Starkey logo

Information Security Analyst

Starkey
Full-time
On-site
Eden Prairie, Minnesota, United States

At Starkey, we are in the business of connecting people and changing lives. As a world leader in the manufacturing and delivering of advanced hearing solutions, we go to work each day to ensure every person on the planet has the opportunity to hear their very best. Founded in 1967, Starkey is known for its innovative design, development and distribution of comprehensive digital hearing systems.  


 


Headquartered in Eden Prairie, Minnesota, Starkey has more than 5,000 employees globally, operates 29+ facilities and does business in more than 100 markets worldwide. Here’s a video about the people behind Starkey’s groundbreaking innovation:


 


https://www.youtube.com/watch?v=GjhRQ7qzlI0 


 


JOB SUMMARY DESCRIPTION / PRIMARY PURPOSE OF JOB


The Information Security Analyst will be part of the team that leads the Information Security and Privacy function within the company and will be responsible for having an understanding of business processes, data required to perform business functions and the global regulations governing this data. This role will assist in scaling our security and privacy program through process improvement and tool creation necessary to ensure the integrity, availability and protection of critical information systems that support Starkey’s global business. This role will be expected to enable the business through decision making that is grounded in business outcomes and will work across the business with users and technical groups. This role provides guidance and recommend data protecting actions based upon Starkey’s policies. The individual must be a results-oriented person who can achieve tangible improvements in the security and privacy program.


 


JOB RESPONSIBILITIES/RESULTS



  • Work closely with users and technical groups to understand corporate requirements related to security risk and regulatory compliance and ensure those requirements are met.

  • Establish and oversee formal risk analysis and self-assessments program for various information systems and business processes.

  • Assess risk and advise on security and/or privacy standards, best practices and solutions.

  • Advise on ‘security by design’ practices and implementations across multiple business units and geographies where Starkey operates.

  • Ensure Information Security policies and procedures are communicated and followed by the organization, tracking any exceptions.

  • Work closely with IT, PMO, and other functional area specialists to ensure adequate security solutions are in place throughout all IT systems and platforms to mitigate identified risks sufficiently, and to meet business objectives and regulatory requirements.

  • Drive our corporate wide Information Security Awareness program.

  • Help ensure compliance with HIPAA, PCI, GDPR and other appropriate regulations.

  • Provide metrics on security and privacy risk management program maturity and progress.

  • Maintain expertise on regulatory trends through training, research and development in order to mitigate potential exposures.


 


JOB REQUIREMENTS


Education



  • 4-year degree in Computer Science, MIS, Math, Engineering, or equivalent work experience.


 


Experience



  • 3-5 years of experience in a global company that is governed by HIPAA, PCI or GDPR with specific skills in two or more of the following areas:

    • Audit/Risk Management

    • Threat and Vulnerability Management

    • Application Security

    • Security Operations Center/Security Incident Response

    • Governance, Risk and Compliance

    • Anti-virus consoles and deployments

    • SIEM monitoring and deployment

    • Firewall rule review/configuration

    • Virtualized, Hybrid and Cloud environments

    • NIST, ISO or other security program frameworks



  • Experience communicating technical security requirements to business units, create strategy and implement security and/or privacy plans utilizing strong and effective writing skills


 


Knowledge / Technical Requirements



  • Understanding of security and privacy best practices

  • Understanding of tools and techniques for building a security and privacy program

  • Good understanding of the organization’s goals and objectives


 


Competencies, Skills & Abilities



  • Ability to conceptualize complex business and technical requirements into comprehensible models and templates.

  • Demonstrated technical experience, with the ability to interface effectively with a broad range of people and roles, including managers, IT leaders, and technology vendors.

  • Ability to manage projects and coordinate with other team members to complete project tasks.

  • Highly self-motivated and directed, with keen attention to detail.

  • Strong organizational skills and ability to multi-task in a global business environment.

  • Ability to maintain the goals and culture of the organization.


 


#LI-MP1