Cyber Risk and Compliance Specialist
As a global medtech company, we are driven by our Vision of changing the trajectory of lives for a new day and our Mission to create ingenious solutions that ignite patient turnarounds. Our relentless commitment to patients and strong legacy of innovation in healthcare are the foundation of our future. If you're looking for a new chance, a new beginning, a new trajectory, LivaNova is where your talent can truly thrive. Join our talented team members worldwide to become a pioneer of tomorrow—because at LivaNova, we don’t just treat conditions — we aspire to alter the course of lives.
The Role
As our Cyber Risk and Compliance Specialist, you will occupy a critical role that is 50% technical auditor and 50% security advocate. You will ensure the integrity of our financial systems through IT SOX compliance while simultaneously maturing our global compliance posture (HIPAA/NIS2) and building a high-integrity security culture through a comprehensive Security Awareness program.
Focus A: IT SOX & Financial Integrity (60%)
• Program Ownership: Lead the IT SOX program and design, implement, and test IT General Controls (ITGCs), IT Application controls (ITACs) and Key Reports (IPE) across our enterprise applications, databases, and infrastructure.
• Audit Management: Serve as the primary "translator" between technical teams and external auditors, ensuring evidence is accurate, timely, and defensible.
• Deficiency Management: Lead the root-cause analysis for any control failures and partner with stakeholders to build long-term, remediation plans.
Focus B: HIPAA, NIS2 & Risk Advisory (30%)
• Healthcare Compliance (HIPAA): Act as the technical SME for the HIPAA Security Rule, ensuring controls protect PHI, including controls monitoring and providing guidance to management for new systems.
• International Resilience (NIS2): Lead the alignment of our security posture with the NIS2 Directive, focusing on key areas in the directive for our European operations.
• Strategic Risk Assessments: Conduct deep-dive risk assessments for new technologies and vendors, ensuring compliance is baked in from the procurement stage.
Focus C: Security Awareness & Training (10%)
• Program Development: Manage the security awareness program that goes beyond "check-the-box" training. You will create engaging content for diverse audiences, from senior leadership to staff.
• Policy Promotion: Translate dense Information Security Policies into digestible, actionable "good practices" for IT administrators and data owners.
• Culture Building: Design targeted communication campaigns to increase internal reporting of security incidents and reinforce the importance of compliance.
Qualifications
• Experience: 5–7 years in IT Audit, IT Compliance, or Cyber Risk.
• Regulatory Knowledge: Expert-level understanding of SOX 404 (ITGCs) and a strong working knowledge of the HIPAA Security Rule and NIS2.
• Frameworks: Proficiency in applying NIST 800-53, ISO 27001, NIST CSF, or COBIT.
• Certifications: CISA is highly preferred; CISSP or CRISC is a major plus.
• Skills: The ability to explain to key stakeholders why a certain control is necessary without sounding like an auditor.
• Technology: Experience with ERP systems, such as SAP (ECC/S4 HANA) etc., cloud environments like Microsoft Azure, AWS etc., GRC systems such as Auditboard, Workiva or other.
Pay Transparency: A reasonable estimate of the annual base salary for this position is $110,000 - $140,000 + discretionary annual bonus. Pay ranges may vary by location.
Employee benefits include:
Health benefits – Medical, Dental, Vision
Personal and Vacation Time
Retirement & Savings Plan (401K)
Employee Stock Purchase Plan
Training & Education Assistance
Bonus Referral Program
Service Awards
Employee Recognition Program
Flexible Work Schedules
#LI-Remote