Lead Governance, Risk & Compliance Security Analyst

Job Description Being a member of Enterprise Security Governance Risk and Compliance team provides an exciting opportunity to be part of an innovative and dedicated team of security and audit professionals. The Lead Governance, Risk and Compliance Security Analyst will be on the front lines of our Cerner Next strategy as we build an enterprise Cloud Compliance program. They will help develop a security framework and controls strategy to meet Cerner's regulatory and client compliance requirements. Additionally, they will lead in efforts to mature our security compliance program to a state of competitive advantage.As a Lead Governance, Risk and Compliance Security Analyst you will lead a compliance program that will oversee the implementation of multiple compliance requirements across the organization, while working to minimize impact on lines of business. You will assist in the development of a Cerner Security Controls Framework based on Industry Standards (e.g. NIST 800-53, HITRUST, PCI, ISO). You will develop a strategy to maintain evidence and documentation to demonstrate Cerner's compliance. You will develop relationships across organizations to execute and complete projects according to plan. You will influence organizational change to comply with requirements. You will facilitate and manage risk-based control remediation activities. Lastly, you will become trusted advisor / subject matter expert and effectively communicate with external auditors.Qualifications

• At least 10 years of total combined related work experience and completed higher education
  • At least 3 years of information systems security work experience
  • At least 7 years of additional work experience directly related to the duties of the job and/or completed higher education
    • Bachelor's Degree in Information Systems, Computer Science, Computer Engineering, Software Engineer, Mathematics, Accounting or related field

• At least 7 years of Information technology security programs, audits, assessments, risk, or remediation management work experience
• At least 4 years of Privacy law, data protection/security regulations, and frameworks, such as BITS, HITRUST CSF, COBIT, NIST and ISO27002 work experience
• Extensive experience scoping and leading large-scale information security compliance programs in an enterprise setting
• Understanding of the Cloud Shared Responsibility model and integration of the model into a security compliance program
• Experience implementing multiple frameworks & controls across an organization and minimize impact on lines of business
• Experience leading the adoption of GRC technology for a compliance program
• Relevant security certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CISMP (Certificate in Information Security Management Principles) a plus

• Willing to work additional or irregular hours as needed and allowed by local regulations
• Work in accordance with corporate and organizational security policies and procedures, understand personal role in safeguarding corporate and client assets, and take appropriate action to prevent and report any compromises of security within scope of position
• Perform other responsibilities as assigned
• Willing to live/reside in Kansas City or live in a virtually approved city