Information Risk Management and IT Audit Analyst

Deerfield, IL, US
Aug 29, 2020
Required Education
Masters Degree/MBA
Position Type
Full time

Ready to join a team committed to developing and commercializing gene therapies for patients and families devastated by rare neurological genetic diseases? AveXis is advancing cutting-edge science, starting with our proprietary gene therapy for the treatment of spinal muscular atrophy (SMA). We are in the midst of an incredible journey and are looking for passionate individuals to join us on this important mission.

AveXis, a Novartis company, is dedicated to developing and commercializing novel treatments for patients suffering from rare and life-threatening neurological genetic diseases. Our initial product is a proprietary gene therapy approved by the US Food and Drug Administration for the treatment of pediatric patients with SMA. In addition to developing a treatment for SMA, AveXis also plans to develop other novel treatments for rare neurological diseases, including Rett syndrome and a genetic form of amyotrophic lateral sclerosis caused by mutations in the superoxide dismutase 1 (SOD1) gene.

The information Risk Management and IT Audit Analyst is responsible for performing risk assessments, audits, and consultation on projects, and support information management policy framework.

  • Perform periodic audits and maintain a risk register to monitor and remediated gaps.
  • Coordinate the development of implementation plans and procedures to ensure that AveXis IT policies/procedures are properly implemented.
  • Provide strategic risk guidance and consultation for all AveXis projects, including the evaluation and recommendation of technical standards and controls.
  • Support the implementation of the information Management framework Policy Framework, related methodology, standards, services and tools at AveXis, in close alignment with Novartis.
  • Support a culture of accountability, collaboration, courage and continuous improvement.
  • Develop, manage and improve a comprehensive information security risk-based program to ensure the integrity, confidentiality and availability of information assets.
  • Performs information security risk/gap assessment and work with business owners to implement solutions.
  • Identifies new solutions, architectures or technologies for review at the meeting. Prepares appropriate deliverables for review prior to each meeting.
  • Applies risk based approach or value metrics to define project priorities.
  • Enhances education and awareness programs and advises departments on all levels on security issues, best practices, and vulnerabilities.
  • Work closely with controls/business owners on review, update and test controls
  • Other related duties as assigned.

  • University degree in business/technical/scientific area, or comparable education/experience.
  • 5 years of experience in information technology risk management, compliance and / or information security roles.
  • Understanding of regulated industries and relevant regulations/compliance requirements (e.g. SOX, SOC, NIST 800-53 or ISO27001).
  • Must have Presentation Skills, Analytical Skills, MS Office Skills, Project Scheduling, and Strategic Planning & Analysis.
  • Knowledge of technology trends and developments in the area of information security and risk management.

The level of this position will be based on the final candidate's qualifications.

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.

AveXis is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity, national origin, genetics, disability, age, sexual orientation or veteran status.