Security Risk & Compliance Manager

The Security Risk & Compliance Manager will lead the development, execution, and continuous improvement of the organization’s enterprise risk management and regulatory compliance programs, with a primary focus on SOC 2 and 23 NYCRR Part 500. Reporting to the Director of Information Security, this role partners closely with IT and business stakeholders to identify and reduce cybersecurity risk, ensure audit readiness, and implement effective security controls. The ideal candidate is a hands‑on leader with strong regulatory expertise, proven program ownership, and the ability to drive remediation efforts while maintaining alignment with industry standards and evolving regulatory requirements.

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.

10+ years of experience in IT Security, Information Security, or a related field
8+ years of experience in risk management and regulatory compliance
5+ years of experience leading SOC 2 audits or equivalent certifications
Hands‑on experience with 23 NYCRR Part 500, SOC 2, and FTC Safeguards Rule compliance
Bachelor’s degree in Information Security or a related discipline; CISSP, CRISC, or similar certification preferred
Strong knowledge of application and network security best practices
Proven experience building and operationalizing an enterprise risk management (ERM) program
Experience implementing security frameworks such as NIST and/or ISO 27001
Familiarity with security tools and technologies, including SIEM, WAF, and vulnerability scanning
Demonstrated ability to manage risk and compliance initiatives from issue identification through resolution
Strong project management and organizational skills, with the ability to manage multiple security initiatives at once
High attention to detail and strong ownership of work product
Excellent written and verbal communication skills; self‑motivated, analytical, and solutions‑oriented

Prior experience in banking, fintech, mortgage, insurance, or regulated financial services
Familiarity with project management methodologies to manage and coordinate multiple moving parts effectively
Experience building or scaling programs in a high‑growth or evolving environment

Benefit packages for this role will start on the 1st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.