Manager IT Compliance

About The Position

Requirements

• A bachelor’s degree in Information Technology, Computer Science, or related fields.
• 10+ years of experience in cybersecurity, IT compliance, or auditing, particularly in PCI and Sarbanes-Oxley (SOX) regulations
• 3+ years of direct leadership experience (ideally in a matrix environment), as well as managing external resources
• Strong communication, project management, and team collaboration skills are essential for working across departments and with auditors
• Knowledge of IT general controls (ITGC), access management, change management, and system development. Familiarity with security and compliance frameworks (e.g., SOC 1, SOC 2, ISO 27001) is essential
• Experience in assessing and managing IT-related risks that impact financial reporting and auditing
• Ability to design, implement, and monitor compliance programs, ensuring that IT systems and controls meet SOX and PCI regulatory requirements
• An in-depth understanding of process governance, risk and compliance discipline. Knowledge of the latest trends in the management of Security & IT Compliance
• Working knowledge of AI risk and governance frameworks (NIST AI RMF, ISO/IEC 42001, OWASP AI Security & Privacy Guide, MITRE ATLAS) and the ability to translate them into auditable controls within an enterprise GRC program
• Hands-on experience with GRC tooling for control testing, evidence management, policy lifecycle, and continuous compliance monitoring (e.g., Archer, ServiceNow GRC, Vanta, Drata, AuditBoard, MetricStream)
• Familiarity with data-privacy and AI-related regulations (GDPR, CCPA/CPRA, state-level AI laws, EU AI Act) and the ability to translate them into operational controls and vendor-management requirements
• Ability to organize, plan, execute and supervise multiple major projects with minimal supervision
• Excellent communication and interpersonal skills

Nice To Haves

• Experience leading AI-specific vendor risk reviews, building AI control catalogs, or operating an AI Governance Committee is strongly preferred
• Additional GRC and AI-governance certifications such as CGRC, CGEIT, IAPP AI Governance Professional (AIGP), or ISO/IEC 42001 Lead Implementer are highly desirable
• Experience operating within a telecom, media, or other highly regulated industry, including familiarity with CPNI, FCC, and customer-data obligations, is a plus
• Security certifications such as CISSP, CISM, CISA, and CRISC are a plus
• A current PCI ISA or QSA certification and recent experience is highly desirable
• Technical conference participation, paper submissions, and public presentations

Responsibilities

• Provide leadership, guidance and direction to the Security & IT Compliance team and related stakeholders
• Act as a central contact person for the organization for all matters related to Security & IT Compliance
• Define and maintain the Security & IT Compliance framework for the various IT Compliance disciplines including people, process and technologies needed to maintain compliance
• Design, specify, implement, and monitor internal controls which help to ensure that AUSA is compliant with relevant laws and regulations, internal policies and standards, and other requirements
• Evaluate IT controls and drive the remediation of control weaknesses, communicate to respective compliance stakeholders
• Supervise the performance of risk assessments, self-audits and establish performance metrics against control-related policies and procedures
• Provide recommendations for meeting compliance requirements and manage any exceptions to closure
• Develop and deliver multi-faceted training/awareness programs to teach staff the importance of compliance, and the ways in which compliance is maintained with laws and regulations, internal policies and standards and other requirements
• Maintain an up-to-date and thorough understanding of all requirements which AUSA must comply, including laws and regulations, contractual commitments, internal policies and procedures
• Provide oversight to compliance activities when interacting with third parties/vendors. Review contractual agreements, ensuring IT compliance adherence is stipulated
• Prepare/perform/approve performance evaluations and development plans; Interview/approve personnel for hire
• Manage vendor relationships, ensures the vendors are responsive to company needs
• Negotiate with legal on all contracts, statements of work and maintenance agreements to ensure compliance
• Participate in budget planning and analysis
• Lead the design and operation of the company’s AI governance and compliance program, aligning controls and policies with recognized frameworks such as the NIST AI Risk Management Framework (AI RMF), ISO/IEC 42001, and applicable AI-related regulations
• Perform compliance and risk assessments of internal and third-party AI/ML use cases – including generative and agentic AI – evaluating data privacy, security, bias, model transparency, and regulatory exposure prior to deployment
• Maintain the enterprise AI inventory and the accompanying policies, standards, and acceptable-use guidelines that govern responsible adoption of AI across the organization
• Partner with Legal, Privacy, Data Science, Engineering, and the AI Governance Committee (or equivalent forum) to operationalize responsible AI principles within existing GRC, change-management, and SDLC processes
• Drive automation of evidence collection, control testing, and continuous controls monitoring through modern GRC platforms (e.g., Archer, Vanta, Drata, AuditBoard) to reduce manual effort and audit fatigue across control owners
• Develop and report compliance KPIs, control health dashboards, and AI-risk indicators to senior leadership, audit committee stakeholders, and external auditors
• Monitor the evolving regulatory and standards landscape (SEC cybersecurity disclosure rules, state and federal AI legislation, EU AI Act, sector-specific telecom obligations) and translate emerging requirements into actionable controls and roadmap items

Benefits

• Pay is competitive and based on a number of job-related factors, including skills and experience.