Senior Information Security Compliance Analyst

QuidelOrtho unites the strengths of Quidel Corporation and Ortho Clinical Diagnostics, creating a world-leading in vitro diagnostics company with award-winning expertise in immunoassay and molecular testing, clinical chemistry and transfusion medicine. We are more than 6,000 strong and do business in over 130 countries, providing answers with fast, accurate and consistent testing where and when they are needed most - home to hospital, lab to clinic.

Our culture puts our team members first and prioritizes actions that support happiness, inspiration and engagement. We strive to build meaningful connections with each other as we believe that employee happiness and business success are linked. Join us in our mission to transform the power of diagnostics into a healthier future for all.

The Opportunity

As the company continues to grow, we are seeking a Senior Information Security Compliance Analyst. This position is responsible for supporting Ortho's Information Security Compliance program which consists of global regulatory compliance, industry standards such as SOX, HIPAA, PCI DSS, NIST, ISO 27001/2, etc., as well as the adherence to internal security standards and controls. The position will be located onsite in San Diego and maybe open to a

hybrid role.

The Responsibilities

• Support Ortho's current Information Technology controls (based on NIST, SOX, HIPAA, PCI DSS, ISO 27001/2, and Internal Technology security standards) as well as regulatory Technology Compliance for countries that Ortho operates in by conducting periodic Technology/Security Compliance assessments to identify deficiencies and provide guidance as to current industry best practices.

• Analyze and prioritize areas of focus for mitigation, remediation or process improvement opportunities using a risk based approach to maximize the efficiency and effectiveness. Report on remediation activities to ensure issues and risks are mitigated in a timely manner.

• Assist in updating and maintaining Ortho's IT Control Library about changes in the region-specific regulatory environments.

• Support local IT teams in dealing with internal and external auditors and regulators to maximize the efficiencies of second and third line of defense.

• Effectively work in and support global GRC platform.

• Perform other work-related duties as assigned.

The Individual

• Bachelor's Degree in computer science with 4 years related experience; or equivalent combination of education and experience.

• Responsibilities require strong relationship building with all layers of the organization and the ability to influence and affect change with commercial acumen.

• In-depth understanding of Regulatory compliance requirements (across regions), as well as international standards such as PCI DSS, SOX, HIPAA, ISO 27001/2 and NIST.

• Collaborative communication approach along with the ability to influence change in a matrixed environment.

• Superior verbal and written communication and presentation skills, strong people skills, and the ability to work independently.

• Demonstrates sense of urgency and a high degree of initiative and professional judgement.

Key Working Relationships:

Local IT (GIS) Team, Regulatory and Compliance, Legal and Privacy

External auditors or regulators when applicable

EOE/AA Disability/Veteran

#LI

Salary range for this position takes into account a wide range of factors including: education, experience, knowledge, skills, geography, and abilities of the candidate, in addition to internal equity and alignment with market data. At QuidelOrtho, it is not typical for an individual to be hired at or near the top range for their role and compensation decisions are dependent on that facts and circumstances of each case. A salary range for this position is $75,000 to $135,000 and is bonus eligible. QuidelOrtho offers a comprehensive benefits package including medical, dental, vision, life, and disability insurance, along with a 401(k) plan, employee assistance program, Employee Stock Purchase Plan, paid time off (including sick time) and paid Holidays. All benefits are non-contractual, and QuidelOrtho may amend, terminate, or enhance the benefits provided, as it deems appropriate.