Senior IT Security GRC Analyst (Global)

About

For more than 100 years, Olympus has focused on making people’s lives healthier, safer and more fulfilling. Every day, we live by our philosophy, True to Life, by advancing medical technologies and elevating the standard of patient care so people everywhere can fulfill their desires, dreams, and lives. Our five Core Values—Patient Focus, Integrity, Innovation, Impact and Empathy—empower us to achieve our purpose.

The Senior IT Security GRC Analyst (Global) is responsible for the governance, oversight, and lifecycle management of IT Security risk across Olympus. This role ensures that security‑related risks, controls, and obligations are identified, assessed, governed, and transparently communicated in alignment with internal policy, external regulatory requirements, and recognized industry frameworks. The position operates as a senior, globally consistent IT Security GRC role, retaining accountability for security risk governance, control framework alignment, exception management, and executive‑level visibility. It functions as a leader by default, exercising judgment, influence, and authority without formal people‑management responsibilities, and serves as a trusted partner to IT, business, security operations, architecture, privacy, and assurance functions.

Work Location & Flexibility

• Location: Pennsylvania (Center Valley) or Massachusetts (Westborough)
• Workplace Flexibility: Hybrid

Responsibilities

• Establish, maintain, and operationalize IT Security governance structures aligned to Olympus policies and global standards.
• Ensure security‑related policies, standards, and procedures are consistently interpreted and applied across regions and systems.
• Translate regulatory and framework requirements into actionable governance expectations for IT Security.
• Own the end‑to‑end lifecycle of IT Security risk, including identification, assessment, prioritization, treatment tracking, escalation, and reporting.
• Support and escalate IT Security risk acceptance decisions in alignment with the enterprise risk management model and defined approval thresholds.
• Maintain and govern the IT Security risk register within approved GRC tooling.
• Evaluate security risks arising from systems, services, projects, third parties, and control gaps.
• Communicate material security risks upward in a timely and disciplined manner.
• Govern IT Security control frameworks (e.g., NIST, ISO), including control definition, mapping, and alignment to policy and regulatory requirements.
• Monitor and assess control effectiveness using evidence, metrics, and tool outputs.
• Validate security control effectiveness through evidence‑based assessment methods aligned to recognized security frameworks.
• Govern security‑related exception management, including documentation, risk evaluation, treatment tracking, and reporting.
• Partner with technical and operational teams responsible for control execution without assuming operational responsibility.
• Conduct and govern IT Security risk assessments for third‑party vendors and service providers.
• Analyze security posture, identify control gaps, and recommend risk treatment options.
• Track and report third‑party security risks and remediation commitments.
• Support secure procurement and onboarding processes through a security risk lens.
• Support internal and external audits by providing security‑focused evidence, analysis, and responses; coordinate audit activities, timelines, and stakeholder engagement.
• Ensure security control obligations are traceable, defensible, and audit‑ready (audit independence resides with IT Assurance).
• Interpret outputs from security and compliance tools to identify trends, risks, and control performance.
• Develop and maintain dashboards, KPIs, and executive‑level reporting related to IT Security risk.
• Translate technical security data into clear business‑relevant insights for executive leadership.
• Act as a leader and representative of IT Security GRC across global and regional stakeholders.
• Direct and oversee MSSP activities within defined GRC scope, ensuring alignment to governance expectations.
• Exercise judgment on escalation while maintaining proactive upward information sharing.
• Influence outcomes through collaboration, clarity, and accountability rather than hierarchy.

Qualifications

Required

• Minimum Bachelor’s degree in Information Security/Technology or equivalent experience.
• At least one relevant security certification (e.g., CISM, CISSP, CISA, CRISC).
• Minimum 8 years of relevant work experience (IT Security, GRC, etc.).
• At least 5 years of lead/manager experience.
• Thorough knowledge and understanding of cybersecurity frameworks such as ISO 27001/27002, NIST, COBIT, BCM, ITIL, GDPR, ITAR, SOX (JSox) and IT risk management.
• Excellent oral and written communication skills in the local language.
• Excellent oral and written communication skills in English.

Benefits

Equitable Offerings

• Competitive salary, annual bonus, and 401(k) with company match
• Comprehensive medical, dental, and vision coverage effective on start date
• 24/7 Employee Assistance Program
• Free live and on‑demand wellbeing programs
• Generous paid vacation and sick time
• Paid parental leave and adoption assistance*
• 12 paid holidays
• On‑site child daycare, café, and fitness center

Connected Culture

• Work‑life integrated culture supporting an employee‑centric mindset
• Options for onsite, hybrid, and field work environments
• Paid volunteering and charitable donation/match programs
• Employee Resource Groups
• Dedicated training resources and learning & development programs
• Paid educational assistance
• Positions available for U.S. candidates only

---

*All benefits are subject to plan terms and eligibility requirements.