Senior Manager of IT Regulatory Compliance

About The Position

Requirements

• Bachelor’s degree in Business Administration, Management Information Systems, Computer Science, Cybersecurity, Accounting or a related field; MS or MBA is preferred.
• CISA or the ability to obtain within a year is required; additional professional certifications are preferred, such as CISM, CISSP, CIA, CPA, and privacy certifications (e.g., IAPP CIPP/E, CIPP/US, CIPM)
• 8-12+ years of progressive experience in technology risk, IT audit, IT compliance, technology controls, and/or privacy risk and regulatory compliance within complex, global organizations (public accounting and/or global manufacturing preferred)
• Deep expertise in COSO and NIST frameworks (and familiarity with privacy/security standards such as ISO 27001/27701 and common privacy control concepts), including performing audit procedures against standards or assessing and implementing controls
• Strong knowledge of IT general and automated controls, ICFR concepts, and control design/testing, plus the ability to translate privacy regulatory obligations (e.g., GDPR, DPDP, PIPL, CCPA/CPRA) into practical, testable technology and process controls
• Prior experience with SAP (ECC, BW, GRC, ECP, S/4HANA) and understanding configuration and best practices
• Demonstrated experience supporting or overseeing SDLC activities and system implementations
• Experience evaluating third-party service providers SOC reports
• Experience with control automation, continuous controls monitoring, and continuous improvement
• Proven ability to operate effectively in a global, matrixed organization
• Effective and impactful executive-level communication and presentation skills; able to influence outcomes and drive decisions across IT, Security, Legal/Privacy, Finance, and the business
• Strong judgment and risk prioritization capabilities
• Ability to influence without authority
• Pragmatic, business-oriented approach to compliance
• Continuous improvement mindset

Nice To Haves

• Exposure to hosted environments, cloud platforms, and experience assessing cloud migration risks (including privacy, residency, and third-party data processing considerations) is a plus
• Exposure to GRC applications, IAM solutions and Audit tools is preferred
• Experience building or operating elements of a privacy compliance program (e.g., privacy risk assessments/DPIAs, records of processing, vendor/third-party risk, data retention/deletion governance, and support for DSAR processes) is a plus
• Proven management experience leading high-performing teams with global responsibilities
• Experience presenting to executive leadership and audit committees is a plus

Responsibilities

• Serve as a visible thought leader for technology risk and regulatory compliance, translating evolving requirements into practical strategy, roadmaps, and decisions.
• Communicate risk posture, control health, key issues, and program outcomes to the CISO and senior leadership with clear, business-focused insights.
• Promote a culture of accountability, transparency, and continuous improvement.
• Define and monitor program KPIs/KRIs (e.g., control effectiveness, remediation aging, regulatory obligations tracking), identify trends and emerging risks, and drive control optimization and automation initiatives.
• Own governance and oversight of SOX, ensuring compliance with ICFR requirements and consistent execution across ERPs and supporting technologies (e.g., ITGCs, ITACs, SoD), including control design standards, evidence quality, and remediation governance.
• Design, standardize, and maintain global control frameworks and evidence standards spanning IT controls (SOX/ICFR) and technology-enabled privacy requirements (e.g., access, logging, encryption, retention/deletion, third-party controls) to drive consistency, scalability, and audit/regulatory readiness across regions and systems.
• Partner closely with Information Security and Legal/Privacy leadership to ensure alignment with applicable frameworks and regulations (e.g., NIST, COSO, ISO 27001/27701 as applicable, GDPR, India DPDP, China PIPL, CCPA/CPRA), and translate obligations into clear, testable control requirements.
• Provide 2nd-line oversight across SDLC phases and major system implementations ensuring controls are designed and executed to appropriately mitigate risk, procedures are executed in alignment with internal policies, and security and privacy requirements are appropriately embedded.
• Serve as a key technology risk and compliance contact for Internal Audit, external auditors, and (as applicable) regulatory inquiries related to technology controls and technology-enabled privacy requirements.
• Partner with Internal Audit to ensure audits and SOX procedures are planned, performed, and executed timely.
• Support consistent effective control execution and provide ongoing training to foster an effective environment and enhance efficiency.
• Assess control deficiencies and compliance findings, govern and drive the identification, root cause analysis, risk acceptance/escalation, and remediation action plan development by partnering with control owners and operations teams.
• Partner with Legal/Privacy, PMOs, IT Infrastructure, Security and IT leadership to drive compliance with internal policies, technology standards, and applicable privacy regulations.
• Enable consistent operational execution of privacy requirements through governance mechanisms (e.g., records of processing support, data retention/deletion controls, DSAR enablement inputs, vendor/third-party privacy risk oversight, and incident/breach response coordination inputs), and develop assurance procedures to validate ongoing compliance.

Benefits

• medical and dental insurance
• company-sponsored life insurance
• retirement security savings plan
• short- and long-term disability programs
• tuition assistance