Sr Security Analyst – IT Risk & Compliance

Join Patterson Companies as a Sr. Security Analyst – IT Risk & Compliance and play a pivotal role in safeguarding our organization’s information systems and technology assets. You’ll drive key programs to identify, manage, and mitigate risks, ensuring the confidentiality, integrity, and availability of critical systems. In this role, you’ll lead initiatives to align with regulatory, audit, and compliance obligations while collaborating across Security, IT, and Business teams to advocate for innovative security solutions.

At Patterson, we are dedicated to fostering a respectful and supportive environment, driven by our core values and commitment to growth.

Essential Functions

To perform this job successfully, an employee must be able to perform each essential function satisfactorily, with or without reasonable accommodation. To request reasonable accommodation, notify Human Resources or the manager who oversees the position.

• Collaborate with security and cross-functional teams to evaluate the effectiveness of security and data protection controls, identify opportunities for improvement, and implement solutions aligned with frameworks such as NIST-CSF, HITRUST, and ISO27001/2. Take initiative to identify gaps and recommend actionable improvements while working closely with leadership to ensure alignment with program objectives.

• Develop, implement, and manage IT and security policies, standards, and processes to ensure compliance with regulatory requirements, including PCI, SOX, and HIPAA.

• Coordinate IT disaster recovery controls and exercises, ensuring compliance with organizational objectives, reporting results to key stakeholders and leadership.

• Oversee IT SOX controls and partnership with Internal Audit and Risk & Control teams, providing oversight, training, and awareness to evidence owners and stakeholders for continued compliance.

• Provide expertise and support for internal and external security audits, including responding to customer questionnaires, audit requests, and regulatory reviews.

• Create dashboards and metrics to measure the effectiveness of security controls, identify trends, and communicate progress to leadership and stakeholders.

• Design and maintain security workflows, procedures, and scalable compliance solutions to align with organizational priorities, enhance visibility, and promote the adoption of security best practices.

Additional functions

In addition to the essential functions listed above, the incumbent may perform the following additional functions.

• Assist in configuring and optimizing processes within technology systems to support workflows such as compliance tracking, incident management, risk assessments, and policy management in alignment with organizational objectives for GRC and ITSM/IL tool such as ServiceNow. 

• Stay informed on evolving security threats, regulatory changes, and industry trends, applying this knowledge to recommend proactive strategies and improvements to security programs.

• Support organizational security awareness efforts by contributing to the development of materials such as articles, presentations, or training content to promote a culture of security.

• Provide collaborative support to IT and business teams, helping to prioritize risks and implement solutions that enhance security posture and compliance efforts.

Required Qualifications

• Bachelor’s Degree with an emphasis in security, technology, or engineering or equivalent work experience

• At least 4 years work experience in information technology, cyber security, or information security    

• Excellent communication and collaborator with attention-to-detail.

• Proficiency in regulatory requirements and compliance standards (e.g. SOX, HIPAA, PCI-DSS)

• In-dept knowledge of security risk management and compliance frameworks (e.g. NIST-CSF, COSO, ISO27001/2, CSA, etc.)

Preferred Qualifications

• Familiarity with audit process and frameworks such as SOC2 Type 2 and HITRUST.

• Ability to influence and inspire others to adopt security best practices and policies.

• Security industry certification desired.

This role is open to primarily remote work with the requirement to occasionally come into the corporate office in Mendota Heights, MN for team meetings.