Manager, IT Governance, Risk and Compliance

About The Position

Requirements

• 8+ years of progressive IT governance, risk, compliance, or audit experience.
• Minimum 4 years in a leadership role.
• Direct, hands-on experience delivering IT evidence and remediation for ICFR/ITGC, PCI-DSS, NIST CSF, and Third-Party Risk Management programs.
• Proven ability to work successfully with internal/external audit partners and vendors.
• Professional certification required (one or more): CISA, CISM, CRISC, CISSP-ISSAP, PCIP, or equivalent.
• Strong policy, process documentation, and risk register management skills.
• Hands-on experience running a TPRM program and using vendor risk platforms

Nice To Haves

• Mastery of ICFR/ITGC, PCI-DSS, NIST CSF 2.0, and TPRM
• Policy and process documentation excellence
• IT risk register and vendor risk lifecycle ownership
• Audit coordination and evidence delivery
• Cross-functional partnership (Finance, Security, Payments, Procurement, Legal)
• Calm execution under tight audit and vendor review timelines

Responsibilities

• Act as the primary IT point of contact for internal and external audit partners on ICFR/ITGC, PCI-DSS, and NIST CSF 2.0 audits.
• Own the IT General Controls (ITGC) portion of the annual ICFR program: scoping, documentation, evidence, walkthroughs, testing support, and remediation.
• Manage the PCI-DSS IT compliance program (Requirements 1–12, A1–A3), including evidence, QSA support, and remediation.
• Lead IT-side implementation and maturity of NIST CSF 2.0 across all six functions.
• Develop, maintain, and govern all IT policies, standards, procedures, and process documentation aligned with ICFR, PCI, and NIST CSF.
• Own and maintain the IT Security Risk Register (identification, assessment, treatment plans, monitoring, and reporting).
• Lead the IT Third-Party Risk Management (TPRM) program: vendor risk assessments, due diligence, ongoing monitoring, contract reviews, scoring, and off-boarding for all technology and cloud vendors in scope for ICFR, PCI, or NIST.
• Coordinate and deliver evidence and responses during internal/external audits and regulatory reviews.
• Track and drive remediation of IT-related findings from audits and TPRM assessments.
• Maintain centralized IT controls library and automated evidence repository.
• Perform regular control self-assessments and continuous monitoring.
• Report compliance status, risk register, and TPRM metrics to IT leadership, Finance, Procurement, and the Audit Committee.
• Stay current on regulatory changes and translate them into actionable IT and vendor requirements.
• Other tasks as assigned.

Benefits

• Comprehensive health and dental benefits
• Employee Share Purchase Plan with company matching
• Learning and Development support tailored to you
• Generous employee discounts on our products
• Preferred rates for car rentals, hotels, phone plans and gym discounts