IT Risk and Compliance Manager

Description

Reporting to the Director of Global Cybersecurity, this position is accountable for the Governance, Risk and Compliance functions of Avanos with the objective of creating a security & compliance first mindset across the organization through governance pillar, identify, measure and reduce risk through the delivery of continuous control measurement & compliance initiatives.

Responsibilities

• The IT Risk and Compliance Manager is responsible for developing a risk-based approach to effective IT Security and IT Compliance, as well as for identifying and mitigating security gaps by conducting periodic audits and risk assessments.
• The individual must possess a firm understanding of various security areas, including but not limited to logical & physical security, intrusion detection, access administration, network security and their related controls. This position will champion the development of policies and procedures to maintain Sarbanes-Oxley (SOX), HIPAA, HITECH, GDPR and other US privacy regulations, and PCI compliance, as well as ensuring that Avanos Medical maintains compliance with all local, state, and federal laws related to information security.
• The IT Risk and Compliance Manager is responsible for developing, implementing, and managing all policies, controls, and standards to adherence within the Avanos Medical IT global ecosystem. Principle Accountabilities: Serve as the primary point of contact in IT for risk and compliance cybersecurity controls. Lead the development of a risk-based approach for the Avanos Medical organization for the areas of security and compliance. Create and conduct risk assessments for various IT areas and develop action plans based off of risk analyses. Serve as the liaison for IT as part of both internal and external audits. Work with Avanos’s Internal Audit department, Internal Controls department, and the external audit team to facilitate IT audits, assessments of organizational risk, and remediate activities.
• Development and documentation of operating policies and procedures to ensure regulatory compliance and leading security practices to meet compliance needs. Collaborate with cross-functional teams to implement compliance initiatives and security controls. Develop IT programs to monitor the effectiveness of control operations, including collecting and reviewing evidence of control operation, conducting periodic audits of compliance processes, and communicating results to IT Management. Monitor and track activities related to control remediation or corrective action.
• Partner with business and IT teams to develop and deliver risk mitigation plans, implement additional control activities or document risk acceptance. Work with cross-functional teams to deliver on the enterprise’s data privacy program. Partner with business and IT leads to design and implement practices around secure data management and controls. Ensure enterprise-wide compliance in various programs, such as HIPAA, PCI, privacy, etc.