Transforming smiles, changing lives
At Align Technology, we believe a great smile can transform a person’s life, so we create technology that gives people the confidence to take on whatever’s next. We revolutionized the orthodontic industry with the introduction of the Invisalign system, and we have never lost sight of that spirit of innovation. Our diverse and collaborative teams are constantly pushing the boundaries of what’s possible.
Ready to join us?
About this opportunity
Sr. IT Audit Manager, Security and Privacy – Raleigh, NC
Align Technology seeks a Sr. IT Audit Manager, Security & Privacy, based in Raleigh, NC. The Sr. IT Audit Manager role will report to the Senior Director of IT Audit. Technology Risk Management, Cybersecurity and Data Privacy are increasingly important areas and this is an exciting opportunity to join our auditing department within Align Technology and to work closely with our IT, Infosec, Business teams and our Align leadership.
This will be a hands-on role to perform independent assessments and serve as an advisor to the organization on Cyber and Privacy matters. This role will audit IT initiatives globally for our Invisalign, iTero and Exocad brands performing reviews related to Cybersecurity, Data Privacy, Infrastructure, SOX, SOC compliance, Cloud & Third Party Risk management, PCI compliance, etc. In addition, this role will participate in our strategic Digital Transformation initiative and audit and advise on technology risk related matters.
A successful candidate needs to be highly collaborative in nature, ability to build strong partnerships and leverage relationships to help further mature security and data privacy, while keeping an eye on emerging risks and threats.
In this role, you will…
- The Sr. IT Audit Manager position is responsible for performing Cyber, Privacy and Infrastructure Security and Controls review audits throughout the organization globally. This role will perform reviews against known Security Frameworks (such as NIST, ISO 27000 series, GDPR, etc.) across all 5 main stages in the security lifecycle, i.e. Identify, Protect, Detect, Respond and Recover. This role will also perform Data Privacy reviews against various Privacy Standards (e.g. GDPR, CCPA, China Cybersecurity/CPCS, etc.)
- This role will also be instrumental to identify vulnerabilities and gaps and make IT, R&D and the business aware of risks and issues identified to strengthen the overall security posture of the organization.
- Review Security policies, standards and technical controls related to infrastructure, application, database, cloud, network devices (Firewalls, routers, switches, wireless access points) and participate in various security improvement/ optimization initiatives.
- Be a ‘Trusted Advisor’ on Cybersecurity, Data Privacy and Infrastructure to the organization (e.g. IT, R&D, Security, Operations, etc.) and feedback/inputs frequently sought on these topics
- Continuously act as a Cybersecurity and Data Privacy Advocate within the organization, constantly helping to raise awareness, educate groups of risks and being proactive to help Align protect against new threats
- Responsible for Privacy audits and data privacy compliance work performed by Internal Audit (IA)
- Support IT infrastructure and technology teams with multi-year Digital Transformation initiative, in a consultative and audit role to support this important strategic initiative. This could include areas such as Infrastructure, Security, Privacy, Identity & Access Management (IAM), Multi Factor Authentication (MFA), etc.
- Lead or participate in Cyber risk, Privacy and Intellectual Property (IP) Protection forums, participate in our Security Council meetings within Align, with linkage to our Enterprise Risk Management (ERM) program
- Identify new Cybersecurity threats, risks and issues by performing hands-on reviews (e.g. pen tests) and making management aware to remediate these issues.
- Provided support to our Digital Transformation initiative and audit and advise on technology risk related matters, e.g. customer experience, technology changes, Identity & Access Management (IAM), Data storage and privacy, etc.
- Assist IA or Security team with Investigations related to Cybersecurity, Data Privacy or Infrastructure as necessary to identify root causes and provide suggestions on next steps and remediations required
- The Sr. IT Audit Manager will perform hands-on security reviews, network and infrastructure penetration testing (external and internal) based on approval from Align and according to our audit plan to provide best practice advice and recommendations.
- The Sr. IT Audit Manager, Security & Privacy will perform reviews and provide advice of all aspects related to Security, including but not limited to: Policies, Standards, Technical Controls, Security Governance, Vulnerability Management, Identity and Access Management, Risk Assessment, Data Security, Alerts & Monitoring, Incident Response Management, etc.
- In addition, the Sr. IT Audit Manager will also participate in Internal Audit and special IT projects, perform technical Security & Privacy control reviews, preparation and testing for SOX 404 ITGC/Security, SOC2, PCI, GDPR, Privacy and other compliance standards as required.
- This role will need to research and remain up to speed on new security threats and vulnerabilities and help to raise awareness and notify Align of any credible threats or gaps.
- Help and support Compliance testing and other audit projects, as necessary throughout the year.
- Ability to build relationships and partnerships to act as a consultant and advisor to the business
- With direction from leadership, assist in planning and execution of audit projects based on evidence, using judgment and common sense to draw logical conclusions.
