Come join our global team of dedicated professionals who through their extraordinary efforts demonstrate every day their commitment to our mission of improving the lives of patients. At Orthofix our culture is built around Integrity and the core beliefs we live by: Exceed Expectations, Work Together, Be Respectful, Get Lean and Have Fun! As an Orthofix employee, you will become an integral part of our culture by continually demonstrating the highest level of integrity and our beliefs while making an impact to our vision “To be a highly respected global orthopedic and spine company that delivers exceptional value to our patients, customers, team members, partners and shareholders."
IT Security & Controls Director
How you'll make a difference?
This position will have responsibility for strategic leadership and operational development, implementation, and oversight of policies, procedures, training, and infrastructure required for the company to meet corporate, legal and regulatory requirements related to IT security and financial system controls. This position will work closely with Finance, Operations, Sales, Compliance, Legal and other IT groups to ensure that appropriate tools, policies, and procedures are in place to secure corporate IT assets and protected information as is required by Sarbanes Oxley (SOX) legislation, HIPAA and HITECH security rules, and other corporate and regulatory requirements.
What will be your Duties and Responsibilities?
- Identify goals, objectives, and metrics for IT security and controls consistent with corporate strategic plans
- Work with business and IT leadership to prioritize IT security and IT control related initiatives and spending based on an appropriate risk management and/or financial methodology
- Design, develop and implement an integrated governance, risk, and compliance strategy that provides a road map for IT controls implementation for controls that are necessary and sufficient for regulations
- Serve as HIPAA Security Official
- Provide functional and technical leadership in the definition, creation and implementation of global IT security policies, standards, training, guidelines, and procedures to ensure ongoing maintenance of security across administrative, physical, and technical areas
- Lead IT risk analyses, risk management planning and monitoring activities
- Maintain effective relationships with local, state, and federal agencies
- Work with HIPAA Compliance Officer and provide data for internal and/or external reporting
- Oversee incident response planning as well as investigation of IT security breaches; Assist with disciplinary and legal matters associated with such breaches
- Work with outside consultants and advisors as appropriate for independent security audits
- Lead and coordinate efforts to address or remediate any findings from internal or external audits
- Direct IT staff in day to day assignments
- Manage information access levels and oversee access privileges for all employees, contractors, and other third parties
- Monitor compliance with the organization’s security policies and procedures
- Develop and manage team budget and financials
- Provide effective project management
- Provide effective and timely communication to business leaders and end users
- Be a visible evangelist and leader for security and controls related activities such as security awareness initiatives
- Work with IT teams to ensure systems are designed to meet corporate policies and standards
- Maintain professional certifications
- Lead business continuity and disaster recovery planning and validation activities
- Foster an environment which rewards innovation, creativity, and individual initiative
- Guide the selection, development, and evaluation of personnel
What skills you'll need?
- Bachelor’s degree in computer science, information technology, mathematics, management information systems, business administration, or related field, or equivalent work experience
- 15+ years of IT experience
- 5+ years of experience in an IT management position responsible for IT security and controls
- Experience implementing and managing tools, policies and procedures which apply to a multi-platform environment that includes client-server, web, and mobile systems
- Experience with relevant healthcare regulations, including HIPAA, and industry trends
- Experience with IT security issues and best practices
- IT experience within the healthcare industry
- Professional certifications such as CISSP, HCISSP, SSCP, Security+, CISM, CISA or other similar credentials
- High degree of knowledge related to methods, procedures, standards, and project management requirements for implementing SOX financial controls and HIPAA security controls
- Ability to manage professional staff and contractors / consultants
- Strong ability to understand and convey complex business and technical information precisely, accurately, and clearly to both technical and non-technical audiences
- Mature demeanor exhibiting poise, confidence, and strong leadership skills
- Strong ability to work in a team environment with a diverse group of both technical and non-technical personnel
- Strong ability to establish rapport, involve participants, and build effective working teams
- Ability to organize and handle multiple tasks simultaneously.
- Ability to learn new business concepts and technology quickly.
Nonessential Skills, Experience and Qualifications (not necessary but preferred):
- Supervises: Analysts, Specialists
Physical Demands and Work Conditions:
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
- Regularly required to sit for extended periods of time; frequently required to stand, walk and use business equipment daily such as P.C., copier, fax, telephone, etc.; occasionally required to reach overhead, bend, and lift objects of up to 20 lbs.
- Eyesight and hearing must be correctable to standard level.
Orthofix complies with all applicable federal, state, and local laws regarding equal employment opportunities (EEO) to all employees and applicants for employment. Orthofix makes its employment decisions without regard to race, color, religion, sex, national origin, age, disability, genetic information, or any other status protected by law. In addition to federal law requirements, Orthofix complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has employees. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.