Cybersecurity Analyst at Fresenius Group – Lexington, MA

This is an external function

PURPOSE AND SCOPE:

The Cybersecurity Professional Development Associate is a position in a 2-year rotational program designed to provide hands-on experience to recent graduates exploring career opportunities in Cybersecurity and Privacy roles. This position rotates through roles in Application Security and Privacy Assurance, with a third rotation chosen based on the candidate’s interest and skills. Upon completion of the program, the candidate will transition into their next full-time role, based on interest and need within the team, growing their career and contributing as a Fresenius Medical Care (FME) professional. This position is located in the Information Security Office (ISO) department, within Digital Technology & Innovation (DTI), FME’s global IT organization.

MAIN TASKS AND RESPONSIBILITIES:

• You will be eligible for the same competitive salary and benefits as other FME employees and become a full-time employee of Fresenius Medical Care.
• Take full responsibility and contribute as a Digital Technology & Innovation (DTI) team.
• Alternate between three challenging, demanding and diverse assignments.
• Develop a versatile skill set by completing assignments in the established tracks (see below) for the program.
• During your rotation program at FME, work within multiple ISO and DTI teams.
• You will have the opportunity to explore potential cross-over assignments within other ISO teams (e.g. Risk & Compliance, Training & Awareness and Identity Security).
• You will be paired with a mentor who can help you develop your ISO career.
• Receive customized training that supports your individual growth and development.
• For each assignment you will report to a rotation manager who will oversee your daily responsibilities.

Privacy Assurance Rotation responsibilities may include:

Privacy Policy: Assist in developing, implementing, and maintaining privacy policies and procedures to ensure compliance with relevant laws and regulations (GDPR, CCPA, HIPAA). Risk Assessment: Conduct Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs) to identify and mitigate privacy risks. Training and Awareness: Assist in developing and delivering privacy training programs to educate employees on basic data protection practices and company policies. Incident Response: Assist in investigating and managing privacy incidents and investigations, including documentation and reporting. Data Subject Requests: Assist in managing and responding to Data Subject Access Requests (DSARs) in accordance with legal requirements. Collaboration: Work closely with cross-functional teams, including DTI, Legal, and Compliance, to ensure privacy considerations are integrated into all business processes. Monitoring and Reporting: Assist in monitoring the privacy program and provide regular updates.

Application Security Rotation responsibilities may include:

Review results of previous vulnerability scans, assessments, and bug bounty submissions to generate innovative approaches to accelerate remediation across business units and IT teams. Create comprehensive exploitation strategies that identify exploitable technical or operational vulnerabilities within the environment. Coordinate technical assessments of networks, systems, and programs through cybersecurity inspections, assessments, and processes, ensuring proper behavior and accurate presentation of findings. Coordinate across stakeholder groups, provide status reporting, and serve as the primary POC for all project-related activities, risks, issues, dependencies, deliverables, etc. for the application security domain. Actively participate in creating and delivering updates to standard operating procedures, playbooks, and other similar documentation for continuous improvement of application security operations and efficiencies. Create and maintain metrics reporting (KPIs/KRI) for reporting to senior management. Actively review closed cases, open cases, and threat intelligence to provide recommendations for preventative measures to mitigate threats to our application environment.

PHYSICAL REQUIREMENTS AND WORKING CONDITIONS:

• The physical demands and work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

EDUCATION:

• Bachelor’s degree in Management Information Systems, Computer Science, or a business/science related field.

EXPERIENCE AND SKILLS REQUIRED:

• Interested in a career in information security, cybersecurity and/or privacy?
• Excellent track record in academics and extracurricular activities.
• Has the ability to apply skills and knowledge to address operational challenges and add value to the business.
• Has strong analytical and problem-solving skills.
• Possess strong interpersonal, leadership and communication skills.
• Eager to learn, flexible and willing to work on different projects.
• Previous work experience as an intern or co-op work experience.

EO/AA Employer: Minorities/Women/Veterans/Disabled/Sexual Orientation/Gender Identity

Fresenius Medical Care North America operates a drug-free workplace in accordance with applicable federal and state laws.

EO/AA Employer: Minorities/Women/Veterans/Disabled/Sexual Orientation/Gender Identity

Fresenius Medical Care North America operates a drug-free workplace in accordance with applicable federal and state laws.