Information Security Senior Analyst - Enterprise Security & Data Protection Officer

Date: Jul 7, 2021

Location: Rochester, NY, US

Company: Carestream Health

Carestream Health Inc. 

Innovation that sparks imagination. Continue on to your next challenge with us. 

Carestream is a worldwide provider of medical imaging systems and solutions; x-ray imaging systems for non-destructive testing; manufacturing of film and precision contract coating services for a wide range of industrial, medical, electronic and other applications—all backed by a global service and support network. Carestream’s diagnostic imaging technology systems are at work in 90 percent of hospitals worldwide.  

At Carestream, we offer a global perspective and a world of opportunities for people who have the desire to make a positive impact. Join our global team of 4,000+ professionals!

Position Summary:


Information Security Senior Analyst - Governance, Risk & Compliance is responsible for the following information security services:

• Governance services

• Risk Management services

• Compliance services

Position Responsibilities:

The Information Security Senior Analyst - Governance, Risk & Compliance’s scope of responsibility is global and covers all areas impacting Carestream enterprise and third/fourth party information security risk.

Governance Services

• Create and maintain metrics in support of the enterprise cybersecurity GRC function.  These metrics will be provided in support of the security governance.

• Develop and maintain all information security policies and standards for enterprise and vendor information security controls.

• Develop and maintain information security education, training and awareness materials for employees/contractors.


Risk Management Services

• Perform Carestream risk assessments (enterprise, IT projects, third party) and the prioritization and tracking of required risk mitigation actions.

• Perform customer required infrastructure cybersecurity risk assessments and the review, approval, prioritization and tracking of customer contractual obligations.

• Maintain the enterprise content of the information security risk register

• As the Data Protection Officer, drive global data protection initiatives.

• GRC tool management and integration.


Compliance Services

• Ensure compliance with all global information security laws and regulations applicable to Carestream’s systems or data.

• Prioritize and coordinate and track action plans to address compliance gaps and incorporate them into the risk register and the corrective action plan.

• Other duties as assigned to support the general purpose of the position’s function.

Required Skills & Education:

• Minimum 5 years Cybersecurity experience

• Ability to collect and analyze facts from multiple sources and quickly develop and communicate hypotheses and recommendations to peers and senior leaders in an effort to facilitate rapid decision making and reach consensus.

• Knowledge of applicable FDA 21CFR device regulations for cybersecurity compliance

• Knowledge of global standards related to cyber security and privacy:

       o    FDA Pre-Market and Post Market Guidance of Cybersecurity in Medical Devices

       o    NIST Cybersecurity Framework 800-53 rev 4

       o    ISO 270XX

       o    ISO 62443

       o    HIPAA / HITRUST

       o    EU standards – GDPR, NISD, Common Criteria, Etc

       o    Familiar with U.S. Department of Defense Risk Management Framework ATO process

• Demonstrate excellent written, oral and interpersonal skills with personnel at all levels.

• Excellent technical writing skills.

• Exhibits a high degree of integrity, initiative and motivation.

Desired Skills:

•    Bachelor’s Degree in IT, Engineering, Management

•    CISSP or similar certification

Work Environment:

Office and Remote

Physical Requirements:

Standing: 1-25%

Walking: 1-25%

Sitting: 76-100%

Lifting up to 20 pounds: 1-25%

Carestream is an Equal Opportunity Employer

Carestream is an equal opportunity organization. We recruit, employ, train, compensate, and promote without regard to race, religion, creed, color, national origin, age, gender, sexual orientation, gender identity, marital status, disability, veteran status, or any other basis protected by applicable federal, state or local law.

Applying for a job with Carestream

All Carestream employees must complete the on-line application process. Carestream is committed to working with and providing reasonable accommodations to individuals with disabilities. If you require assistance or an accommodation because of a disability to participate in the application process, please click accommodations

Requisition ID: 1247 

Nearest Major Market: Rochester