Senior Information Security Engineer - SOX Compliance Lead

at  Enovis

Job Description:
At Enovis™ we sweat the little things. We embrace collaboration with our partners and patients, and we glory in the grind of scientific excellence — with the goal of transforming medical technology as we know it.
Because that’s how we change the lives of patients for the better. And that’s how we create better together.
As a key member of the Information Technology team you will play an integral part in helping Enovis drive the medical technology industry forward through transforming patient care and creating better patient outcomes.
Job Title/High Level Position Summary:
Senior Information Security Engineer – SOX Compliance Lead is responsible for the planning, design and build of security architectures; oversees the implementation of network and computer security and ensures compliance with corporate cybersecurity policies and procedures. Monitors cybersecurity requirements for local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related network devices. Performs security assessments of applications and systems using penetration and vulnerability testing and risk analysis. Configures and installs firewalls and intrusion detection systems. Implements software fixes (patches) to remove system vulnerabilities. Responds immediately to cybersecurity-related incidents and provides a thorough post-event analysis. Investigates intrusion incidents and conducts forensic investigations. Wide-ranging experience uses professional concepts and company objectives to resolve complex issues in creative and effective ways. Exercises considerable latitude in determining objectives and approaches to assignments.

Key Responsibilities:

• Works independently with both IT and business stakeholders to define and document both the IT general controls and IT processes and technical needs to support and generate evidence for those controls within the key applications landscape.
• Solely responsible for planning, studying, evaluation, reporting and follow-up on the SOX audit to include, but not limited to, process narratives, documenting process flows, identifying and reporting and deficiencies or areas of improvement as required ahead of both internal and external audit testing.
• Responsible to work with IT application teams to define the application process and testing for each respective application within SOX scope and subsequently conduct walkthroughs and communicate the same to the auditors for clarity of testing scope and understanding of controls.
• Responsible for preparing and presenting audit reports detailing the results of the audit to leadership.
• Serves as a liaison between the external audit and internal IT teams to ensure timely communication and action tracking for completion and clarity, and subsequent compensating controls where/if appropriate.
• Engaged across both internal IT applications and service desk teams to drive efficient processes and engagement.
• Coordinate with various business leaders and departments to create remediation plans for deficiencies or discrepancies in the findings.
• Engage on new software evaluation and enablement to communicate key needs required for SOX audit compliance expectations.
• Strong knowledge of audit procedures and controls and SQL to generate evidence is required.
• Experience in auditing key financial systems: Oracle EBS, SAP, Oracle EPM, Workday
• Works on complex projects that are often delivered in the form of objectives.
• Evaluate the IT organization’s compliance with HIPAA, PCI, GDPR and SOX regulations.
• Conduct vendor risk assessments based on industry standard frameworks.
• Provide threat and vulnerability analysis as well as security advisory services.
• Analyze and respond to software and hardware vulnerabilities.
• Aid in developing new documentation.
• Provide analysis and trending of security log data.
• Monitoring and tuning of the Tenable Vulnerability Management, SailPoint IdentityNow, SIEM and DLP systems.
• Provide Incident Response (IR) support when analysis confirms actionable incident.
• Integrate and share information with other analysts and other teams.
• Issue tracking and follow up.
• Escalation of certain incidents to relevant parties

Skills, Knowledge, and Abilities Requirements

• Ability to act as a subject-matter expert on audit, controls, systems, and processes.
• Manage relationships between business, I/T, internal and external auditors.
• Ability to problem-solve, considering business process and scope changes.
• Experience defining and conducting audit procedures and testing is required.
• Experience with SQL and ERPs is mandatory.
• Experience with Tenable Vulnerability Management
• Experience with SailPoint IdentityNow
• Experience with Fortinet Firewalls
• SIEM Systems (pref. Splunk)
• DLP Systems
• Service Management Tools (pref. ServiceNow)
• Technical network and IT skills (e.g., IP addressing, routing)
• Information Security Tools (e.g., firewalls, anti-virus, web filtering, email filtering)
• Experience with information security policies, intrusion response procedures, disaster recovery procedures, risk analysis, and significant experience administering the operations of a complex security infrastructure.
• Practical knowledge and experience with compliance and security framework standards such as SOX, PCI, SOC 2, NIST/CSF, CIS, ISO 27001.
• Working knowledge of current and upcoming privacy regulations such as GDPR and LGPD.
• Knowledge of cloud and SaaS solutions
• Effective communication skills to translate technical risks and exposures to a business perspective - formal reports and/or presentations.
• Strong analytical, troubleshooting & interpersonal skills.
• Strong verbal and written communication skills
• Self-motivated and able to work independently.
• Self-Leading- Demonstrate ethics and integrity according to the company’s principles and values.
• Must be customer focused, responsive, and take initiative in this role.

Minimum Basic Qualifications:

• 8 + years of experience in security operations related role
• BA/BS in related field preferred. Equivalent experience/certification acceptable.
• GSEC Certifications able to achieve certification within 6-12 months.
• CEH Certification a plus

“Creating better together”. It’s the Enovis purpose, and it’s what drives us and empowers us every day on a global scale. We know that the power to create better – for our customers, our team members, and our shareholders – begins with having the best team, pursuing common goals, operating at the highest levels, and delivering extraordinary outcomes.
Watch this short video and discover what creating better together means to us at Enovis:
Our Enovis Purpose, Values and Behaviors on Vimeo

We offer a comprehensive benefits package which includes:

• Medical Insurance
• Dental Insurance
• Vision Insurance
• Spending and Savings Accounts
• 401(k) Plan
• Vacation, Sick Leave, and Holidays
• Income Protection Plans
• Discounted Insurance Rates
• Legal Services

• Works independently with both IT and business stakeholders to define and document both the IT general controls and IT processes and technical needs to support and generate evidence for those controls within the key applications landscape.
• Solely responsible for planning, studying, evaluation, reporting and follow-up on the SOX audit to include, but not limited to, process narratives, documenting process flows, identifying and reporting and deficiencies or areas of improvement as required ahead of both internal and external audit testing.
• Responsible to work with IT application teams to define the application process and testing for each respective application within SOX scope and subsequently conduct walkthroughs and communicate the same to the auditors for clarity of testing scope and understanding of controls.
• Responsible for preparing and presenting audit reports detailing the results of the audit to leadership.
• Serves as a liaison between the external audit and internal IT teams to ensure timely communication and action tracking for completion and clarity, and subsequent compensating controls where/if appropriate.
• Engaged across both internal IT applications and service desk teams to drive efficient processes and engagement.
• Coordinate with various business leaders and departments to create remediation plans for deficiencies or discrepancies in the findings.
• Engage on new software evaluation and enablement to communicate key needs required for SOX audit compliance expectations.
• Strong knowledge of audit procedures and controls and SQL to generate evidence is required.
• Experience in auditing key financial systems: Oracle EBS, SAP, Oracle EPM, Workday
• Works on complex projects that are often delivered in the form of objectives.
• Evaluate the IT organization’s compliance with HIPAA, PCI, GDPR and SOX regulations.
• Conduct vendor risk assessments based on industry standard frameworks.
• Provide threat and vulnerability analysis as well as security advisory services.
• Analyze and respond to software and hardware vulnerabilities.
• Aid in developing new documentation.
• Provide analysis and trending of security log data.
• Monitoring and tuning of the Tenable Vulnerability Management, SailPoint IdentityNow, SIEM and DLP systems.
• Provide Incident Response (IR) support when analysis confirms actionable incident.
• Integrate and share information with other analysts and other teams.
• Issue tracking and follow up.
• Escalation of certain incidents to relevant partie