A

Senior Manager, IT Risk & Compliance (Hybrid - GA) (6232)

Avanos Corporate
On-site
Georgia, United States

Requisition ID: 6232

 

Job Title: Senior Manager, IT Risk & Compliance (Hybrid - GA)

 

Job Country: United States (US)

 

Here at Avanos Medical, we passionately believe in three things:

  • Making a difference in our products, services and offers, never ceasing to fight for groundbreaking solutions in everything we do;

  • Making a difference in how we work and collaborate, constantly nurturing our nimble culture of innovation;

  • Having an impact on the healthcare challenges we all face, and the lives of people and communities around the world.

 

At Avanos you will find an environment that strives to be independent and different, one that supports and inspires you to excel and to help change what medical devices can deliver, now and in the future. 

 

The Avanos COVID-19 Vaccine Policy:  This Policy applies to U.S. customer-facing / field-based employees & Avanos leadership:  All U.S. customer-facing / field-based employees hires must be fully vaccinated against COVID-19.  Proof of being fully vaccinated does not need to be disclosed until a job offer has been made but must be submitted within 48 hours after the acceptance of the job offer.  If you have a qualifying medical condition or sincerely held religious belief or practice that precludes you from receiving a COVID-19 vaccine, you may apply for an exemption or deferral after you accept the job offer and before your scheduled start date.  The reasonable accommodation provided to the employee, if any, will depend on the employee’s job and the applicable facts, but it may include weekly COVID-19 testing and masking requirements.  New hires who do not submit, before their scheduled start date, proof of being fully vaccinated or a request for a reasonable accommodation will have their job offer revoked.

 

Avanos is a medical device company focused on delivering clinically superior breakthrough solutions that will help patients get back to the things that matter. We are committed to creating the next generation of innovative healthcare solutions which will address our most important healthcare needs, such as reducing the use of opioids while helping patients move from surgery to recovery. Headquartered in Alpharetta, Georgia, we develop, manufacture and market recognized brands in more than 90 countries. Avanos Medical is traded on the New York Stock Exchange under the ticker symbol AVNS. For more information, visit www.avanos.com.

 

 

The Role

 

Reporting to the Director of Global Cybersecurity, this position is accountable for the Governance, Risk and Compliance functions of Avanos with the objective of creating a security & compliance first mindset across the organization through governance pillar, identify, measure and reduce risk through the delivery of continuous control measurement & compliance initiatives.

 

The IT Risk and Compliance Manager is responsible for developing a risk-based approach to effective IT Security and IT Compliance, as well as for identifying and mitigating security gaps by conducting periodic audits and risk assessments. The individual must possess a firm understanding of various security areas, including but not limited to logical & physical security, intrusion detection, access administration, network security and their related controls. 

 

This position will champion the development of policies and procedures to maintain Sarbanes-Oxley (SOX), HIPAA, HITECH, GDPR and other US privacy regulations, and PCI compliance, as well as ensuring that Avanos Medical maintains compliance with all local, state, and federal laws related to information security. 

 

The IT Risk and Compliance Manager is responsible for developing, implementing, and managing all policies, controls, and standards to adherence within the Avanos Medical IT global ecosystem.

 

This is a hybrid role requiring 3 days in the office.

 

Job Roles and Responsibilities

 

  • Serve as the primary point of contact in IT for the GRC functions

  • Collaborate with cross-functional teams to implement compliance initiatives and security controls.

  • Develop program, process and procedures related to compliance delivery & risk management such as periodically updating, publishing IT Security Policies.

  • Development and documentation of operating policies and procedures to ensure regulatory compliance and leading security practices to meet compliance needs.

  • Create and conduct risk assessments for various IT areas; develop & deliver action plans to reduce risk based on risk analysis.

  • Serve as the liaison for IT as part of both internal and external audits.

  • Work with Avanos’s Internal & External Audit department, Internal Controls dept., to facilitate IT audits, assessments of organizational risk, and remediation activities.

  • Develop IT programs to monitor the effectiveness of control operations, including collecting and reviewing evidence of control operation, conducting periodic audits of compliance processes, and communicating results to IT Management.

  • Monitor and track activities related to control remediation or corrective action. Partner with business and IT teams to develop and deliver risk mitigation plans, implement additional control activities or document risk acceptance.

  • Work with cross-functional teams to deliver on the enterprise’s data privacy program. Partner with business and IT leads to design and implement practices around secure data management and controls.

  • Ensure enterprise-wide compliance in various programs, such as HIPAA, PCI, privacy, etc.

  • Contribute to the Avanos’s security program by defining, measuring and continuously delivering upon the agreed upon KPIs in managing risk and showing compliance.

  • Domestic travel as needed (<10%)

 

Your Qualifications

 

 

  • Bachelor's degree required, preferably in computer science, information systems, or accounting

  • 8+ years of Information Technology

  • 6+ years hands-on experience with IT security audit and/or compliance experience

  • Prior experience in Governance, Risk, and Compliance (GRC) functions

  • Experience with Sarbanes-Oxley (SOX) and Health Insurance Portability and Accountability Act (HIPAA)

  • IT and IT Security risk assessment experience

  • Proven ability to manage enterprise controls in a large complex global multi-data center/cloud environment

  • Technical product training and certifications, network hardware and application security training and/or certifications, such as: CRISC, CISA, CISSP, etc.

  • Exceptional planning, organization, communication, presentation, multitasking, prioritization, and analysis skills

  • Knowledge and understanding of IT regulatory control frameworks (ITIL, COBIT, etc.).

  • Possess strong working knowledge and ability to assess controls of information security standards and frameworks (e.g., NIST)

 

Preferred:

 

  • Experience working with outsourced organizations and third-party vendors preferred

  • Hands on experience with Microsoft Security tools such as Purview, Defender, Entra ID, Sentinel

 

The statements above are intended to describe the general nature and level of work performed by employees assigned to this classification. Statements are not intended to be construed as an exhaustive list of all duties, responsibilities and skills required for this position.

 

 

Avanos Medical is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, sexual orientation, gender identity or any other characteristic protected by law. If you are a current employee of Avanos, please apply here .

 

Join us at Avanos
Join us and you can make a difference in our products, solutions and our culture. Most of all, you can make a difference in the lives, people, and communities around the world.

 

Make your career count
Our commitment to improving the health and wellbeing of others begins with our employees – through a comprehensive and competitive range of benefits. We provide more than just a salary – our Total Rewards package encompasses everything you receive as an employee; your pay, health care benefits, retirement plans and work/life benefits.

 

Avanos offers a generous 401(k) employer match of 100% of each pretax dollar you contribute on the first 4% and 50% of the next 2% of pay contributed with immediate vesting.

Benefits on day 1