PitchMeAI
Smith+Nephew

Information Security Compliance Analyst

Smith+Nephew · Pune District, Maharashtra, India

This listing has closed — view similar roles below.

  • On site
  • Full-time
  • $85,000 / year
  • Pune District, Maharashtra, India

Job highlights

  • Manage annual HIPAA compliance program.
  • Conduct risk assessments and IT system reviews.
  • Ensure adherence to privacy laws.
  • Report on compliance metrics to leadership.
  • Collaborate with security and privacy officers.

About the role

Information Security Compliance Analyst

Life Unlimited. At Smith+Nephew, we design and manufacture technology that takes the limits off living.

Are you ready to play a key role in safeguarding patient data and strengthening our global compliance posture? We are looking for an experienced compliance analyst to run the company's annual HIPAA Program, reporting to the Senior Director Governance Risk & Compliance. HIPAA training will be provided for any candidates without direct experience.

What will you be doing?

In this role, you will be supported by the HIPAA Security Officer, HIPAA Privacy Officer, and GRC Senior Director, who can provide guidance, additional direction, and act as points of escalation. The HIPAA Program is owned by the Head of Compliance, with strategy directed by a cross-functional Steering Committee. You will work closely with our Senior Director of Governance Risk and Compliance, the HIPAA Security Officer, and the HIPAA Privacy Officer, as well as the Head of Compliance who owns the program. You will be managing activities and stakeholders to deliver the annual program. This includes managing annual program activities, completing annual risk assessments, assessing IT systems, maintaining records in OneTrust, and reporting to Leadership. Through clear communication, structured management, and sound judgment, you will help maintain the highest standards of security and compliance across our systems and processes.

What will you need to be successful?

  • Bachelor’s degree in Computer Science or related subject preferred.
  • Certifications: Privacy or Security certifications would be advantageous but are not essential (e.g., any HIPAA certification (CHPS, CHSE, CHPSE, CIPP/US), CISA, CISSP, ISO27001 or equivalent).
  • Work from Office – 3 days in a week in UK Shift (12:30 PM IST to 9:30 PM IST).
  • Experience: 5 years in Information Security, at least 3 years working on Security Compliance programs. At least 2 years in Program or Project Management. Prior experience of Privacy Law related Security Controls compliance would be very well received.
  • Strategy: Provide inputs into HIPAA Strategy.
  • Program Management: Plan the program schedule each year, based on strategy provided by leadership, and manage execution against this schedule. Organize stakeholders and external resources. Create and eventually present materials to SteerCo. Organize cadences and report metrics.
  • Security Risk Assessment (SRA): Plan and scope the annual HIPAA Security Risk Assessment (SRA) in collaboration with leadership. Develop HIPAA SRA testing templates based on last year’s assessment. Support execution of the HIPAA SRA by a third-party consultancy, against scope agreed with leadership. Manage any remedial actions from the SRA.
  • IT System Assessments: Performing HIPAA Security Assessments on IT Systems, following a defined process and template. Tracking of remedial actions.
  • Monitor the HIPAA Law for changes and propose changes to HIPAA Policy, Procedures, and Standards based on such changes or other inputs from the SRA process or program execution.
  • Tracking and reporting any HIPAA risks to leadership. Managing HIPAA records and workflow in OneTrust tool.
  • Prior experience in deploying and assessing Information Security controls is essential. Prior experience in Program or Project Management is essential, preferably with a compliance context. Prior experience using OneTrust and experience in IT Risk Management are optional.

You Unlimited.

We believe in crafting the greatest good for society. Our strongest investments are in our people and the patients we serve.

Inclusion + Belonging: Committed to Welcoming, Celebrating and Thriving. Learn more about Employee Inclusion Groups on our website.

Other reasons why you will love it here!

  • Your Future: Major medical coverage + policy exclusions and insurance non-medical limit. Educational Assistance.
  • Work/Life Balance: Flexible Personal/Vacation Time Off, Privilege Leave, Floater Leave.
  • Your Wellbeing: Parents/Parents-in-Law’s Insurance (Employee Contribution of 8,000/- annually), Employee Assistance Program, Parental Leave.
  • Flexibility: Hybrid Work Model (For most professional roles).
  • Training: Hands-On, Team-Customized, Mentorship.
  • Extra Perks: Free Cab Transport Facility for all employees; One-Time Meal provided to all employees as per shift. Night shift allowances.

