Location: Alpharetta,GA, USA
Requisition ID: 6232
Job Title: Senior Manager, IT Risk & Compliance (Hybrid - GA)
Job Country: United States (US)
Here at Avanos Medical, we passionately believe in three things:
Making a difference in our products, services and offers, never ceasing to fight for groundbreaking solutions in everything we do;
Making a difference in how we work and collaborate, constantly nurturing our nimble culture of innovation;
Having an impact on the healthcare challenges we all face, and the lives of people and communities around the world.
At Avanos you will find an environment that strives to be independent and different, one that supports and inspires you to excel and to help change what medical devices can deliver, now and in the future.
The Avanos COVID-19 Vaccine Policy: This Policy applies to U.S. customer-facing / field-based employees & Avanos leadership: All U.S. customer-facing / field-based employees hires must be fully vaccinated against COVID-19. Proof of being fully vaccinated does not need to be disclosed until a job offer has been made but must be submitted within 48 hours after the acceptance of the job offer. If you have a qualifying medical condition or sincerely held religious belief or practice that precludes you from receiving a COVID-19 vaccine, you may apply for an exemption or deferral after you accept the job offer and before your scheduled start date. The reasonable accommodation provided to the employee, if any, will depend on the employee's job and the applicable facts, but it may include weekly COVID-19 testing and masking requirements. New hires who do not submit, before their scheduled start date, proof of being fully vaccinated or a request for a reasonable accommodation will have their job offer revoked.
Avanos is a medical device company focused on delivering clinically superior breakthrough solutions that will help patients get back to the things that matter. We are committed to creating the next generation of innovative healthcare solutions which will address our most important healthcare needs, such as reducing the use of opioids while helping patients move from surgery to recovery. Headquartered in Alpharetta, Georgia, we develop, manufacture and market recognized brands in more than 90 countries. Avanos Medical is traded on the New York Stock Exchange under the ticker symbol AVNS. For more information, visit www.avanos.com.
The Role
Reporting to the Director of Global Cybersecurity, this position is accountable for the Governance, Risk and Compliance functions of Avanos with the objective of creating a security & compliance first mindset across the organization through governance pillar, identify, measure and reduce risk through the delivery of continuous control measurement & compliance initiatives.
The IT Risk and Compliance Manager is responsible for developing a risk-based approach to effective IT Security and IT Compliance, as well as for identifying and mitigating security gaps by conducting periodic audits and risk assessments. The individual must possess a firm understanding of various security areas, including but not limited to logical & physical security, intrusion detection, access administration, network security and their related controls.
This position will champion the development of policies and procedures to maintain Sarbanes-Oxley (SOX), HIPAA, HITECH, GDPR and other US privacy regulations, and PCI compliance, as well as ensuring that Avanos Medical maintains compliance with all local, state, and federal laws related to information security.
The IT Risk and Compliance Manager is responsible for developing, implementing, and managing all policies, controls, and standards to adherence within the Avanos Medical IT global ecosystem.
This is a hybrid role requiring 3 days in the office.
Job Roles and Responsibilities
Serve as the primary point of contact in IT for the GRC functions
Collaborate with cross-functional teams to implement compliance initiatives and security controls.
Develop program, process and procedures related to compliance delivery & risk management such as periodically updating, publishing IT Security Policies.
Development and documentation of operating policies and procedures to ensure regulatory compliance and leading security practices to meet compliance needs.
Create and conduct risk assessments for various IT areas; develop & deliver action plans to reduce risk based on risk analysis.
Serve as the liaison for IT as part of both internal and external audits.
Work with Avanos's Internal & External Audit department, Internal Controls dept., to facilitate IT audits, assessments of organizational risk, and remediation activities.
Develop IT programs to monitor the effectiveness of control operations, including collecting and reviewing evidence of control operation, conducting periodic audits of compliance processes, and communicating results to IT Management.
Monitor and track activities related to control remediation or corrective action. Partner with business and IT teams to develop and deliver risk mitigation plans, implement additional control activities or document risk acceptance.
Work with cross-functional teams to deliver on the enterprise's data privacy program. Partner with business and IT leads to design and implement practices around secure data management and controls.
Ensure enterprise-wide compliance in various programs, such as HIPAA, PCI, privacy, etc.
Contribute to the Avanos's security program by defining, measuring and continuously delivering upon the agreed upon KPIs in managing risk and showing compliance.
Domestic travel as needed (