We're looking for a versatile, curious, and seasoned Governance, Risk and Compliance (GRC) professional who is passionate about the people, processes and technology that enable Nuance to achieve its mission. Your expertise will drive improvements to security policies and controls, your efforts will empower sound decision making and your interpersonal skills will help foster a risk-aware culture.
As an individual contributor you will report to the Senior Director of GRC within the Office of the CISO. The mission of this role will be to work with stakeholders across different security domains, IT, engineering, compliance and legal to establish security policies, controls, and compliance foundations.
TheSeniorPrincipalSecurity Analyst will be responsible forhelping to develop, enforce, deploy, and maintaina comprehensive cyber security control framework
This is a senior supporting role where the successful candidate will support relevant compliance programs,policy and procedure development/management/compliance, pre-sales, legalcollaborationand audit management.
Responsibilities include:

• Owning and maintaining security policies and procedures in support of legal, regulatory and compliance objectives.

• Working cross functionally with legal and compliance to stay updated on developing regulatory concerns and changing IT/security trends.
• Establishing and maintaining control objectives and procedures Owning and maintaining an updated risk register to assist in the prioritization of key risks.
• The ability to articulate risk in terms of business impact and suggest reasonable strategies for mitigation.
• Providing expertise and consulting with the objective of helping the organization manage risk to an acceptable level.
• Establishing and maintaining robust reporting processes that cover a wide range of security topics.

• Conducting periodiccontrol and/orrisk assessments.
• Providing input into tool selection and opportunities to automate Interacting in both oral and written communications with all levels of staff in matters related to information security and security awareness materials.
• Supporting vendor due-diligence process and help with overall third-party risk management efforts.
• Supporting vulnerability management efforts, which include remediation tracking, status reporting and program enhancements.
• Maintain awareness of external regulations for new or changed requirements within Nuance (HIPAA, PCI, ISO27001, etc.)
• Respond to security incidents as required
• Assist with the coordination of internal and external auditors as needed
• Monitor internal compliance against information security governance framework by conducting testing and internal control reviews and risk assessments.
• Support pre-sale activities through mapping of customer requirements to Nuance policies and controls
• Assist in identifying and communicating control gaps and evaluating management remediation action plans and related reporting

Education:4 Year /BachelorsDegree; Computer Science, Management Information Systems, Information Technology or a related discipline.
Minimum years of work experience: 8+ years
Required skills:

• A proven track record of success in similar positions or roles with Information Security Technology Background

• Experience with security policy development and designing information security controls.
• Excellent communication skills and ability to navigate business and IT challenges with a focus on relationship management.
• A strong understanding of risk management methodologies, frameworks, and principles (e.g.NIST, ISO 27001, ITIL, PCI, CCPA, SOC 2, SOX, etc.)
• The ability to operate in a dynamic environment and handle numerous concurrent projects with urgency and ownership.

• Strong oral and written communication skills along with refined presentation skills and the ability to work with varying levels of management, including senior leadership.
• Experience with Security Best Practices for Cloud Infrastructures.
• Relevant industry certifications (CISA, CISSP, CISM, CRISC, CIA, etc.)
• Knowledge of Security Governance, Risk & Compliance and Security Audit practices
• Ability to work in a highly matrixed environment

Preferred skills:

• IT Audit/Compliance experience desired
• Helpful to have knowledge of one or more GRC platforms
• Knowledge of regulatory standards including HIPAA, PCI, HITRUST and similar
• An understanding of the value of usability and buy-in when it comes to security policy and practices.

#LI-Hybrid
#LI-TV1
Nuance offers a compelling and rewarding work environment. We offer market competitive salaries, bonus, equity, benefits, meaningful growth and development opportunities and a casual yet technically challenging work environment. Join our dynamic, entrepreneurial team and become part of our continuing success.
Nuance celebrates diversity and is proud to be an equal employment opportunity and affirmative action workplace. We consider all qualified applicants without regard to race, color, religion, sex (including pregnancy), sexual orientation, gender identity or expression, national origin, military and veteran status, disability, genetics, or any other category protected by law or Nuance policy. If you need an accommodation because of a disability for any part of the employment process, please call 781-565-5086 and let us know.