Senior Technology Risk & Compliance Manager
About The Position
The WCF Insurance has an immediate opening for someone who can demonstrate the WCF values to join the Information Technology (IT) department team as a Senior Technology Risk & Compliance Manager. This is a full-time, exempt position that works in our Sandy, Utah Headquarters office. This posting is open to internal and external candidates. This position reports to the VP of IT Security/CISO and is responsible for building and maintaining a strong technology risk and compliance program that covers the organization's tech assets and initiatives, including new areas like AI. The person in this role ensures the use of recognized frameworks in both insurance and technology, and encourages cooperation among IT teams, legal staff, and external auditors. As a driver of risk management and the main contact for compliance audits and examinations, the role helps lower risks, improve best practices, and advance the organization's strategic goals amid an ever-changing technology environment.
Requirements
- Bachelor's in technology, cybersecurity, risk management, or related field (or equivalent); certifications a plus.
- 8+ years relevant experience, ideally in regulated sectors
- Hands-on with PCI DSS, NIST (800-53/CSF/AI RMF), CIS Controls, etc.
- Knowledge of AI governance, risk, data provenance, bias/fairness, explainability, human-in-the-loop controls
- Cross-functional communication and collaboration skills; able to drive change without direct authority
- Experience with audits/exams (e.g., PCI, regulatory) and remediation
- Risk assessment across tech areas: cloud, data, end user, application development (SDLC), and more
- Strong at policy creation, controls, reporting, and communication; skilled at conveying complex risks clearly
Responsibilities
- Lead the adoption and ongoing compliance with PCI DSS, NIST CSF/800-53, CIS Controls, and related frameworks; oversee alignment of controls to meet business and regulatory requirements.
- Establish and oversee the AI Risk Management Program, including governance, model/data inventory, risk assessments, testing and validation, data usage controls, monitoring, and incident response for AI systems.
- Be the principal contact for IT audits and examinations including coordination, and evidence collection activities.
- Conduct comprehensive risk assessments across systems and vendors; recommend practical remediation strategies with defined timelines.
- Prepare dashboards and reports detailing risk posture, compliance status, audit outcomes, and AI risk metrics.
- Collaborate with legal teams to evaluate obligations and ensure vendor and third-party compliance.
- Enforce vendor due diligence, security questionnaires, contract language, and ongoing assessments; escalate material vendor risks with mitigation plans.
- Track emerging regulations and technologies, updating the compliance program as necessary.
Benefits
- Medical, Dental, and Vision insurance
- company paid life insurance
- 401K with a generous 6% employer match
- Employee Assistance Program (EAP)
- time off to volunteer in the local community
- All employees earn 4 weeks of vacation their first year.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
