Information Technology Risk Manager

Position Overview

We are seeking an experienced Security Risk & Compliance Manager to join our Enterprise Information Security team. In this role, you will be responsible for developing, implementing, and overseeing risk management and compliance programs to mitigate cybersecurity threats and ensure compliance with SOC 2 and other regulatory requirements.

The ideal candidate will have a strong understanding of security best practices, excellent project management skills, and the ability to collaborate across teams to enhance security controls. This role requires a high level of accountability, attention to detail, and a proven ability to execute and deliver security initiatives.

Key Responsibilities

• Develop and manage risk management and compliance programs, ensuring timely tracking and resolution of security risks.
• Ensure alignment of security controls with SOC 2 and regulatory compliance requirements.
• Monitor, track, and audit SOC 2 controls and security risks related to FTC Safeguards Rule, CCPA, and NYCRR.
• Lead SOC 2 certification and ensure ongoing regulatory compliance.
• Collaborate with IT and other teams to develop and implement secure processes.
• Develop and facilitate security awareness training.
• Create and maintain security policies, standards, and procedures.
• Conduct security risk assessments and regular security audits.
• Develop and manage assessment questionnaires to evaluate security posture.
• Stay updated on evolving security regulations, laws, technologies, and emerging threats.

Qualifications & Skills

• 10 years of experience in IT Security or a related field.
• 8 years of experience in risk management and regulatory compliance.
• 5 years of experience leading SOC 2 or equivalent certification processes.
• Strong knowledge of security best practices for application and network security.
• Experience with implementing security frameworks such as NIST or ISO 27001.
• Familiarity with security technologies such as SIEM, WAF, and vulnerability scanning.
• Proven ability to manage risk and compliance projects effectively.
• Excellent project management and organizational skills.
• Strong analytical and problem-solving mindset.
• Superior attention to detail with a commitment to high-quality work.
• Exceptional oral and written communication skills.

Education & Certifications

• Bachelor’s Degree in Information Security, Cybersecurity, or a related discipline.
• CISSP or CRISC certification (or equivalent).
• Experience with SOC 2 audits and regulatory requirements, including FTC Safeguards Rule, CCPA, and NYCRR.