Information Security Compliance Principal – Hybrid - Mawhah

Mindray is excited to announce that we are rapidly expanding!

Mindray is a global Medical Device company that is going through unprecedented growth. Mindray believes it’s time for the healthcare industry to put patient care first. We value and enrich our people and inspire everyone’s potential.

Come Join us!

• Exciting, Driven, Passionate, and Engaging Company Culture where all employees feel welcome
• Competitive compensation packages
• Competitive Benefits – Generous PTO, medical, dental, vision, company-match 401k, disability & life insurance, employee discounts/promotions
• Generous performance-driven Incentive Compensation package
• A wealth of talent development programs to navigate a clear career path for continuous learning and success.
• State of the art Gym
• Fitness Classes
• Fruits, Coffee, Tea and Hot Chocolate at your disposal
• Cafeteria with excellent food and lots of Healthy Choice Options. Subsidized dining.

We welcome you to visit us for more information: www.mindraynorthamerica.com

Job Summary:

To manage Mindray’s Data Privacy and Security efforts in North America and to be a champion of resulting programs and solutions in collaboration with various departments.

Position Specifications:

Essential Functions

• Develops, implements, updates, and enforces data and security-related privacy policies, standards and procedures, and corrective actions as needed.
• Maintains current knowledge of applicable data protection laws, security standards, information technology trends, and accreditation standards.
• Evaluates and improves processes for investigating, documenting, and reporting unauthorized access or disclosure of personal information.
• Maintains and updates the information management system in collaboration with legal and governance teams.
• Provides risk assessments and security briefings to management and advises them of critical issues that may affect customer or corporate security objectives.
• Creates and delivers privacy and security-related training programs for all employees, contractors, and any appropriate third parties.
• Leads risk assessments, audits, policy, governance, and/or reporting.
• Maps controls to policies, procedures, and processes; testing such controls to ensure adequate coverage.
• Evaluates and recommends security products, services, and/or procedures to enhance productivity and effectiveness.
• Manages vulnerability scanning and penetration testing activities.
• Analyzes and remediates issues associated with ISO 27001 compliance, NIST framework, and other security standards.

Decision-Making Authority

This is a senior-level, individual contributor role, working across multiple business units (Patient Monitoring, Anesthesia, and Ultrasound) to oversee data privacy and security-related policies and procedures. The position requires the ability to work independently to meet defined security and privacy compliance objectives. Decisions may have an extended impact on work processes and outcomes.

Security Authorization

Access to and responsible for the proper safeguarding of a broad range of proprietary and/or confidential information including, but limited to, business information, protected health information, employee records, payment information, and network information, in accordance with all relevant Mindray policies.

Knowledge/Educational Requirement

• Bachelor’s or equivalent practical experience combined with relevant certifications required
• Minimum of 5 years’ experience with regulatory compliance assessments, Information Technology General Controls (ITGCs), control frameworks such ISO27001, SOX, NIST CCF, HIPAA, & GDPR.
• Strong working knowledge, understanding and experience in building, maintaining, and maturing effective security Governance, Risk, and Compliance functions
• Experience performing privacy and/or security gap assessments.
• Knowledge of the federal and state privacy rules, regulations, and guidance related to security and privacy including but not limited to:
  • HIPAA
  • GLBA
  • GDPR
  • CCPA
  • Safe Harbor framework
  • Generally Accepted Privacy Principles (GAPP)
  • NIST
  • ISO27001
• CISSP, CRISC, CISM, CISA, CIPP US/E and/or other relevant information privacy certifications preferred.
• Experienced in the operational application of privacy laws.
• Understanding the environment in which business operates and associated data protection risks.

Skills and Abilities

• Experience delivering effective guidance/findings/directions to both technical and non-technical audiences.
• Strong cross-functional collaboration.
• Ability to maintain confidentiality of sensitive information
• Ability to influence with or without authority

• Except limited by applicable law, upon hire, Mindray will require COVID vaccine verification to be in compliance with relevant mandates and customer credential validation to gain access in medical facilities across the country.

Mindray North America offers an attractive compensation and benefits package plus an exciting professional environment. Only those who meet our requirements will be contacted. Mindray North America is an equal opportunity employer M/F/D/V