Analyst, Cybersecurity Risk

Analyst, Cybersecurity Risk at Abbott

Abbott is a global healthcare leader that helps people live more fully at all stages of life. Our portfolio of life-changing technologies spans the spectrum of healthcare, with leading businesses and products in diagnostics, medical devices, nutritionals and branded generic medicines. Our 114,000 colleagues serve people in more than 160 countries.

Working at Abbott

At Abbott, you can do work that matters, grow, and learn, care for yourself and family, be your true self and live a full life. You’ll also have access to :

• Career development with an international company where you can grow the career you dream of.
• Free medical coverage for employees* via the Health Investment Plan (HIP) PPO.
• An excellent retirement savings plan with high employer contribution.
• Tuition reimbursement, the Freedom 2 Save student debt program and FreeU education benefit - an affordable and convenient path to getting a bachelor’s degree.
• A company recognized as a great place to work in dozens of countries around the world and named one of the most admired companies in the world by Fortune.
• A company that is recognized as one of the best big companies to work for as well as a best place to work for diversity, working mothers, female executives, and scientists.

The Opportunity

This position works out of our Chicago, IL location for the Business Technology Services group. The Analyst, Cybersecurity Risk, Enterprise Cybersecurity is responsible for working with cybersecurity subject matter experts and stakeholders to identify, assess, treat and monitor cybersecurity risks across the organization.

What You’ll Work On

• Collaborate with cybersecurity subject matter experts and stakeholders to identify cybersecurity risks, perform risk assessments and establish risk response plans in accordance with the risk appetite.
• Maintain the Cybersecurity Risk Management program’s risk register, risk statement library, controls framework and entity structure.
• Support ongoing improvements to Cybersecurity Risk Management processes and technology, including the implementation of necessary changes to cybersecurity tooling.
• Establish key risk indicators (KRIs) to provide visibility into organizational risk posture, and key performance indicators (KPIs) to monitor the performance of the Cyber Risk Management program.
• Develop & maintain standardized reporting on cybersecurity risks for leadership oversight.
• Support organizational change management efforts to broaden awareness on cybersecurity risk concepts, and the service offerings provided by the Cyber Risk Management program.
• Effectively communicate risk-related concepts to stakeholders, with the ability to simplify the complex.
• Build and maintain relationships necessary for the successful execution of the Cyber Risk Management program.

Required Qualifications

• Bachelor's Degree in Information Security, Risk or IT Management, Computer Science, or related field.
• Demonstrated knowledge of common security frameworks and standards (e.g. – National Institute of Standards and Technology (NIST), ISO 27001).
• Excellent written and verbal communication skills.
• Flexibility to adapt to changing assignments and ability to effectively prioritize.
• Strong analytical skills and the ability to organize work in a logical, thorough, and succinct manner.
• Strong interpersonal skills and ability to build relationships with stakeholders.
• High level of integrity and ethical conduct.

Preferred Qualifications

• Certifications such as CISA, CISM, CRISC, CISSP, CPP or CFE are preferred.
• Understanding of cybersecurity risk management principles : Risk Identification, Risk Assessment, Risk Appetite, Risk Treatment, Risk Monitoring, etc.

Key Skills/Competency

• Cybersecurity Risk Management
• Risk Assessment
• NIST Framework
• ISO 27001
• Risk Identification
• Security Frameworks
• Analytical Skills
• Stakeholder Communication
• KRI/KPI Development
• Information Security