Global It Security Leader

Company Description

Here at Avanos Medical, we passionately believe in three things:

• Making a difference in our products, services and offers, never ceasing to fight for groundbreaking solutions in everything we do;
• Making a difference in how we work and collaborate, constantly nurturing our nimble culture of innovation;
• Having an impact on the healthcare challenges we all face, and the lives of people and communities around the world.

At Avanos you will find an environment that strives to be independent and different, one that supports and inspires you to excel and to help change what medical devices can deliver, now and in the future. 

The Avanos COVID-19 Vaccine Policy:  This Policy applies to U.S. customer-facing / field-based employees & Avanos leadership:  All U.S. customer-facing / field-based employees hires must be fully vaccinated against COVID-19.  Proof of being fully vaccinated does not need to be disclosed until a job offer has been made but must be submitted within 48 hours after the acceptance of the job offer.  If you have a qualifying medical condition or sincerely held religious belief or practice that precludes you from receiving a COVID-19 vaccine, you may apply for an exemption or deferral after you accept the job offer and before your scheduled start date.  The reasonable accommodation provided to the employee, if any, will depend on the employee’s job and the applicable facts, but it may include weekly COVID-19 testing and masking requirements.  New hires who do not submit, before their scheduled start date, proof of being fully vaccinated or a request for a reasonable accommodation will have their job offer revoked.

 

Avanos is a medical device company focused on delivering clinically superior breakthrough solutions that will help patients get back to the things that matter. We are committed to creating the next generation of innovative healthcare solutions which will address our most important healthcare needs, such as reducing the use of opioids while helping patients move from surgery to recovery. Headquartered in Alpharetta, Georgia, we develop, manufacture and market recognized brands in more than 90 countries. Avanos Medical is traded on the New York Stock Exchange under the ticker symbol AVNS. For more information, visit www.avanos.com.

 

 

 

Job Description

The Director of Global IT Security is a critical member of the Avanos IT leadership team, reporting to the CIO. This role is responsible for establishing and driving an end-to-end IT security and compliance program. This includes developing the global IT security strategy, architecture, security operations, infrastructure security, application security, compliance programs (HIPAA, PCI, CCPA, GDPR), GRC (Governance, Risk & Compliance), and oversight of the Managed Security Services Providers. The role collaborates closely with senior leaders in our Research & Development, Commercial and Analytics organizations to develop pragmatic solutions to ensure security while supporting speed-to-market.

 

Essential Duties and Responsibilities:

• Establish the global security and compliance model, security architecture framework, implementation delivery improvements of security solutions and measurable metrics. Focused on business partnership and embedding security into technical teams.
  •Provide quarterly update to the Audit Committee.
  •Implement the NIST maturity program with annual goals, improvement initiatives and program metrics to ensure delivery.
• Responsible for the global, 24/7 security operations including monitoring, intelligence platforms, red teams, incident response.
• Threat and vulnerability management: Device and software scanning to identify vulnerabilities, manage remediation, provide consulting services to development and technical teams to implement remediation, develop scorecard for executives.
• Planning and implementation of an IoT security strategy, framework and implementation.
• Responsible for identity access management and the rollout of Okta.
• Data protection: developed a data classification policy and standards, improved and standardized de-identification services, encryption policies and solutions.
• Manage regulatory compliance and associated large initiatives: CCPA, GDPR HIPAA, PCI, PII protections
• Governance, Risk, Compliance (GRC): establishing a GRC function and developing a risk-based program.
• Mergers & Acquisitions: developed improved processes and standards relative to M&A. Developing scorecard and follow-up process to ensure protection of the Avanos environment when introducing new organizations into our organization and network.
• Improve the security teams’ skills to drive high performance and engagement. Develop a talent pipeline.
• Implement KPIs, program management processes and improved financial process to optimize visibility, lower costs and drive results.
• Provide oversight for the design and implementation of the policies, procedures, systems, and safeguards necessary to ensure the integrity of information systems assets and to protect those assets from inadvertent or intentional access or destruction.
• Understand potential and emerging information security threats, vulnerabilities, and control techniques and assist in driving new controls with security vendors to mitigate threats/risks.
• Drive communications with managed security services providers to ensure the protection of corporate data and systems
• Lead the effort to research, test, and recommend new technologies, hardware, or software products for implementation within the corporate computing network.
• Conduct regular and ongoing monitoring of and reporting on enterprise-wide compliance with information security and IT control standards and policies. This includes coordinating the use of external resources involved in the performance of security testing (i.e. penetration tests, vulnerability scans, etc.)
• Provide project support for both IT and business initiatives requiring security infrastructure and services
• Responsible for raising the awareness within both the general employee population as well as at the managerial/company officer levels about the ever-changing cyber-security environment. Develops and promotes activities to create information security awareness within the organization
• Conduct regular GAP analysis of infrastructure security environment and apply controls to mitigate these gaps
• Assist with security investigation and computer forensic analysis as needed, respond to security emergencies both during and after business hours
• Provide leadership, expertise, guidance, and coaching to a team of IT/security professionals in the cyber-security and infrastructure disciplines.
• Stay on top of relevant information security issues and regulatory changes affecting the company, communicate updates and promote awareness.
• This position will manage Avanos full-time employees (security architects and analysts), outside contractors/consultants and third-party service providers

Qualifications

Qualifications

Required:

• Bachelor's degree required, preferably in computer science or information systems
• 10+ years of experience in a Security Leadership role covering all areas including network security, cyber security, and/or security operations, data privacy & compliance, secure development lifecycle
• 5+ years of working with managed security service providers
• 5+ years of experience in an IT security and compliance leadership role (VP or Director of IT)
• Experience reporting to Audit Committees
• Experience maintaining security compliance in a healthcare or medical device organization
• Experience in the following regulations and Frameworks: SOX, HIPAA, NIST
• Strong knowledge of security tools and capabilities
• Exceptional planning, organization, communication, presentation, multi-tasking, prioritization and business analysis skills
• Excellent written, oral and interpersonal communication skills
• Extreme accuracy in quality of work
• Work independently
• Must be able to multitask

 

Technical product training and certifications, network hardware and application security training and/or certifications:

• CISSP
• CISM
• Prior experience with network security & related applications, tools, logging and solutions

Additional Information

The statements above are intended to describe the general nature and level of work performed by employees assigned to this classification. Statements are not intended to be construed as an exhaustive list of all duties, responsibilities and skills required for this position.