Information Security Governance Analyst

Posted:
7/2/2026, 12:23:29 PM

Location(s):
Bragança, Portugal ⋅ Philadelphia, Pennsylvania, United States ⋅ Pennsylvania, United States

Experience Level(s):
Junior

Field(s):
IT & Security

Workplace Type:
On-site

FRESENIUS CORE VALUES:

Fresenius Medical Care is a people business.  Our success depends on having the best and brightest employees and helping them attain their personal and professional goals while delivering excellence in patient care and business results.  Our employees embody our culture, which is based on four core values supporting our promise to improve the quality of life of every patient every day. These core values are Collaborative, Proactive, Reliable, and Excellent.

PURPOSE AND SCOPE:

The Governance, Risk, and Compliance Analyst will play a key role in facilitating the development and maintenance of the organization's global governance, risk management, and compliance programs. This position will support a broad range of activities across the organization.

PRINCIPAL DUTIES AND RESPONSIBILITIES:

  • Facilitates the development, implementation, and maintenance of an information security framework aligned with industry best practices.

  • Facilitates the design and documentation of technical, administrative, and physical controls to ensure the business demonstrates compliance with its regulatory and compliance obligations.

  • Provides advice & counsel as directed within IT and information security initiatives to ensure the delivery of compliant and risk-appropriate solutions following existing department policies, standards, and procedures.

  • Facilitate examinations by security assessors and auditors for compliance obligations, such as HIPAA and ISO 27001.

  • Facilitates security risk assessments and recommends controls to mitigate identified security risks.

  • Communicates risk findings and recommendations to business stakeholders.

  • Facilitates the development and deployment of workforce security training and awareness.

  • Facilitates the development and implementation of global cybersecurity policies, standards, and procedures aligned with industry best practices, including NIST CSF and 800-series publications.

  • Facilitates the lifecycle management of information security policies.

Additional responsibilities may include focus on one or more departments or locations.  See applicable addendum for department or location specific functions.

PHYSICAL DEMANDS AND WORKING CONDITIONS:

  • The physical demands and work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

SUPERVISION:

  • None

EDUCATION:

  •     Bachelor's Degree or an equivalent combination of education and experience

EXPERIENCE AND REQUIRED SKILLS:         

  • 2+ years' related experience in cybersecurity governance, risk, compliance, information security, and/or other related roles.

  • Advanced knowledge of internal control structure, data, and technology

  • Advanced knowledge of NIST CSF, NIST SP 800-series, HIPAA, FIPS, and ISO 27001:2022, and other industry best standards and requirements.

  • Excellent verbal and written communication skills.

  • Excellent organizational skills.

  • CISSP, CRISC, CISA, CISM, or other related certifications are preferred.

  • Demonstrated experience with ServiceNow IRM or a similar tool is preferred.

Fresenius Medical Care North America

Website: https://fmcna.com/

Headquarter Location: Waltham, Massachusetts, United States

Employee Count: 10001+

Year Founded: 1996

IPO Status: Public

Last Funding Type: Post-IPO Equity

Industries: Biotechnology ⋅ Health Care ⋅ Medical ⋅ Medical Device ⋅ Pharmaceutical