Information Security Risk Analyst
LumiraDx is a medical technology company developing, manufacturing and marketing smart connected diagnostics and diagnostic-led care solutions. Founded in 2014 by entrepreneurs with a successful track record in building and scaling medical diagnostics and health IT businesses, the company has major operations in the UK and the USA, and is supported by a global sales network, LumiraDx currently has over 1,200 employees worldwide. We have recently launched the innovative LumiraDx Platform, and are looking for proactive, experienced, focused and enthusiastic individuals who can make a significant contribution to the continued growth and success of our dynamic and forward-looking company.
Role & Responsibilities
Perform allocated Information Security Risk Assessments and define Risk Treatment plans for information assets and processes. Advise on enhancements and improvements to the Information Security Risk Assessment and Treatment process. Devise and implement plans to move from spreadsheet-based system to a more sustainable, enterprise class, tool based system.
Key Areas of Responsibility:
- Work closely with information asset, process and system owners to undertake, review and update risk analysis and treatment plans.
- Challenge the effectiveness of controls across the Group utilising both internal and external data to provide context to stakeholders.
- Analysis and reporting of the risk and control environment ensuring timely identification of weighted risk trends, themes and emerging issues.
- Produce IT risk/information security reports and MI for relevant management and the management review groups, as required.
- Promote IT risk and information security awareness and understanding across the Group to educate colleagues.
- Ensure that the full suite of potential IT and information security risks affecting the business are identified and understood.
- Maintain and implement Group policies, standards and practices that are progressive and aligned to industry best practice and the emerging threat landscape.
- Ability to identify and assess IT and information security risks and controls, to relate them to the wider business environment
- You will also have maintenance of at least one of the below:
Certified Information Systems Auditor (CISA)
Certified Information Security Manager (CISM)
Certified Information Systems Security Professional (CISSP)
Certified in Risk and Information Systems Control (CRISC)
- You will have practical experience and knowledge of IT risk and controls and frameworks such as NIST and ISO27001 and UL 2900
- Knowledge and experience of risk analysis and treatment plans.
- Stakeholder management.
- Knowledge of at least one of ISO 27001, NIST, UL 2900.
- Planning and organisation skills.
- IT Experience
To apply to the role, please click APPLY