Global Security – Asia-Pacific (APAC) IT Application Security Lead

Halyard Health (NYSE: HYH) is a medical technology company focused on preventing infection, eliminating pain and speeding recovery for healthcare providers and their patients. Headquartered in Alpharetta, Georgia, Halyard is committed to addressing some of today's most important healthcare needs, such as preventing healthcare-associated infections and reducing the use of narcotics while helping patients move from surgery to recovery. Halyard's business segments — Surgical & Infection Prevention and Medical Devices — develop, manufacture and market clinically superior solutions that improve medical outcomes and business performance in more than 100 countries. For more information, visit www.halyardhealth.com. If you are inspired by the opportunity to transform healthcare delivery, join the Halyard Health team!

PRINCIPAL ACCOUNTABILITIES• Serve as the primary point of contact for IT in the Asia-Pac region for all matters related to SAP security

access, non-SAP security access, role design, and control of sensitive access and enforcement of segregation of duties.

• Lead the development of an application security program for the Asia-Pacific region that meets the Halyard security standards as well as the local business requirements

• Lead the efforts to design and deploy a consistent GRC SAP role design strategy for the Asia-Pacific region.

JOB OVERVIEWThe APAC IT Application Security Lead is responsible for developing, implementing, and managing all policies, processes, controls and standards related to the application security environment for the Asia-Pacific region. Reporting to the Security, Strategy and Architecture Leader, this position is accountable for the management and control of the logical access controls, role design and sensitive access standards for the SAP environment as well as all other non-SAP applications.

The APAC IT Application Security Lead will work with both the IT and business teams to effectively design and implement a risk-based application security program that delivers on the security standards of the company, enables the business, and ensures the compliance requirements are achieved. The individual must possess a firm understanding of various security areas, including but not limited to application security strategy, SAP security strategy, role design (including task-based roles, job-based roles, composite roles, etc.), business processes, segregation of duties, GRC tools and processes, Firefighter, compliance requirements and business process controls.

COMPANY BACKGROUNDHeadquartered in Alpharetta, Georgia, Halyard Health provides the essentials that help restore patients from

crisis to better health and improve the quality of patients' lives. Through a portfolio of innovative medical

device and infection prevention products, Halyard Health offers clinicians a range of solutions in pain

management, respiratory, and digestive health, and medical supplies for the operating room. Around the world,

medical professionals turn to Halyard Health for a wide portfolio of solutions that improve health, hygiene and

wellbeing of their patients and staff.

The statements above are intended to describe the general nature and level of work performed by employees assigned to this classification. Statements are not intended to be construed as an exhaustive list of all duties, responsibilities and skills required for this position.

Halyard Health is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.

For more information or to apply for this job, email careers@hyh.comIn your application include a covering note in your email and attach your resume.

HALYARD Australia Pty Limited. ABN 25 100 844 488Level 7, 52 Alfred Street, Milson’s Point NSW 2061. halyardhealth.com.au

PREFERRED QUALIFICATIONS AND EXPERIENCE• Bachelor's degree required, preferably in computer science, information systems, or engineering.• 5+ years of demonstrated success in executing SAP application security and non-SAP security • 3+ years hands-on experience with IT security audit and/or compliance experience. Strong familiarity with

SOX requirements for IT and business process required.• Proven ability to design and maintain SAP roles for a large, complex, global organization• Knowledge of SAP security troubleshooting through tracing, system dumps, and access error reports• Demonstrated experience working with business counterparts to understand business process and define

technical requirements• Experience working with GRC tools such as SAP GRC, Approva Bizrights, etc. for role maintenance, SOD

management and Firefighter• Experience with role design and application security strategy for SaaS and cloud apps (Salesforce.com,

Workday, ServiceNow) preferred• Experience working with IDM tools such as SAP IDM, CA, and Oracle IDM• Experience with ADFS and SSO preferred• Experience working with outsourced organizations and third party vendors preferred• Exceptional planning, organization, communication, presentation, multitasking, prioritization and business

analysis skills.

• Design and deploy a strategy for the control of elevated SAP access through Firefighter for both business and IT. Scope to include Firefighter access controls, review processes, and owner assignments. Oversee the periodic review processes around Firefighter and ensure compliance and security requirements are achieved.

• Develop processes to monitor the effectiveness of control operations, including collecting and reviewing evidence of application security control operation, conducting periodic audits of processes, and communicating results to IT Management.

• Serve as the liaison for the IT Compliance team to remediate security access and other IT audit issues in the Asia-Pacific region.

• Serve as the Asia-Pacific IT lead for the execution and maintenance of the Data Privacy program. Participate in the Data Privacy Steering Committee and liaison with the business to achieve published objectives around secure data management.