With a mantra of Empowering Human Potential, Hanger, Inc. is the world's premier provider of orthotic and prosthetic (O&P) services and products, offering the most advanced O&P solutions, clinically differentiated programs and unsurpassed customer service. Hanger's Patient Care segment is the largest owner and operator of O&P patient care clinics nationwide. Through its Products & Services segment, Hanger distributes branded and private label O&P devices, products and components, and provides rehabilitative solutions to the broader market. Built on the legacy of James Edward Hanger, the first amputee of the American Civil War, Hanger is steeped in 150 years of clinical excellence and innovation with a vision to be the partner of choice for products and services that enhance human physical capability. Collectively, Hanger employees touch thousands of lives each day, helping people achieve new levels of mobility and freedom.
Hanger, Inc. is an equal opportunity employer - female/minority/disability/vet.
Could This Be For You?
As the IT Auditor II you will perform internal information technology system audits and risk assessments. You will develop and implement an audit and control framework to monitor IT production environments for potential system integrity exposure and control weaknesses.
You will use your experience to identify various risks (e.g., financial, operational, compliance) to the organization and make recommendations for corrective actions/mitigation of risks. Your work will include evaluating complex information systems and controls including but not limited to applications, business control processes, change control management procedures, security, networks, and computer and data center operations. You'll report findings to management and communicate recommendations for corrective actions. This position may provide support for Sarbanes-Oxley (SOX) compliance and typically requires expertise in enterprise software and relational databases.
- Reads and understands complex legal and regulatory requirements, translates them into practical business processes, and provides detailed and continual guidance to IT staff to ensure those requirements are met.
- Works and communicates efficiently, clearly, and succinctly with all levels of technical, business, and executive staff.
- Communicates emerging issues, potential risks, audit results, and IT compliance issues to all impacted areas in a timely fashion.
- Performs and develops daily, monthly, quarterly, and yearly auditing tasks to ensure compliance is maintained across all of IT's systems and processes.
- Designs and manages projects consistent with the IT organization's SDLC.
- Assists IT teams with the development of policies, standards, procedures, and guidelines that are backed by Hanger's enlisted governance frameworks, assists IT teams with the development of questionnaires and evidence gathering techniques to ensure compliance with the teams' requirements, and assists all organizations with the development of approval workflows for the electronic governance, risk, and compliance system.
- Applies expertise in enterprise electronic governance, risk, and compliance systems to manage all aspects of the electronic governance, risk, and compliance system.
- Identifies and periodically evaluates IT controls, countermeasures, and policies and procedures to mitigate and/or manage risk to acceptable levels.
- Provides documentation of adherence to controls for internal and external auditors.
- Oversees and assists with any governance- or compliance-related remediation efforts within IT.
- Identifies and reports on risk and initiates corrective action to meet business and regulatory requirements.
- Raises awareness of infrastructure and application issues that could cause business risk to the IT organization.
- Provides governance and compliance educational services to all organizations.
- Develops risk response action plans to address risk factors identified in the organizational risk profile.
- Determines the approach to correct information systems control deficiencies and maturity gaps to ensure that deficiencies are appropriately considered and remediated.
- Periodically performs technical risk assessments and impact analyses as assigned.
- Reviews contracts, systems, and processes to identify potential issues with the organization's compliance or governance requirements.
- Evaluates the organization's IT policies, standards, and procedures, and the processes for their development, approval, implementation, maintenance, and monitoring, to determine whether they support the IT strategy and comply with regulatory and legal requirements.
- Identifies and reports on current and potential legal and regulatory requirements affecting IT.
- Develops policies, standards, procedures, and guidelines for the IT department.
- Designs information systems controls in consultation with process owners to ensure alignment with business needs and objectives.
- Relates regulatory and business requirements to real world work environments.
- Applies technical knowledge of IT security, infrastructure, and development best practices to enhance the organization's risk profile and overall compliance and governance health.
- Bachelor's degree from a four-year college or university.
- 2 years of progressive experience handling compliance issues around Sarbanes-Oxley (SOX), PCI, and/or HIPAA privacy issues for IT.
Additional Success Factors
- Demonstrated success in bringing non-compliant business units into compliance and managing compliance life cycle.
- Proficient in performing audits, responding to audits, and facilitating IT's compliance with an Internal Audit department.
- In-depth experience with writing policies specific to IT systems or controls and for the business-at-large
- In-depth knowledge and experience in bringing previously non-compliant business units or subsidiaries into compliance, including deep-dive discovery of existing policies and procedures of non-compliant entity and managing the full compliance lifecycle of that entity as it becomes fully compliant.
- Strong system implementation and maintenance experience.
- Strong planning, communication, negotiation, leadership, and relationship-building skills.
- Ability to work closely with Analysts, Project Managers, Developers, and Middle- and Senior-level management across the entire organization.
- Strong understanding of control overlap between regulatory requirements & governance frameworks, and how to track that overlap to the extent that individual controls for overlapped framework areas do not exist.
- Understanding of multi-regulatory/governance environments and how to build controls and tie those controls to policies and procedures in such a way as to cover multiple regulations or governance frameworks or requirements with a single policy, standard, procedure, or guideline.
- Ability to get work done through people and excellent interface skills are essential.
- Ability to work in a dynamic environment and oversee multiple initiatives and/or large, complex projects.
- Healthcare or other government regulated industry experience desired.
- Experience in developing an ISO 27000 ISMS desired.
- Ability to comprehend SQL required.
- ISACA certification is beneficial.
- CISSP and/or technical security certification beneficial.
- Act with integrity in all ways and at all times, remaining honest, transparent, and respectful in all relationships.
- Keep the patient at the center of everything that you do, building lifelong trust.
- Foster open collaboration and constructive dialogue with everyone around you.
- Continuously innovate new solutions, influencing and responding to change.
- Focus on superior outcomes, and calibrate work processes for outstanding results.
Our Investment in You
- Competitive salary.
- Competitive health and insurance benefits.
- Annual target bonus or commission.
- Paid vacation and sick time.
- Frequent company update talks with our leadership team.
Hanger, Inc. is committed to providing equal employment opportunity in all aspects of the employer-employee relationship. All conditions and privileges of employment are administered to all employees without discrimination or harassment because of race, religious creed, color, age, sex, sexual orientation, gender identity, national origin, religion, marital status, medical condition, physical or mental disability, military service, pregnancy, childbirth and related medical conditions, special disabled veteran status, or any other classification protected by federal, state, and local laws and ordinances. The Company will comply fully with all applicable state or local fair employment laws that forbid discrimination or harassment on the basis of other protected characteristics. Retaliation against any employee for filing or supporting a complaint of discrimination or harassment is prohibited.