Description

The Vaud Hospitals (GRC Cybersecurity Analyst (Governance, Risks, and Compliance) The Vaud Hospitals (FHVi) is the preferred partner of 12 regional hospitals and healthcare facilities in the canton of Vaud. FHVi supports them in the many challenges of digital health and has the main missions of planning, designing, implementing, and operating the system for members. There are more than 120 people serving over a hundred workstations spread across a hundred geographical sites and three cantons (VD, VS, FR). GRC Cybersecurity Analyst (Governance, Risks, and Compliance) To strengthen its cybersecurity team, FHVi is looking for a GRC Cybersecurity Analyst (Governance, Risks, and Compliance). Your mission Under the responsibility of the Chief Security Officer (RSSI), you play a central role in the deployment of the GRC system at FHVi and its member institutions. You actively contribute to the implementation of cybersecurity in a digital context, with evolving infrastructures and intervention covering the entire multi-site hospital scope, closely linked with technical teams, business departments, and governance bodies. Main responsibilities: Governance Contribute to the update and development of security policies, procedures, and standards. Develop KRI/KPI and ensure reporting to the cybersecurity steering committee. Be proactive in proposing enhancements to the security system and associated measures. Risk Management and Compliance Drive risk assessments across the entire FHVi perimeter (ISO standards and related frameworks). Maintain a centralized and rigorous register of risks, controls, evidence, and an active regulatory watch; LPD, hospital standards, sectoral evolutions; and advise the relevant stakeholders. Support the gradual and structured implementation of the ISO standard across the institutions and controls. Coordinate and support internal and external audits (ISO, CIS, others). Compile evidence, ensure follow-up of corrective actions, and guarantee traceability of continuous control and process efficiency, and evolve a security program, combining phishing campaigns, online modules, in-person sessions, etc. Raise awareness among management and business teams about security issues and compliance challenges. Collaborate with member institutions, infrastructure teams, and others to ensure the coherence of the sought system. You are a recognized professional for your rigor, sense of responsibility, and ability to bridge technical challenges and business realities. Experience of 5 years or more in cybersecurity, with a strong focus on GRC: risk management, compliance, and management. In-depth knowledge of ISO standards and frameworks (ISO 27001, ISO 27002, CIS, NIST), as well as applicable regulatory requirements in the healthcare sector and data protection (LPD). Proven experience in conducting internal, external, and third-party audits, ideally in a multi-site or institutional environment. Document rigor, the ability to structure information, and guarantee its usability. Ease and ability to communicate with both technical and non-technical interlocutors. Autonomy, proactivity, and an entrepreneurial spirit are desired. Certifications: ISO 27001 Lead Implementer, CISA, or equivalent. Knowledge of a GRC tool: an asset. Languages French: excellent written and oral mastery – essential. English: proficiency in reading, writing, and expression in the context of work activities. What we offer you: - A stimulating opportunity to evolve in the healthcare sector, a constantly changing and meaningful field. - The possibility to actively contribute to ambitious projects related to ongoing digital initiatives. - A pleasant working environment within a human-sized organization, where team spirit and proximity are valued. - Employment conditions with regular progression in salary corresponding to responsibilities, in accordance with the staff regulations in effect at FHVi, including: A 13th month salary, social benefits, and 30 vacation days per year (30 days starting from the year of turning 50). Access to continuing education to support your development, the possibility of teleworking, and access via public transport. jid0c35b7baen jit0416aen jpiy26aen