Job Description

How Will You Make an Impact?
Thermo Fisher Scientific Inc. is the world leader in serving science, with annual revenue exceeding $40 billion. Our Mission is to enable our customers to make the world healthier, cleaner and safer. Whether our customers are accelerating life sciences research, solving complex analytical challenges, improving patient diagnostics and therapies or increasing productivity in their laboratories, we are here to support them. Our global team of more than 100,000 colleagues delivers an unrivaled combination of innovative technologies, purchasing convenience and pharmaceutical services through our industry-leading brands, including Thermo Scientific, Applied Biosystems, Invitrogen, Fisher Scientific, Unity Lab Services and Patheon. For more information, please visit www.thermofisher.com Position Summary: The Security Analyst, A&A, has global responsibility for supporting IT and Cybersecurity Risk Management as part of the Corporate Information Security (CIS) Program. The A&A team is responsible for evaluating IT Cybersecurity Risk, 3rd Party Risk and ensuring compliance with corporate policies as well as external standards and regulations. The Security Analyst will perform control assessments in support of various Company initiatives, perform ongoing data gathering and analysis identifying and reporting overall compliance state, metrics and reporting. As a member of the Corporate Information Security, A&A team, Security Analyst is responsible for implementing the various risk related processes within the team, including performing (Security solution and 3rd party vendor) control assessments in support of various Company initiatives, perform ongoing data gathering and analysis, identifying and reporting overall compliance state, as well as producing associated metrics and reporting. In this role, the analyst will also be responsible for various mid to lead level assignments, closely engaging both internal team and external resources. The primary area of focus for this position, will be the Asia Pacific region, interfacing very closely with other IT/Business resources in the region. A resume and tailored cover letter are necessary to apply for this position. Key Responsibilities:

• Support Risk A&A team operational activities by performing and assisting with compliance/control assessments and analysis within Cybersecurity, 3rd Party risk and Data Privacy domains.
• Maintain the control assessment workflow and ensure tickets are actioned according to team procedures.
• Perform 3rd party assessments in accordance with company’s TPRM policy.
• Drive continues process improvement, encouraging thought and technical leadership across the team, collaborate with team to assist in designing and maintaining tools and processes for Governance, Risk & Compliance (GRC) program to help provide visibility across governance requirements/policy and compliance controls into and across all systems, applications, and projects globally to aid in risk and compliance measurement across the organization.
• Support in identifying, collecting and mining data required for various facets of the A&A team (e.g. risk register, CMDB, metrics and reports).
• Support team in instituting and maintaining an effective compliance education/awareness/communication program for the organization, including understanding of CIS compliance assessment practice and ability to advise business on how to maintain compliance state for Cybersecurity, specific to their domain.
• Perform other duties related to Risk Management as assigned.

• Bachelor’s Degree in Risk Management, Information Assurance, Information Security, Cybersecurity, or other related IT fields.
• Relevant certifications such as CRISC, CISSP or CISA are recommended.

• 3+ years’ experience in related IT, Cybersecurity, audit and/or data privacy work experience or
• Understanding of various risk management frameworks such as the NIST Risk Management Framework and Center for Internet Security Risk Assessment Methodology.
• ISO27001/18 experience is highly preferred.

• Ability to explain complex legal and compliance topics to a non-technical audience.
• General understanding of cybersecurity technologies and controls with the ability to bridge the gap between regulatory and technical concepts
• Strong analytical, program development and leadership skills required, including a thorough understanding of how to interpret technical projects, determine risk and mitigating actions.
• Excellent verbal and written communication skills and the ability to communicate effectively with a diverse group, executives, managers, and domain experts. Excellent customer service skills are required.
• Demonstrated ability to complete work with minimal direction and self-identify tasks.
• Good interpersonal, organizational, and excellent documentation skills.

• Good attention to detail and high interpersonal competence.
• Excellent verbal and written communication skills. The ability to communicate effectively with a diverse group: executives, managers, and domain experts.
• The ability to take direction and independently work, or lead through projects as required.
• Strong customer service oriented demeanor.
• Demonstrable ability to handle conflict and adversity with confidence and integrity.
• Willingness to become an authority in realm of risk management, information security and data privacy.