Manager, Technology Risk & Compliance

About The Position

Requirements

• Proven risk program ownership: Has built or significantly matured a technology risk lifecycle end-to-end.
• Multi-stakeholder risk communication: Translates technical risk into business impact for non-technical leaders across diverse business units.
• Automation-first mindset: Track record of eliminating manual GRC or security processes through tooling and workflow automation.
• Cross-functional partnership builder: Builds lasting relationships with Engineering, Finance, Legal, or BU leaders to drive risk accountability.
• Security architecture fluency: Understands secure design principles and can lead engineers doing design reviews and risk mitigation work.
• Operates independently: Sets direction, resolves blockers, and escalates only when a true decision is needed.
• AI and emerging tech risk awareness: Can assess and advise on risks from AI adoption, cloud architectures, and third-party integrations.
• People leader who develops talent: Actively grows the team toward greater scope and ownership.
• At least 7+ years of experience in cybersecurity, technology risk, or security operations.
• Demonstrated experience owning a technology risk program, not just contributing to one.
• Experience leading cross-functional risk assessments across multiple business units or technology domains.
• Strong understanding of risk and control frameworks including NIST, ISO 27001, and FAIR.
• Experience in regulated environments including SOC2, PCI, and NYDFS.
• Proven track record of automating manual security or GRC processes.
• Familiarity with AI and ML system risks and modern cloud and SaaS architectures.
• Strong stakeholder influence skills, with the ability to lead without authority.
• Experience managing technical and risk teams.

Nice To Haves

• Multi-business-unit or holding company experience, with familiarity operating in federated environments where risk priorities and technology stacks vary by business unit.
• Hands-on GRC platform experience with ServiceNow GRC, Archer, OneTrust, Drata, Vanta, or similar, including workflow automation and reporting configuration.
• Has designed a vendor risk assessment program from scratch, not just contributed to an existing one.
• Experience building risk dashboards or executive risk briefings that were used to drive business decisions.

Responsibilities

• Own the end-to-end technology risk lifecycle across all lines of business, including assessment, prioritization, remediation tracking, and executive reporting, ensuring every risk has a clear owner and is tracked to closure.
• Run the exception program, covering intake, review, approval routing, expiration tracking, and renewal governance, with no exceptions aging without an owner or a remediation commitment.
• Own the vendor and third-party risk assessment program, scoping and sequencing assessments based on exposure and business criticality, and embedding vendor risk review into onboarding and renewal cycles with Procurement and Legal.
• Drive compliance posture across PCI, SOC2, ISO 27001, and NYDFS. Maintain the full obligation calendar, direct the team on assessments and evidence collection, and ensure no regulatory deadline is a surprise.
• Eliminate the highest-friction manual GRC and compliance processes through tooling and workflow automation, targeting meaningful burden reduction within the first year.
• Serve as the security organization's primary interface to the business, building trusted relationships with BU leaders, Engineering, Finance, Legal, and Compliance, and translating risk into financial exposure, operational disruption, and regulatory consequence.
• Lead the organization's AI and emerging technology risk posture, advising on responsible usage, data handling, and access controls, and ensuring AI-related risks are assessed and tracked within the broader risk framework.
• This role includes direct people management responsibility, with a team that grows in scope over time.

Benefits

• Health Insurance Coverage (medical, dental, and vision)
• Life Insurance
• Short and Long-Term Disability Insurance
• Flexible Spending Accounts
• Holiday Pay
• 401(k) with match
• Employee Assistance Program
• Paid Parental Bonding Benefit Program
• Flexible Paid Time Off (PTO): We believe time to rest and recharge is essential. That’s why we offer a generous and flexible PTO policy. Full-time employees accrue 20 days of PTO for a full calendar year annually, with an increase to 25 days after five years of service.