Manager, Information Risk & Compliance

About The Position

Requirements

• Bachelor’s degree in business administration, Information Technology, Cybersecurity, Risk Management, or a related field.
• 7+ years of experience in compliance, audit, or risk management, with a significant focus on information security assessments, audits, and IT controls.
• Proven experience in automating compliance and testing processes, particularly in IT control testing or auditing environments.
• 3+ years of Management experience
• Experience managing both domestic and international compliance requirements and assessments
• Strong knowledge of industry standards and regulatory frameworks, including ISO 27001, SOC 2, SOC 1, PCI-DSS, NIST, HIPAA, GDPR, and others.
• Strong knowledge of security testing methods related to vulnerability management, ethical hacking, penetration testing, application code testing and offensive security best practices.
• Understanding statutory and regulatory requirements relating to privacy, data security and related topics.
• Leadership: Proven ability to lead and motivate teams, fostering a collaborative environment to achieve compliance and audit goals.
• Compliance Expertise: In-depth knowledge of regulatory compliance requirements, industry standards, and audit frameworks.
• Automation & Process Improvement: Experience in driving automation and process improvements to increase efficiency and reduce errors in compliance and testing workflows.
• Analytical Skills: Strong ability to assess complex audit data, identify trends, and provide actionable insights to senior leadership.
• Communication Skills: Excellent verbal and written communication skills, with the ability to translate complex compliance and audit information for a variety of audiences, including senior management and external auditors.

Nice To Haves

• Certified Information Systems Auditor (CISA)
• Certified in Risk and Information Systems Control (CRISC)
• Certified Information Privacy Professional (CIPP)
• Certified Information Systems Security Professional (CISSP)
• Certified Compliance and Ethics Professional (CCEP)
• Other relevant certifications (e.g., SOC 2, ISO 27001)

Responsibilities

• Lead a team responsible for domestic and international regulatory compliance audits, information security assessments, and broader cybersecurity risk initiatives.
• Design, implement, and enforce security, risk, and compliance controls.
• Oversee day-to-day compliance operations, including identifying and closing enterprise risk and control gaps.
• Establish monitoring and reporting processes using key cybersecurity and compliance metrics aligned to frameworks and regulations such as ISO 27001, NIST, PCI DSS, HIPAA, and SOX.
• Lead cross-functional teams and partner with IT and business stakeholders.
• Support security operations and risk assessments.
• Drive internal and external audit activities, including maintaining audit documentation and evidence.
• Contribute to strategic cybersecurity and compliance initiatives by aligning programs to the enterprise risk roadmap.

Benefits

• Helping People Thrive in a Connected World
• A place where you can thrive
• For U.S. benefit information, visit myassurantbenefits.com.
• For benefit information outside the U.S., please speak with your recruiter.