IT Risk and Compliance Manager - Senior

About The Position

Requirements

• Master’s degree in Information Security, Information Technology Management, Risk Management, or related field.
• 8+ years of experience in information security governance, risk, and compliance leadership roles.
• Strong knowledge of security frameworks and standards (e.g., SOC 2, NIST SP 800-53, ISO 27001, PCI, HIPAA) and regulatory requirements (e.g., NYDFS, Delaware Insurance Data Security, PCI, HIPAA).
• Extensive experience with enterprise GRC platforms and tools.
• Excellent analytical, communication, and leadership skills.
• Demonstrated ability to effectively manage cybersecurity audits and risk assessments to positive outcomes.

Nice To Haves

• Professional certifications such as CISSP, CISM, CRISC, CDPSE, or CISA are preferred.
• Ability to manage multiple priorities and work cross-functionally.
• Expert in developing governance frameworks and reporting structures.
• Strong attention to detail and problem-solving capabilities.

Responsibilities

• Manage cross functional teams to ensure enterprise governance and compliance initiatives align with strategic goals are met successfully, on time, and with budget.
• Manage cross functional teams to drive successful results on business required SOC 2 Type II audits that directly support revenue growth.
• Manage IPH regulatory engagements, stay abreast of future regulatory requirements and the business impact they may present.
• Manage IPH Enterprise Data Security and Governance initiatives and ensure alignment with regulatory requirements, internal policies, and industry best practice information security standards.
• Manage cross functional teams to ensure compliance with applicable regulations and business requirements (e.g., SOC 2, NYDFS, Delaware Insurance Data Security, PCI, HIPAA, GDPR) and influence executive leadership.
• Manage IPH enterprise data security and governance compliance initiatives.
• Oversee the timely and appropriate data breach communications to partners and clients.
• Create and lead cross functional teams as needed to successfully complete and submit required business partner information security questionnaires.
• Develop and manage IPH information security governance framework.
• Lead board and executive leadership compliance and governance-related initiatives.
• Develop and manage key risk indicators (KPI’s) and escalate emerging risks to leadership.
• Analyze governance, risk, and compliance data to identify trends, gaps, and improvement opportunities.
• Ability to work independently on complex enterprise GRC initiatives.
• Mentor junior team members and contribute to team development.
• Stay current with emerging GRC technologies, cybersecurity risks, and regulatory changes.
• Promote a culture of security awareness and risk-informed decision-making.

Benefits

• Comprehensive full medical, dental and vision Insurance
• Basic Life Insurance at no cost to the employee
• Company paid short-term and long-term disability
• 12 weeks of 100% paid Parental Leave
• Health Savings Account (HSA)
• Flexible Spending Accounts (FSA)
• Retirement savings plan
• Personal Paid Time Off
• Paid holidays and company-wide Wellness Day off
• Paid time off to volunteer at nonprofit organizations
• Pet friendly office environment
• Commuter Benefits
• Group Pet Insurance
• On the job training and skills development
• Employee Assistance Program (EAP)