IT Compliance Specialist

Position Scope:

As an IT Compliance Specialist at Anika Therapeutics, you will play a vital role in supporting our Security, Risk, and Compliance initiatives. You will collaborate in a dynamic team environment to ensure adherence to regulatory, legal, internal audit, and industry best practices. Your efforts will be instrumental in ensuring compliance with new products, markets, and functions through Privacy analysis and General IT Compliance across our global business entity.

Specific Responsibilities:

• Conduct detailed reviews of IT Standards compliance for Anika’s IT and assist with reviews at Anika’s Operating Units as needed.
• Perform reviews of related IT Compliance documentation, procedures, and controls, creating work papers and making recommendations for remediation.
• Document and track issues and findings across all compliance-related activities, facilitating discussions, or being directly involved in the process.
• Collaborate on issue/remediation planning on IT-related issues such as Security risks, Regulatory, Data Protection, and User access.
• Implement compliance monitoring activities and solutions, identifying, reporting, and implementing monitoring controls, and making recommendations for training or mechanisms to mitigate risks and improve business operations and compliance programs.
• Support all aspects of IT compliance, including privacy, security, document retention, and financial regulations (SOX404, GDPR, ISO 27K, NIST CSF, NIST SP 800-30/53).
• Work with the Cybersecurity team to identify information security risks threatening the confidentiality, integrity, and availability of Anika’s products, systems, and services.
• Coordinate External Audits and interact with external regulatory and legal entities.
• Collaborate with other corporate functions to ensure a strong security posture.
• Work independently and across teams to develop and distribute important information on processes, procedures, guidelines, etc.
• Perform other duties as required.

Supervisory Responsibilities:

None

Required Qualifications:

• Bachelor’s degree or equivalent experience.
• 3 years in IT, Information Security Services, IT audit, and/or IT Risk Management Experience.
• Experience with developing General Controls and/or IT Compliance-related standards in an SAP environment.
• Proven ability to apply Compliance toward internal IT controls for Sarbanes-Oxley (SOX), General Data Privacy Regulation (GDPR), and internal and external audits.
• Strong experience with compliance regulations, security frameworks, and standards (NIST, HIPAA, ISO, COBIT, OWASP, ITIL, etc.).
• Knowledge of information risk management governance, policies, libraries, analytics & reporting, and issue management.
• Strong interpersonal skills to build and maintain ongoing business relationships.
• Excellent oral and written communication skills for interacting with both internal and external customers.

Desired Experience, Knowledge, and Skills:

• CISA, CRISC, CISM and other similar professional designations.

• Capability to address the demands of a dynamic environment and foster constructive work relationships among Business, Legal, and IT departments.

• Ability to rapidly identify, evaluate, and resolve conflicts and complaints.
• Excellent communication skills—both written and verbal—with the ability to influence at all levels of the organization.
• Strong organizational skills and ability to plan and prioritize work while responding flexibly to changing priorities.
• Self-motivated and proactive in resolving problems, dealing with conflicting priorities calmly, reliably, and effectively.