OSI Systems and its subsidiaries is a vertically integrated provider of specialized electronic systems and components that meet the critical needs in the homeland security, healthcare, defense, and aerospace industries. As a global company, we are dedicated to developing solutions for our customers and the people they serve to lead the way to a safer and healthier world.

OSI Systems is seeking a Sr. Manager, IT Compliance and Risk. This individual will lead efforts in maintaining compliance with various regulatory and security frameworks. They will have a deep understanding of security, compliance, regulatory frameworks (such as SOX ITGC, ISO 27001, NIST 800-171, CMMC, PCI-DSS), vendor security reviews, and customer interactions. This individual will also have a strong ability to collaborate with external and internal teams across functions and provide valuable insights and leadership in enhancing our security and compliance posture. They will report directly to the VP, Information Security and Risk Management.

• Lead the organization’s compliance efforts across SoX ITGC, ISO 27001/2, NIST 800-171 and other frameworks. Coordinate with third-party auditing firms to facilitate audits and provide necessary evidence.
• Drive resolutions for audit findings through effective control implementation.
• Develop and implement compliance policies and procedures and monitor controls in alignment with Information Security Control Framework to meet regulatory and contractual requirements. Proactively review existing IT compliance controls for regulatory updates and perform gap analysis.
• Periodically conduct IT Internal Audits. Maintain various internal and external audit and compliance schedules/reports for IT Management.
• Manage risk management process and assess potential risks to the organization’s IT Systems and Data. Develop and implement controls to mitigate identified risks. Proactively review risk register and risk treatment plans with risk owners and IT Leadership.
• Manage Third Party Risk Management process and conduct risk assessments (SaaS, technology platforms, etc.) and make recommendations to mitigate risk.
• Manage Change Management process and identify/implement continuous improvement opportunities.
• Develop dashboard and metrics to represent compliance and risk program performance.
• Manage IT policy, standards and procedure review process.
• Uphold the company’s core values of Integrity, Innovation, Accountability, and Teamwork.
• Demonstrate behavior consistent with the company’s Code of Ethics and Conduct.
• It is the responsibility of every employee to report to their manager or a member of senior management any quality problems or defects in order for corrective action to be implemented and to avoid recurrence of the problem.
• Duties may be modified or assigned at any time to meet the needs of the business.

• Bachelor’s degree in Computer Science, Information Security, or related field required.
• 5+ years of combined work experience in IT Governance, Compliance and Risk Management role needed.
• 3+ years of experience in implementing SOX ITGC, ISO 27001 and NIST 800-171 controls.
• At least 3 years of work experience in developing, implementing and monitoring IT Security controls, in a hybrid cloud computing environment (on-premises, AWS and Azure) desired.
• Experience in managing IT Risk Management processes is needed.
• Experience in managing a global team (4 or more team members) is essential.
• Hands-on experience with GRC platforms.
• Proven ability to lead a project from start to finish.
• Previous experience working in a global enterprise environment.
• Excellent verbal and written communication skills in English. Capability to clearly communicate compliance and audit risks.
• Problem solving skills and ability to work under pressure.
• Ability to work independently as well as in a team structure.
• Off-hours support may be needed.
• Professional certifications such as CISA, CIRISC, CISSP, CISM are highly desirable.
• Familiarity with standards and frameworks such as NIST 800-53, PCI-DSS, HIPAA Security and Privacy Rule, NIST Risk Management (800-37) is preferred.