Sr. Manager, IT Compliance and Risk

OSI Systems and its subsidiaries is a vertically integrated provider of specialized electronic systems and for components that meet the critical needs in the homeland security, healthcare, defense, and aerospace industries. As a global company, we are dedicated to developing solutions for our customers and the people they serve to lead the way to a safer and healthier world.

OSI Systems is seeking a Sr. Manager, IT Compliance and Risk. This individual will lead efforts in maintaining compliance with various regulatory and security frameworks. They will have a deep understanding of security, compliance, regulatory frameworks (such as SOX ITGC, ISO 27001, NIST 800-171, CMMC, PCI-DSS), vendor security reviews, and customer interactions. This individual will also have a strong ability to collaborate with external and internal teams across functions and provide valuable insights and leadership in enhancing our security and compliance posture. They will report directly to the VP, Information Security and Risk Management.

• Lead the organization's compliance efforts across SoX ITGC, ISO 27001/2, NIST 800-171 and other frameworks. Coordinate with third-party auditing firms to facilitate audits and provide necessary evidence.
• Drive resolutions for audit findings through effective control implementation.
• Develop and implement compliance policies and procedures and monitor controls in alignment with Information Security Control Framework to meet regulatory and contractual requirements. Proactively review existing IT compliance controls for regulatory updates and perform gap analysis.
• Periodically conduct IT Internal Audits. Maintain various internal and external audit and compliance schedules/reports for IT Management.
• Manage risk management process and assess potential risks to the organization's IT Systems and Data. Develop and implement controls to mitigate identified risks. Proactively review risk register and risk treatment plans with risk owners and IT Leadership.
• Manage Third Party Risk Management process and conduct risk assessments (SaaS, technology platforms, etc.) and make recommendations to mitigate risk.
• Manage Change Management process and identify/implement continuous improvement opportunities.
• Develop dashboard and metrics to represent compliance and risk program performance.
• Manage IT policy, standards and procedure review process.
• Uphold the company's core values of Integrity, Innovation, Accountability, and Teamwork.
• Demonstrate behavior consistent with the company's Code of Ethics and Conduct.
• It is the responsibility of every employee to report to their manager or a member of senior management any quality problems or defects in order for corrective action to be implemented and to avoid recurrence of the problem.
• Duties may be modified or assigned at any time to meet the needs of the business.

• Bachelor's degree in Computer Science, Information Security, or related field required.
• 5+ years of combined work experience in IT Governance, Compliance and Risk Management role needed.
• 3+ years of experience in implementing SOX ITGC, ISO 27001 and NIST 800-171 controls.
• At least 3 years of work experience in developing, implementing and monitoring IT Security controls, in a hybrid cloud computing environment (on-premises, AWS and Azure) desired.
• Experience in managing IT Risk Management processes is needed.
• Experience in managing global team (4 or more team members) is essential.
• Hands-on experience with GRC platforms.
• Proven ability to lead a project from start to finish.
• Previous experience working in a global enterprise environment.
• Excellent verbal and written communication skills in English. Capability to clearly communicate compliance and audit risks.
• Problem solving skills and ability to work under pressure.
• Ability to work independently as well as in a team structure.
• Off-hours support may be needed.
• Professional certifications such as CISA, CIRISC. CISSP, CISM is highly desirable.
• Familiarity with standards and frameworks such as NIST 800-53, PCI-DSS, HIPAA Security and Privacy Rule, NIST Risk Management (800-37) is preferred.

Please review our benefits here: Life at OSI
The specific programs and options available to any given employee may vary depending on eligibility factors such as geographic location and date of hire. Please note that the salary information shown above is a general guideline only. Salaries are based upon candidate experience and qualifications, as well as market and business considerations.

NOTICE TO THIRD PARTY AGENCIES

OSI Systems, Inc. and its subsidiaries (collectively "OSI") does not accept unsolicited resumes from recruiters or employment agencies. If any person or entity, including a recruiter or agency, submits any information, including any resume or information regarding any potential candidate, without a signed agreement in place with OSI, OSI explicitly reserves the right to use such information, and pursue and/or hire such candidates, without any financial obligation to the person, recruiter or agency. Any unsolicited information or resumes, including those submitted directly to hiring managers, are considered and deemed to be the property of OSI.

Equal Opportunity Employer - Disability and Veterans

EEO is the Law

Poster Link: https://www.eeoc.gov/sites/default/files/migrated_files/employers/eeoc_self_print_poster.pdf

OSI Systems, Inc. has three operating divisions: (a) Security, providing security and inspection systems, turnkey security screening solutions and related services; (b) Healthcare, providing patient monitoring, diagnostic cardiology and anesthesia systems; and (c) Optoelectronics and Manufacturing, providing specialized electronic components and electronic manufacturing services for original equipment manufacturers with applications in the defense, aerospace, medical and industrial markets, among others.