Compliance Manager, IT​/Tech

Are you ready to make an impact?

West Monroe is seeking a Compliance Manager to join the internal Risk, Compliance & Cybersecurity (RCC) team. This role is responsible for leading and modernizing the firm's cybersecurity compliance and governance programs while leveraging automation, AI capabilities, and integrated GRC tooling to reduce manual effort and improve operational efficiency.

The Compliance Manager will work closely with IT, security engineering, legal, and business stakeholders to ensure adherence to industry frameworks and client security expectations. A key focus of this role will be identifying creative ways to automate compliance processes, integrate systems into the firm's GRC platform, and establish reliable sources of truth for audit evidence, risk tracking, and governance reporting.

This role will also oversee key security governance activities including incident response readiness, annual tabletop exercises, and security policy lifecycle management.

Qualifications

Candidates must demonstrate a strong understanding of cybersecurity governance, compliance frameworks, and enterprise risk management practices. The individual should be able to lead compliance initiatives while partnering with technical teams to ensure security controls are effectively implemented, monitored, and automated where possible.

The ideal candidate will have experience across a range of governance and compliance services, including but not limited to:

• Security Compliance Frameworks (SOC 2, ISO 27001, NIST, CIS Controls)
• Third-Party Risk Management and Vendor Security Assessments
• Client Security Questionnaires and Assurance Programs
• Security Policy Development and Governance Programs
• Audit Coordination and Evidence Management
• AI Governance and Emerging Compliance Frameworks (e.g., ISO 42001)
• Security Risk Assessments and Control Evaluations
• Compliance automation using GRC platforms and system integrations

Specific Skills Include, But Are Not Limited To:

Enterprise Compliance Program Leadership

• Own and lead enterprise-level cybersecurity compliance programs aligned to SOC 2, NIST CSF, ISO 27001, CIS Controls, and related frameworks.
• Define compliance strategy, scope, and roadmap while ensuring consistent execution across the organization.

Audit Management & Evidence Strategy

• Lead complex internal and external audits (e.g., SOC
  2), serving as the primary point of contact for auditors.
• Define audit scope, manage timelines, and implement scalable evidence management practices that improve audit readiness and reduce disruption.

Third-Party Risk Management

• Lead vendor and third-party security risk management programs, including due diligence assessments, ongoing monitoring, remediation tracking, and risk reporting.
• Ensure third-party risk processes align with enterprise security and compliance requirements.

Client Security Assurance & Due Diligence

• Oversee responses to client security questionnaires, assessments, and assurance requests.
• Partner with legal, sales, and delivery teams to ensure responses are accurate, consistent, and aligned with the firm's security posture.

Risk Management & Control Oversight

• Identify, assess, and track cybersecurity risks using risk registers and structured remediation plans.
• Partner with technical teams to ensure risks ar addressed through effective and measurable control implementations.

Policy & Governance Lifecycle Management

• Develop, maintain, and continuously improve security policies, standards, and procedures.
• Ensure governance documentation aligns with regulatory expectations, audit requirements, and operational practices.

Incident Response Governance

• Maintain and mature incident response governance, including annual tabletop exercises, readiness assessments, and post-incident lessons learned.
• Ensure response procedures are documented, tested, and continuously improved.

Leadership, Influence & Communication

• Mentor and coach team members, supporting skill development, performance management, and knowledge growth.
• Communicate complex security and risk concepts effectively to senior leadership, technical teams, and business stakeholders.

Program Metrics & Executive Reporting

• Develop dashboards and reports that provide leadership visibility into compliance posture, automation maturity, audit readiness, and risk exposure.
• Use metrics to inform decision-making and drive continuous improvement.

Compliance Automation & GRC Enablement

• Drive compliance automation initiatives using enterprise GRC platforms (e.g., Drata, Service Now GRC), with a focus on reducing manual effort and improving audit readiness.
• Design and implement integrations across security and business systems (e.g., IAM, endpoint, cloud, ticketing) to automate evidence collection, control validation, risk tracking, and reporting, establishing the GRC platform as a single source of truth.
• Identify and eliminate manual compliance tasks by leveraging automation, scripting, and AI-driven workflows, including:
  • Client questionnaire pre-population and consistency
  • Policy…