Associate GRC Analyst

THIS IS A REMOTE POSITION

PURPOSE AND SCOPE:  

The Associate Governance, Risk, and Compliance Analyst will play a supporting role in facilitating the development and maintenance of the organization's global governance, risk management, and compliance programs. This position will support a broad range of activities across the organization. 

PRINCIPAL DUTIES AND RESPONSIBILITIES:  

• Supports the development, implementation, and maintenance of an information security framework aligned with industry best practices. 

• Supports the design and documentation of technical, administrative, and physical controls to ensure the business demonstrates compliance with its regulatory and compliance obligations.  

• Enables the provision of advice & counsel as directed within IT and information security initiatives to ensure the delivery of compliant and risk-appropriate solutions following existing department policies, standards, and procedures. 

• Support examinations by security assessors and auditors for compliance obligations, such as HIPAA and ISO 27001. 

• Supports security risk assessments and recommends controls to mitigate identified security risks. 

• Communicates risk findings and recommendations to business stakeholders. 

• Supports the development and deployment of workforce security training and awareness. 

• Supports the development and implementation of global cybersecurity policies, standards, and procedures aligned with industry best practices, including NIST CSF and 800-series publications. 

• Supports the lifecycle management of information security policies.  

• Other duties as assigned. 

PHYSICAL DEMANDS AND WORKING CONDITIONS: 

• The physical demands and work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. 

SUPERVISION:  

• None 

EDUCATION:  

•  Bachelor's Degree or an equivalent combination of education and experience 

EXPERIENCE AND REQUIRED SKILLS:          

• 0-2 years' related experience in cybersecurity governance, risk, compliance, information security, and/or other related roles. 

• Basic knowledge of internal control structure, data, and technology 

• Basic knowledge of NIST CSF, NIST SP 800-series, HIPAA, FIPS, and ISO 27001:2022, and other industry best standards and requirements. 

• Excellent verbal and written communication skills. 

• Excellent organizational skills. 

• Security+ or other related certifications are preferred. 

​

EO/AA Employer: Minorities/Females/Veterans/Disability/Sexual Orientation/Gender Identity

Fresenius Medical Care North America maintains a drug-free workplace in accordance with applicable federal and state laws.

EO/AA Employer: Minorities/Females/Veterans/Disability/Sexual Orientation/Gender Identity

Fresenius Medical Care North America maintains a drug-free workplace in accordance with applicable federal and state laws.