.
  • Maintain, and revise procedures and other process documentation for the general operation of the Assessments and Authorizations (A&A) Program.
  • Work with various business functions and corporate functions across the organization to develop clear processes that track all project security assessment activities, mitigation requirements / risk registers, authorities to operate and execute accordingly.
  • Support CIS/IT and or business projects as well as Mergers & Acquisitions (M&A) activities for all facets of CIS risk management.
  • Execute program based on NIST/ISO framework, SANS and industry best practices.
  • Gather and store evidence in accordance with corporate standards to ensure programs can prove and track compliance.
  • Work with Compliance and Data Privacy analysts to ensure compliance with internal corporate IT and security policies, industry best practices, and several external regulations such as PCI, HIPAA/GDPR, SOX, and GxP regulations.
  • Collaborate with team to assist in developing and maintaining tools and processes for Governance, Risk & Compliance (GRC) program to help provide visibility into and across all systems, applications, and projects globally to aid in risk and compliance measurement across the organization.
  • Collaborate with other departments (e.g., PMO, Internal Audit, HR, Legal, etc.) to direct risk and compliance issues to appropriate existing channels for investigation and resolution.
  • Perform other duties as assigned.
Minimum Requirements/Qualifications:
  • Bachelor’s degree in Computer Science, IT Information Systems, Security Compliance, Risk Management or Information Security & Assurance. Equivalent work experience acceptable.
  • Relevant security certifications a plus.
  • 5+ years of IT systems analysis, related security, audit, and technical work experience is highly preferred.
  • Strong interpersonal, organizational, presentation, and excellent documentation skills are a must.
  • Excellent customer service skills required.
  • Excellent verbal and written communication skills and the ability to interact professionally with a diverse group, executives, managers, and subject matter experts.
Bonus Qualifications (not explicitly required):
  • ISO 27001 knowledge and experience
  • NIST 800-30 knowledge and experience
  • CRISC, CISSP, CISM or CISA certification
  • Knowledge of risk and compliance and security requirements under NIST, ISO, PCI, SOX, HIPAA, Gramm–Leach–Bliley Act (GLBA), & General Data Privacy Regulations (GDRP)
Non-Negotiable Hiring Criteria:
  • Strong attention to detail and organizational acumen
  • Proven ability to handle conflict and adversity with confidence and integrity
  • Willingness to become an expert in realm of risk management and information security

Thermo Fisher Scientific is an EEO/Affirmative Action Employer and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability or any other legally protected status.
Apply Now >>    
Join our Talent Community

If you're ready to make a difference in the world, you can do it here.