Information Security Risk Officer Jobs in Rochester, NY

At CooperVision, a division of CooperCompanies, we're driven by a unifying purpose to help people to experience life's beautiful moments. We are connected through our shared values - dedicated, innovative, friendly, partners, and do the right thing. As a leading global manufacturer of contact lenses, we are committed to helping improve the way people see each day. Through our diverse lens portfolio, we tackle the toughest vision challenges - including astigmatism, presbyopia, and childhood myopia. We offer the most complete collection of spherical, toric, and multifocal products available, enabling us to fit 99% of all contact wearers. Learn more at www.coopervision.com.

Job Summary:

The Information Security Compliance Analyst supports the Manager, Identify & Protect in the design, implementation, operation, and continuous improvement of the organization's information security compliance program. This role focuses on day-to-day compliance activities including but not limited to; control identification, testing, risk evaluation, audit support and coordination. The Information Security Compliance Analyst will coordinate with internal stakeholders to ensure adherence to applicable data protection laws, regulatory requirements, and internal security standards, such as, NIS2, HIPAA, GDPR and other relevant frameworks.

Knowledge, Skills and Abilities:

• Working knowledge of regional and global cybersecurity and data privacy regulations such as GDPR, HIPAA, NIS2, and similar frameworks.
• Understanding of information security risk concepts and control frameworks such as NIST CSF 2.0, SSAE18 SOC 2, ISO 27001, CIS Controls, etc..
• Ability to analyze compliance requirements and map them to security controls.
• Strong attention to detail and organizational skills.
• Effective written and verbal communication skills.
• Ability to work collaboratively with cross-functional teams and stakeholders.
• Strong analytical and problem-solving skills.
• Ability to manage multiple tasks and priorities in a structured and timely manner.

Work Environment:

• Normal office environment.
• Prolonged sitting in front of a computer.

Experience:

• Minimum of two to five years of cumulative, full-time experience in Information Security, IT Audit, Risk, or Compliance-related roles preferred.
• Familiarity with legal and regulatory requirements such as SOX, HIPAA, GDPR, PCI DSS, and other domestic or international privacy and security regulations.
• Experience supporting audits, risk assessments, or compliance programs is preferred.

Education:

• Bachelor's degree in computer science, cybersecurity, information systems, or a related field; or an equivalent combination of education and experience.
• Security or compliance certifications such as CISA, Security+,ISC CC or similar are a plus.

We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender, gender identity or expression, or veteran status. We are proud to be an equal opportunity workplace.

For U.S. locations that require disclosure of compensation, the starting base pay for this role is between $94,220.00 and $125,626.00 per year and may include cost of living adjustments.  The actual base pay includes many factors and is subject to change and modification in the future.  This position may also be eligible for other types of compensation and benefits.

#LI-AK1

• Support the development, maintenance, and implementation of information security policies, procedures, standards, and guidelines.
• Assist in monitoring and ensuring compliance with applicable data protection laws and regulations, including NIS2, HIPAA, GDPR and other relevant requirements.
• Perform security compliance assessments, control testing, and evidence collection to identify gaps or deficiencies.
• Support internal and external audits by coordinating evidence requests, preparing documentation, and tracking remediation activities.
• Assist with risk assessments by identifying information security risks, documenting findings, and supporting mitigation efforts.
• Track, monitor, and report on information security compliance issues, corrective actions, and remediation progress.
• Maintain compliance documentation, registers, metrics, and dashboards to support reporting and governance needs.
• Collaborate with IT, Legal, Privacy, and business stakeholders to support consistent implementation of security and compliance requirements.
• Monitor regulatory changes and emerging security threats that may impact compliance obligations.
• Support training and awareness activities related to information security policies, standards, and compliance requirements.
• Help ensure third-party and contractual information security requirements are documented and supported through evidence collection and reviews.
• Participate in reviews to identify root causes of noncompliance and support development of corrective and preventive actions.
• Support monitoring, measurement, and reporting of the effectiveness and efficiency of information security controls.
• Promote information security and compliance practices as part of the organization's culture.

Travel Requirements: 

Up to 5% domestic and/or international travel