Job Description
The Senior Manager – Information Security Risk & Compliance is a hands-on leader responsible for executing and operating the organization’s information security risk and compliance programs. This role directly performs risk assessments, supports audits, manages GRC tooling, and works closely with technical teams to remediate control gaps. The role balances leadership responsibilities with day-to-day execution and technical depth.
Key Responsibilities
Hands-On Risk Management
• Perform and lead information security risk assessments across applications, infrastructure, cloud environments, and business processes.
• Maintain risk registers, document findings, assign remediation actions, and track closure.
• Conduct threat modeling and control gap analyses in collaboration with engineering and security teams.
• Perform and review third-party/vendor security risk assessments and questionnaires.
Compliance & Audit Execution
• Directly manage compliance efforts for frameworks and regulations such as ISO 27001, SOC 2, PCI DSS, SOX, GDPR, or HIPAA (as applicable).
• Prepare audit evidence, coordinate walkthroughs, and respond to auditor and regulator requests.
• Execute control testing and validate control design and operating effectiveness.
• Track remediation plans and validate corrective actions.
Policy, Standards & Controls
• Draft, update, and maintain information security policies, standards, and procedures.
• Map technical and administrative controls to compliance requirements and business risks.
• Work hands-on with system owners to design and implement security controls.
GRC Tools & Metrics
• Administer and optimize GRC tools (e.g., Varonis, Lighbeam, Tenable, Auditboard etc).
• Build risk dashboards, compliance metrics, and executive-level reporting.
• Automate evidence collection and control monitoring where possible.
Cross-Functional Collaboration
• Work closely with IT, Cloud, DevOps, Security Operations, Legal, Privacy, and Internal Audit teams.
• Provide actionable security guidance during system design, cloud migrations, and vendor onboarding.
• Act as a subject matter expert for security risk and compliance inquiries.
Leadership & Mentorship
• Lead by example with direct execution while mentoring junior risk and compliance staff.
• Review work products, provide hands-on coaching, and ensure quality and consistency.
• Support hiring and onboarding of risk and compliance team members as needed.
Major Tasks, Responsibilities, and Key Accountabilities
Serves as an internal information security consultant to the organization. Effectively leads and or coordinates all internal dedicated security functions including but not limited to - patching, anti-virus, intrusion prevention, CERT response, log file monitoring, cross division security coordination, systems operational security testing, rule set analysis, threat detection and adaptation, as well as advent security related functions.
Initiates activities to create information security awareness within the organization.
Performs information security risk assessments, and acts as an internal auditor. Evaluates audit findings and drives remediation of identified control deficiencies.
Reviews all system-related security planning throughout the network and acts as a liaison to information systems.
Monitors compliance with information security policies and procedures, addressing problems with the appropriate department manager or data owner.
Oversees the security policy to ensure appropriateness. Provides training and consultation to ensure understanding of and compliance with established security standards and controls. Manages the Computer Security Incident Response Plan.
Manages the Risk Program including coordination and follow-up of the semi-annual risk assessment and development and implementation of business unit policies and standards.
Manages the business unit's audits and examinations. Works with management to put controls in place needed to comply with SOX and PCI regulatory requirements.
Nature and Scope
Solutions require analysis and investigation.
Achieves planned results by decisions and actions based on professional methods, business principles, and practical experience. May recommend/make decisions regarding new programs/initiatives that have significant impact to the business and carry consequences in unsuccessful endeavors.
Manages a larger team or multiple small teams through direction of subordinate management and/or supervisory staff.
Direct Placement Roles:
Compensation:
$170,000 to $190,000 per year annual salary. [If client has provided an exact salary, then no need to use a range; also, if the client has provided an hourly rate, then use same hourly language from the Contract/Contract-to-Hire section above.]
Exact compensation may vary based on several factors, including skills, experience, and education.
Benefit packages for this role include: [description should be provided by the client since this is for a perm position- they will not receive IG benefits. If client does not provide it upon our request, we can insert something generic like "Benefit packages for this role may include healthcare insurance offerings and paid leave as provided by applicable law."]
We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.
Required Skills & Experience
Strengths in Compliance:
Focusing on Risk assurance
GRC
App Security
Overall Risk Management
Containment and remediation of risk identified
Data Security Tools- DLP Data Security
GCP
Tenable
Not as much tool driven as much as framework driven
PCI- Framework
And NIST frameworks are most important
Can start ASAP
• Bachelor’s degree in Information Security, Computer Science, or related field.
• 8–12+ years of experience in information security, risk, compliance, or IT audit roles.
• Strong hands-on experience with risk assessments, audits, and control testing.
• Practical working knowledge of NIST CSF, ISO 27001/27002, SOC 2, and cloud security controls.
• Ability to independently manage multiple assessments and audits end-to-end.
Preferred Certifications
• CISSP, CISM, CRISC, CISA, ISO 27001 Lead Implementer/Auditor, or equivalent.
Key Skills & Competencies
• Deep technical understanding of security controls and risk mitigation
• Strong documentation and evidence management skills
• Ability to translate compliance requirements into technical actions
• Comfortable working in fast-paced, hands-on environments
• Strong problem-solving and attention to detail
Benefit packages for this role will start on the 1st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.