- Perform reviews of process documentation, policies and procedures and participate in the identification of process/control improvements and solutions.
- Create, maintain and update internal control / process documentation, conduct interviews, review documents and prepare working papers to support observations.
- Communicate findings and recommendations to department management, track remediation and perform validation procedures.
- On a global basis, proactively develop effective, collaborative working relationships throughout the organization with finance management and other functional areas.
- Other duties may be assigned.
In this role, you’ll need …
To perform this job successfully, an individual must have ability to perform each essential duty satisfactorily. The Requirements listed are representative of the knowledge, skill and/or ability required.
- Bachelor’s degree in computer science, information systems business administration or related discipline is required
- 10-12+ years of relevant experience, i.e. Information System Audit and hands-on Information Security and Data privacy experience, including Cybersecurity incident response, SIEM, disaster recovery and business continuity management, identity and access management, information privacy, security operations center management and security architecture, with progressive responsibility
- Public Accounting Big 4 Audit experience highly desired
- CISSP, CISM certification required
- Other certifications preferred: (e.g., CISA, CPP, CRISC, CEH, AWS, Azure)
- Data privacy qualifications preferred (e.g. CIPM, CIPP, CDPSE)
- Strong knowledge & prior experience with PCI compliance
- Prior experience in managing and auditing Cloud security and Third Parties
- Deep hands-on technical infrastructure and security experience, including but not limited to: Security Penetration Testing, Cloud systems, Oracle and SQL databases, Linux, UNIX, Windows operating systems, TCP/IP networks, Firewalls, Routers, Switches, VPN, Wireless networks, etc.
- Deep working knowledge with Privacy standards globally including GDPR, HIPAA, China Cybersecurity laws, etc.
- Experience with Security and Privacy reviews and standards, e.g. designing and implementing programs to secure and maintain systems consistent with principles embodied in ISO, SOX, NIST, SSAE, HIPAA, PCI, FedRAMP, FISMA, GovCloud, FIPS, and comparable US and international standards and frameworks
- Knowledgeable of data interrogation tools (e.g. IDEA, ACL) or SQL
- Excellent interpersonal, written and verbal communication skills, i.e. effective presentations to all levels of management up to and including Board and C-levels.
- Ability to manage multiple tasks concurrently with limited supervision
- Ability to effectively engage and communicate as directed with a variety of audiences both technical and non-technical staff.
- Must be able to explain complex systems and technical topics to others who may have minimal technical knowledge using oral, written and visual presentations
- Strong analytical skills. Ability to process and analyze information and develop related action plans
- Excellent MS Office skills, including Excel and Visio
WORK SCHEDULE / HOURS
Regular business hours
- Global support position; requires flexible schedule to accommodate meetings, etc.
- Incumbents are expected to fulfill their responsibilities with limited supervision while maintaining effective communications with the Sr. Director, IT Audit, Leadership and the IT/Infosec organization
Ability and willingness to travel, as required, up to 20%
Sound like a good fit?
Great! Click the “Apply” link to let us know you are interested. Not the right fit? Don’t worry, Align is quickly growing so we are creating more opportunities to expand our Align family. Please consider joining our Talent Network to receive notifications about future jobs or sharing this opportunity with others in your network.
Align Technology is a publicly traded medical device company that is transforming smiles and changing lives. Our global team of talented employees develop innovative technology, tools and treatment options to help dental professionals worldwide achieve the clinical results they expect. Our digital ecosystem combines the power of technology to create beautiful smiles through the integration of AI and machine learning, digital imaging and visualization, biomechanics and material science to develop the Invisalign system, the most advanced clear aligner system in the world; iTero Intraoral Scanners and OrthoCAD digital services. Did you know? Align is the world’s largest manufacturer of custom 3D-printed materials.
By joining Align, you will be part of a global, fast-growing company in one of the most dynamic industries. Great people, innovative technologies, and meaningful work – these are just some of the things employees say make Align Technology a great place to work.
We respect your privacy. Please review our Applicant Privacy Policies for additional information.
Global Diversity Statement:
At Align, we believe in the power of a smile, and we know that every smile is as unique as our employees. As we grow, we will continue building a workforce of diverse cultural backgrounds and life experiences and fostering a culture of open-mindedness and compassion for all our employees. We live our company values by promoting healthy people and healthy communities. All with the intent of changing millions of lives, one unique smile at a time.
Equal Opportunity Statement
It is our policy to provide equal employment opportunity in all of our employment practices without regard to race, color, religion, sex, national origin, ancestry, marital status, protected veteran status, age, individuals with disabilities, sexual orientation or gender identity or expression or any other legally protected category. Applicants for positions with Align must be legally authorized to work in the country which they are applying for and verification of employment eligibility will be required as a condition of hire.
Req ID : 30447
- Address Morrisville, NC, USA
- Salary Offer $100.000 ~
- Experience Level Senior
- Total Years Experience 10-20