#YS1

Stay connected by joining our Talent Community.

We're more than just a company - we're a community! Follow us on LinkedIn to see how we support and empower our employees and patients every day.

Check us out on Glassdoor for a glimpse behind the scenes and a sneak peek into You. Unlimited., life, culture, and benefits at S+N.

Explore our website and learn more about our mission, our team, and the opportunities we offer.

Key skills/competency

  • Information Security Compliance Analyst
  • HIPAA Program Management
  • Security Risk Assessment (SRA)
  • IT System Assessments
  • OneTrust Tool Management
  • Governance Risk and Compliance (GRC)
  • Privacy Law Compliance
  • Program Management
  • Information Security Controls
  • Leadership Reporting

Skills & topics

  • Information Security
  • Compliance
  • Analyst
  • HIPAA
  • Risk Assessment
  • IT Security
  • Privacy Laws
  • Program Management
  • GRC
  • OneTrust

How to get hired

  • Customize your resume: Highlight your experience in information security, compliance programs, and program management. Tailor it to match keywords from the Information Security Compliance Analyst job description.
  • Showcase compliance expertise: Emphasize any experience with HIPAA, privacy laws, security risk assessments, and relevant certifications.
  • Prepare for UK shift: Be ready to discuss your ability to work the specified UK shift hours (12:30 PM IST to 9:30 PM IST) and the hybrid work model.
  • Research Smith+Nephew: Understand their mission, values, and the 'Life Unlimited' and 'You Unlimited' philosophies to align your answers with their culture.
  • Highlight technical skills: Detail your experience with security controls, IT risk management, and tools like OneTrust.

Technical preparation

Study HIPAA regulations and privacy laws.,Practice conducting IT system security assessments.,Familiarize with risk assessment methodologies.,Learn about the OneTrust platform's features.

Behavioral questions

Describe a time you managed a compliance program.,How do you handle stakeholder management?,Explain how you would address a compliance gap.,How do you prioritize competing risk assessments?

Frequently asked questions

Does Smith+Nephew offer training for candidates without direct HIPAA experience for the Information Security Compliance Analyst role?
Yes, Smith+Nephew provides HIPAA training for candidates who may not have direct experience in this specific area, as stated in the job description. This makes the Information Security Compliance Analyst position accessible to a wider range of qualified professionals.
What is the work arrangement for the Information Security Compliance Analyst position at Smith+Nephew in Pune?
This Information Security Compliance Analyst role follows a hybrid work model, requiring employees to work from the office 3 days a week. The shift timings are specifically the UK shift, from 12:30 PM IST to 9:30 PM IST.
What are the key responsibilities of an Information Security Compliance Analyst at Smith+Nephew?
The key responsibilities include managing the annual HIPAA program, conducting security risk assessments, assessing IT systems, ensuring compliance with privacy laws, maintaining records in OneTrust, and reporting on compliance metrics to leadership.
What qualifications are preferred for the Information Security Compliance Analyst role at Smith+Nephew?
A Bachelor's degree in Computer Science or a related field is preferred. While not essential, privacy or security certifications like HIPAA, CISA, CISSP, or ISO27001 are advantageous. Significant experience in Information Security, Security Compliance programs, and Program Management is crucial.
How does Smith+Nephew support employee growth and well-being for roles like Information Security Compliance Analyst?
Smith+Nephew offers various benefits including major medical coverage, educational assistance, flexible time off, parental leave, employee assistance programs, and extra perks like free cab transport and meal facilities, reflecting their commitment to employee well-being and growth.
What specific tools or software are mentioned for the Information Security Compliance Analyst role?
The OneTrust tool is specifically mentioned for managing HIPAA records and workflow. Prior experience with OneTrust is optional but beneficial for the Information Security Compliance Analyst position.