IT Security Engineer III

As part of the Thermo Fisher Scientific team, you'll discover meaningful work that makes a positive impact on a global scale. Join our colleagues in bringing our Mission to life every single day to enable our customers to make the world healthier, cleaner and safer. We provide our global teams with the resources needed to achieve individual career goals while helping to take science a step beyond by developing solutions for some of the world's toughest challenges, like protecting the environment, making sure our food is safe or helping find cures for cancer. 

DESCRIPTION: 

Join our Corporate Infrastructure and Security - Risk Management team at Thermo Fisher Scientific, where you'll help protect and secure our global technology infrastructure that enables breakthrough scientific discoveries. As an IT Security Engineer III, you'll play a crucial role in developing, implementing and executing the global cybersecurity risk management program. You'll work on security initiatives across cloud, endpoint protection, threat detection, and product security, while also focusing on risk analysis, third-party security assessments, and information security assessments. 

In this role, you'll collaborate with cross-functional teams to implement security best practices, conduct assessments, and drive continuous improvement of our security posture. You'll be responsible for maintaining and executing risk management policies throughout the entire risk lifecycle, ensuring consistency of security practices and standards across the organization. Your expertise will be vital in providing consultative advice on security design for systems, aligning with business needs and the company's security posture. 

You'll cultivate and maintain strong working relationships with IT teams, Legal and Privacy while contributing to the continuous development and enhancement of the company's information security control framework, assessment program, and risk analysis practices. This position offers excellent opportunities for professional growth while contributing to our mission of enabling customers to make the world healthier, cleaner and safer. 

As part of a team driving visibility and understanding of information security risk management, you'll contribute to and influence strategic decision-making across the enterprise. The ideal candidate will possess strong research, writing, and presentation skills, with a desire to solve complex problems and the drive to complete assignments on time with minimal oversight. 

REQUIREMENTS: 

• Bachelor's Degree in Cybersecurity, Information Security, Computer Science, Risk Management, or related field, plus 5+ years of experience in enterprise IT security engineering, risk analysis, or related cybersecurity roles 

• Advanced Degree in a relevant field may substitute for some experience 

• Strong expertise in at least one major security domain: cloud security, endpoint protection, network security, or application security 

• Experience implementing and managing enterprise GRC tools and technologies 

• Proficiency in security frameworks and standards (e.g., NIST 800- 53, ISO 27001, CIS Controls, FISMA) 

• Experience with risk analysis and various risk management frameworks (e.g., NIST Risk Management Framework, CIS Risk Assessment Methodology) 

• Experience with cloud platforms (AWS, Azure, GCP) and associated security controls 

• Excellent analytical and problem- solving abilities 

• Strong written and verbal communication skills, with the ability to explain complex risk management topics to a broad audience 

• Experience presenting to senior leadership 

• Ability to work both independently and collaboratively in a professional environment 

• Experience conducting security assessments, developing risk mitigation strategies, and executing risk analysis processes 

• Knowledge of threat detection, incident response, and forensics principles is considered plus 

• Project management experience and ability to manage multiple priorities 

• Understanding of cybersecurity technologies and controls, with the ability to bridge the gap between governance and technical concepts 

• Strong customer service orientation and interpersonal skills 

• Professional certifications preferred (e.g., CISSP, CEH, Security+, CRISC, CISA)