Senior IT Risk & Compliance Manager

Build a career powered by innovations that matter!  At Novanta, our innovations power technology products that are transforming healthcare and advanced manufacturing—improving productivity, enhancing people’s lives and redefining what’s possible.  We create for our global customers engineered components and sub-systems that deliver extreme precision and performance for a range of mission-critical applications—from minimally invasive surgery to robotics to 3D metal printing.

Novanta is one global team with over 26 offices located in The Americas, Europe and Asia-Pacific.  Looking for a great place to work?  You have found it with a culture that embraces teamwork, collaboration and empowerment.  Come explore Novanta.

This position is part of Novanta’s Corporate and Shared Services global teams.  Novanta’s Corporate and Shared Services teams play an important role in executing the company’s strategic mission and operations. Included in Corporate and Shared Services are the business functions including Finance, Accounting, Human Resources, Information Technology, Legal, Compliance, Corporate Development and Corporate Marketing.  The Corporate and Shared Services teams work closely with all Novanta business units to support operating initiatives contributing to the organization’s financial success.

Summary

We are seeking an experienced Senior IT Risk & Compliance Manager to join our team. The ideal candidate will have experience managing various IT Compliance programs, including those associated with integrated SOX audit activities and ISO-based information security programs. In addition to the day-to-day management of programmatic activities, this role will focus on process improvement, leveraging data and technology to mature capabilities, and the pro-active identification of risks and associated control solutions to improve Novanta’s security posture and promote compliance.

This role requires a professional with experience working in organizations undertaking significant digital transformations, such as large-scale ERP implementations, cloud migrations, and the adoption of emerging technologies (e.g. AI). This role will report to the Senior Director of Governance Risk & Compliance and will partner with various internal and external stakeholders to mature Novanta’s existing program capabilities.

Primary Responsibilities

• Manage the compliance activities of the ISO 27001 information security program as well as the IT audit activities associated with the SOX program.
• Continuously identify opportunities to improve the operation of various compliance initiatives and establish procedures to promote efficient, repeatable, and sustainable program results.
• Develop, build & implement tools to improve compliance testing efficiency and effectiveness, moving the organization towards a continuous monitoring paradigm.
• Pro-actively assess compliance readiness and provide leading practice recommendations for digital transformation initiatives such as IT and business system implementations, cloud migration activities, and the adoption of emerging technology capabilities.
• Leverage deep technical IT audit knowledge to guide implementation of controls, remediate deficiencies / non-conformities, and navigate the impact of changes in the technology environment on different compliance obligations. Also, serve as a subject matter expert with respect to regulatory expectations pertinent to the various compliance obligations managed.
• Facilitate the integration of acquired entities' control environments into existing compliance frameworks as needed.
• Perform various other reviews of IT management policies and procedures such as information security, change management, data management, SDLC, to ensure that controls surrounding these processes are adequate. Recommend and draft new policies and procedures in areas of perceived gaps.
• Stay current with industry regulations and best practices to ensure ongoing compliance.
• Demonstrate strong project management skills, balancing competing priorities under pressure while managing sensitive and confidential information.
• Participate in design discussions to define and integrate compliance requirements throughout the development lifecycle of new and ongoing projects.
• Exhibit exceptional verbal and written communication skills, with the ability to collaborate across teams and deliver clear, professional and concise information to internal and external stakeholders.
• Foster positive and collaborative relationships with process/control owners, leadership, internal and external auditors.
• Participate in the development of training plans to educate staff on security principles, fostering a culture of compliance across the organization. Promote a proactive culture of IT compliance, inspiring teams to prioritize privacy and security at every level.
• Manage third-party contract labor involved in various compliance initiatives, at times overseeing teams of 3-5 staff.

Required Experience, Education, Skills, Training and Competencies

• Bachelor’s degree in computer science, information management, security and engineering, or other related degree.
• Professional certification (e.g., CISA, CRISC, CISSP) is preferred.
• Minimum of 7 years of experience in IT audit and compliance roles, preferably within a regulated industry.
• In-depth knowledge of regulatory requirements and industry standards (e.g., GDPR, ISO 27001, SOX, NIS2). ISO 27001 Lead Auditor certification is a plus.
• Strong ethical standards and a commitment to maintaining confidentiality and integrity in all activities.
• Strong analytical and problem-solving skills, with the ability to assess complex issues, develop, and implement effective solutions.
• Experience with global manufacturing organizations.
• Exposure to Oracle EBS and SAP ECC/Cloud in a manufacturing setting is preferred.
• Big Four auditing experience is a plus.
• Working knowledge of AuditBoard is a plus.
• Excellent communication and interpersonal skills, with the ability to influence and collaborate with stakeholders at all levels.
• Proven ability to manage multiple tasks and projects simultaneously, with keen attention to detail.

Travel Requirements  

• As needed for projects, estimated at 15%

Physical Requirements

• Mobility to work in a standard office setting and to use standard office equipment, including a computer.
• Ability to use vison to read computer screen and read printed materials

Novanta is proud to be an equal employment opportunity and affirmative action workplace. We consider all qualified applicants without regard to race, color, religion, sex (including pregnancy), sexual orientation, gender identity or expression, national origin, military and veteran status, disability, genetics, or any other category protected by federal law or Novanta policy.

Please call +1 781-266-5700 if you need a disability accommodation for any part of the employment process.