Manager, Technology Risk

About The Position

Requirements

• 8+ years of experience in technology risk, IT audit, cybersecurity, or information security, with recent, hands-on in SOX-driven or heavily regulated environments (e.g. public/pre-IPO, company, Big 4 IT audit/risk advisory, financial services or healthcare).
• Proven track record as a senior IC leading complex, cross-functional risk or compliance programs with high visibility to engineering and IT leadership.
• Deep experience with SOX IT General Controls (design, testing, and remediation) in cloud-first environments.
• Strong understanding of access management, change management, computer operations, and related control frameworks.
• Comfort working in PHI-handling or similarly sensitive data environments.
• Demonstrated ability to influence senior engineering and IT stakeholders: you can surface uncomfortable risks, keep discussions anchored in facts and impact, and help teams arrive at well-documented decisions.
• Excellent relationship-builder who balances assertiveness with partnership—able to challenge, negotiate trade-offs, and still maintain trust.
• Exceptional written and verbal communication skills; you distill complex technical risk into concise, executive-ready narratives and clear action plans.

Nice To Haves

• Certifications such as CISA, CISSP, or equivalent.
• Prior Big 4 (or similar) experience in IT audit, SOX, or technology risk.
• Experience with SOX IT General Controls and broader security frameworks.

Responsibilities

• Maintain and continuously refine the Technology Risk Register, documenting cyber, operational, and regulatory risks with clear ratings, owners, and mitigation plans.
• Track and drive remediation progress across engineering and IT teams, escalating and unblocking as needed to ensure risk treatment plans meet agreed SLAs.
• Serve as a primary interface for internal and external auditors on SOX IT General Controls (ITGC) and related technology control testing, documentation, and evidence collection.
• Coordinate and track remediation of SOX ITGC findings, ensuring clear ownership, high-quality corrective actions, and timely closure to prevent control deficiencies and material weaknesses.
• Partner with Security, Accounting, Legal/Compliance, and IT to ensure risk and control practices support HIPAA and other healthcare regulatory requirements.
• Partner with Application Security, SRE, and Infrastructure teams to aggregate, prioritize, and track code vulnerabilities, penetration-testing findings, and infrastructure risks across the SDLC.
• Analyze vulnerability trends (by system, control, and data sensitivity) to help teams focus on the highest-impact remediation work.
• Drive consistent, high-quality documentation of risk decisions, mitigations, and compensating controls.
• Design and maintain risk and control dashboards that provide senior leadership with clear insight into security posture, compliance status, and remediation velocity.
• Produce recurring executive-ready reports and narratives that translate complex technical risk into clear, non-technical language for decision-makers and risk committees.
• Recommend and refine KPIs/KRIs that measure technology risk, SOX ITGC health, and vulnerability reduction over time.

Benefits

• Comprehensive medical, dental, and vision coverage
• Help with gender-affirming care
• Tools for family and fertility planning
• Travel reimbursements if healthcare isn’t available where you live
• Traditional or Roth 401k retirement plan options with a 2% company match
• Modern life stipends for learning and development
• Discounted company stock through ESPP with easy payroll deductions