Associate Director of IT Risk and Compliance Manager

Requisition ID:5443

Job Title:Associate Director of IT Risk and Compliance Manager

Job Country:United States (US)

Here at Avanos Medical, we passionately believe in three things:

• Making a difference in our products, services and offers, never ceasing to fight for groundbreaking solutions in everything we do;
• Making a difference in how we work and collaborate, constantly nurturing our nimble culture of innovation;
• Having an impact on the healthcare challenges we all face, and the lives of people and communities around the world.

At Avanos you will find an environment that strives to be independent and different, one that supports and inspires you to excel and to help change what medical devices can deliver, now and in the future.

The Avanos COVID-19 Vaccine Policy: This Policy applies to U.S. customer-facing / field-based employees & Avanos leadership: All U.S. customer-facing / field-based employees hires must be fully vaccinated against COVID-19. Proof of being fully vaccinated does not need to be disclosed until a job offer has been made but must be submitted within 48 hours after the acceptance of the job offer. If you have a qualifying medical condition or sincerely held religious belief or practice that precludes you from receiving a COVID-19 vaccine, you may apply for an exemption or deferral after you accept the job offer and before your scheduled start date. The reasonable accommodation provided to the employee, if any, will depend on the employee's job and the applicable facts, but it may include weekly COVID-19 testing and masking requirements. New hires who do not submit, before their scheduled start date, proof of being fully vaccinated or a request for a reasonable accommodation will have their job offer revoked.

Avanos is a medical device company focused on delivering clinically superior breakthrough solutions that will help patients get back to the things that matter.We are committed to creating the next generation of innovative healthcare solutions which will address our most important healthcare needs, such as reducing the use of opioids while helping patients move from surgery to recovery. Headquartered in Alpharetta, Georgia, we develop, manufacture and market recognized brands in more than 90 countries. Avanos Medical is traded on the New York Stock Exchange under the ticker symbol AVNS. For more information, visit .

Associate Director of IT Risk and Compliance Manager

Job Overview

The IT Risk and Compliance Manager is responsible for developing, implementing, and managing all policies, controls, and standards to adherence within the Avanos Medical IT global ecosystem. Reporting to the Director of Global Cybersecurity, this position is accountable for the creation and execution of the IT compliance and controls frameworks for security and regulatory compliance.

The IT Risk and Compliance Manager is also responsible for developing a risk-based approach to effective IT Security and IT Compliance, as well as for identifying and mitigating security gaps by conducting periodic audits and risk assessments. The individual must possess a firm understanding of various security areas, including but not limited to physical security, intrusion detection, access administration, network security and their related controls. This position will assist in the development of policies and procedures to maintain Sarbanes-Oxley (SOX), HIPAA, GDPR and other US privacy regulations, and PCI compliance, as well as ensuring that Avanos Medical maintains compliance with all local, state, and federal laws related to information security.

Principle Accountabilities

• Serve as the primary point of contact in IT for risk and compliance cybersecurity controls.
• Lead the development of a risk-based approach for the Avanos Medical organization for the areas of security and compliance.
• Create and conduct risk assessments for various IT areas and develop action plans based off of risk analyses.
• Serve as the liaison for IT as part of both internal and external audits. Work with Avanos's Internal Audit department, Internal Controls department, and the external audit team to facilitate IT audits, assessments of organizational risk, and remediate activities.
• Assist in the development and documentation of operating policies and procedures to ensure regulatory compliance and leading security practices to meet compliance needs.
• Collaborate with cross-functional teams to implement compliance initiatives and security controls.
• Develop IT programs to monitor the effectiveness of control operations, including collecting and reviewing evidence of control operation, conducting periodic audits of compliance processes, and communicating results to IT Management.
• Monitor and track activities related to control remediation or corrective action. Partner with business and IT teams to develop and deliver risk mitigation plans, implement additional control activities or document risk acceptance.
• Work with cross-functional teams to deliver on the enterprise's data privacy program. Partner with business and IT leads to design and implement practices around secure data management and controls.
• Ensure enterprise-wide compliance in various programs, such as HIPAA, PCI, privacy, etc.

Qualifications

Required:

• Bachelor's degree required, preferably in computer science, information systems, or accounting
• 10 years of Information Technology or IT Audit experience
• 6 years hands-on experience with IT security audit and/or compliance experience
• Prior experience in Governance, Risk, and Compliance (GRC) functions
• Experience with Sarbanes-Oxley (SOx) and Health Insurance Portability and Accountability Act (HIPAA)
• IT and IT Security risk assessment experience
• Proven ability to manage enterprise controls in a large complex global multi-data center/cloud environment
• Technical product training and certifications, network hardware and application security training and/or certifications, such as: CRISC, CISA, CISSP, etc.
• Exceptional planning, organization, communication, presentation, multitasking, prioritization, and analysis skills
• Knowledge and understanding of IT regulatory control frameworks (ITIL, COBIT, etc.).
• Possess strong working knowledge and ability to assess controls of information security standards and frameworks (e.g., NIST)

Preferred:

• Experience working with outsourced organizations and third-party vendors preferred

The statements above are intended to describe the general nature and level of work performed by employees assigned to this classification. Statements are not intended to be construed as an exhaustive list of all duties, responsibilities and skills required for this position.

Avanos Medical is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, sexual orientation, gender identity or any other characteristic protected by law. If you are a current employee of Avanos, please .

Join us at Avanos
Join us and you can make a difference in our products, solutions and our culture. Most of all, you can make a difference in the lives, people, and communities around the world.

Make your career count
Our commitment to improving the health and wellbeing of others begins with our employees - through a comprehensive and competitive range of benefits. We provide more than just a salary - our Total Rewards package encompasses everything you receive as an employee; your pay, health care benefits, retirement plans and work/life benefits.

Avanos offers a generous 401(k) employer match of 100% of each pretax dollar you contribute on the first 4% and 50% of the next 2% of pay contributed with immediate vesting.

free onsite gym | benefits on day 1 | HQ region voted 'best place to live' by USA Today