Skip Navigation

The Difference of One

Product Cybersecurity Compliance Senior Analyst

Apply Now Job ID R-300970 Date posted 02/14/2018

Job Description Summary

Reporting to the Cybersecurity Risk Senior Manager and working with others on the Cybersecurity Risk Team and the Product Cybersecurity Compliance team, this individual will be responsible for coordinating the execution of the Service Organization Control (SOC2) reports which are required commitments in many BD commercial agreements. This challenging position requires cross-functional knowledge of business processes, information security risks, internal controls, and understanding of technology. He/she brings unique knowledge and experience related to risk understanding and evaluation, internal controls, and attestation standards / requirements for SOC2 reporting engagement facilitation.

Job Description


  • He / she is accountable to the Cybersecurity Risk Senior Manager for overall activity execution
  • He / she progresses toward established objectives, assesses risk and implements strategies to ensure successful delivery of  service
  • He / she maintains effective communication with the team members and functional leadership in all activities required to facilitate completion of the SOC2 reports
  • He / she leverages past experiences and knowledge to provide advice on optimal solutions for implementation of a business process for internal controls to address items identified in SOC2 reports
  • There are three existing reports this role will support; furthermore this role is to expand / successfully evangelize the expansion of number of reports/products for which reports are issued, processes assessed and remediation tracked.

Specific Activities

Product Cybersecurity Compliance Oversight – Coordinate and facilitate the Product Cybersecurity Compliance effort in the delivery of service for providing SOC2 reporting for the businesses. Organize the administration, implementation and monitoring of processes supporting the completion of global third party (e.g. SOC2/AT101) product security reporting & certifications. This role provides input to product engineering and R&D teams regarding company policies and procedures, HIPAA rules and regulations as well as country specific rules, should they exist, and reporting/certification options available (i.e. HITRUST, ISO27002 etc.).   

This role includes the following:

  • Coordinates the development, implementation, and monitoring of product security processes as they relate to adherence with standards necessary to achieve SOC2 reporting objectives.
  • Works with third party vendor to issue reporting (e.g. SOC2/AT101) to customers around programs to control inappropriate exposure of ePHI.
  • Provide an objective technical and business viewpoint on product security landscape, regulatory/compliance considerations and contractual obligations to the product development teams, along with analysis on how these impact products and overall portfolio compliance.
  • Work with internal stakeholders (including, but not limited to Product Business Leadership, Information Technology, Product Security Center of Excellence, Ethics, Strategic Account Managers, Contracts and Legal) to understand and deliver results associated with their needs for product security.
  • Provides input to implementation, monitoring and reviewing of programs instituted to provide consistent adherence to policies and procedures. 
  • Participate in industry and related organizations (e.g. NHISAC and ADVAMED), bringing relevant information and best practices to the BD organization.
  • Participate in product security compliance communications to customers in a professional and compelling fashion.


  • At least a Bachelor’s degree in a subject related to one of the following functions: Information Security, IT, finance, etc. 
  • Prior experience with evaluating risks and controls as well as service organization control related reporting requirements, and system implementation related work is desired.  
  • Knowledge of information security and control risks and familiarity with Archer Governance Risks & Control (GRC) solutions is desired.  
  • Experience with IT implementation projects is preferred. Prior audit and / or internal control analysis experience is desirable.
  • Knowledge of Archer GRC platform and Risk Management solution is preferred.
  • Knowledge of information security concepts as well as IT risks and controls is preferred.
  • IT Control related certifications such as CISA (Certified Information Systems Auditor), CISSP (Certified Information Systems Security Professional), etc. is desirable.
  • Knowledge of information security and control frameworks (COBIT, ISO2702, NIST CSF) is desirable.


Primary Work Location

USA CA - San Diego Bldg A&B

Additional Locations

USA NJ - Franklin Lakes

Work Shift

Apply Now

Similar Job Openings Nearby

Salesforce Business Analyst San Diego, California 8815174

Join our Talent Community

Sign up to receive information about career opportunities, news and events.

Sign up

Join our Talent Community

Sign up to receive information about career opportunities, news and events.

Areas of InterestSearch for a category, location, or both, select a term from the suggestions, and click "Add".

  • Information Technology, San Diego, California, United StatesRemove

Find Your Role

Select a job category, location or group to view its corresponding jobs.

Jobs By Location

Jobs by Category + Location

Becton, Dickinson and Company is an Equal Opportunity/Affirmative Action Employer. We do not unlawfully discriminate on the basis of race, color, religion, age, sex, creed, national origin, ancestry, citizenship status, marital or domestic or civil union status, familial status, affectional or sexual orientation, gender identity or expression, genetics, disability, military eligibility or veteran status.

All applicants should complete the on-line application process. BD is committed to working with and providing reasonable accommodations to individuals with disabilities. If you require assistance or an accommodation because of a disability to participate in the application process, please call 855-BD-HELPS (855-234-3577) or email