Job Description

Work Schedule

Standard (Mon-Fri)

Environmental Conditions

Office

As part of theThermoFisher Scientific team,you'lldiscover meaningful work that makes a positive impact on a global scale. Join our colleagues in bringing our Mission to life every single day to enable our customers to make the world healthier,cleanerand safer. We provide our global teams with the resources needed to achieve individual career goals while helping to takesciencea step beyond by developing solutions for some of the world's toughest challenges, like protecting the environment, making sure our food is safe or helping find cures for cancer.

Join our Corporate Infrastructure and Security - RiskManagementteam atThermoFisher Scientific, whereyou'llhelp protect and secure our global technology infrastructure that enables breakthrough scientific discoveries. As an IT Security Engineer III,you'llplay a crucial role in developing,implementingand executing theglobal cybersecurity risk management program.You'llwork on security initiatives across cloud, endpoint protection, threat detection, and product security, while also focusing on risk analysis, third-party security assessments, and information security assessments.

In this role,you'llcollaborate with cross-functional teams to implementsecurity bestpractices, conduct assessments, and drive continuous improvement of our security posture.You'llbe responsible formaintainingand executing risk management policies throughout the entire risk lifecycle, ensuring consistency of security practices and standards across the organization. Your expertise will be vital in providing consultative advice on securitydesign forsystems, aligning with business needs and the company's security posture.

You'llcultivate andmaintainstrong working relationships with IT teams, LegalandPrivacy while contributing to the continuous development and enhancement of the company's information security control framework, assessment program, and risk analysis practices. This position offers excellent opportunities for professional growth while contributing to our mission of enabling customers to make the world healthier,cleanerand safer.

As part of a team driving visibility and understanding of information security risk management,you'llcontribute to and influence strategic decision-making across the enterprise. The ideal candidate willpossessstrong research, writing, and presentation skills, with a desire to solve complex problems and the drive to complete assignments on time with minimal oversight.

REQUIREMENTS:

• Bachelor's Degree in Cybersecurity, Information Security, Computer Science, Risk Management, or related field, plus 5+ years of experience in enterprise IT security engineering, risk analysis, or related cybersecurity roles

• Advanced Degree in a relevant field may substitute for some experience

• Strongexpertisein at least one major security domain: cloud security, endpoint protection, network security, or application security

• Experience implementing and managing enterpriseGRCtools and technologies

• Proficiencyin security frameworks and standards (e.g., NIST 800- 53, ISO 27001, CIS Controls, FISMA)

• Experience with risk analysis and various risk management frameworks (e.g., NIST Risk Management Framework, CIS Risk Assessment Methodology)

• Experience with cloud platforms (AWS, Azure, GCP) and associated security controls

• Excellent analytical and problem- solving abilities

• Strong written and verbal communication skills, with the ability to explain complex risk management topics to a broad audience

• Experience presenting to senior leadership

• Ability to work both independently and collaboratively in a professional environment

• Experience conducting security assessments, developing risk mitigation strategies, and executing risk analysis processes

• Knowledge of threat detection, incident response, and forensics principlesis considered plus

• Project management experience and ability to manage multiple priorities

• Understanding of cybersecurity technologies and controls, with the ability to bridge the gap between governance and technical concepts

• Strong customer service orientation and interpersonal skills

• Professional certifications preferred (e.g., CISSP, CEH, Security+, CRISC, CISA)