Manager, IT Risk Operations

Wilson Sonsini is the premier legal advisor to technology, life sciences, and growth enterprises worldwide. We represent companies at every stage of development, from entrepreneurial start-ups to multibillion‑dollar global corporations.

The Governance, Risk & Compliance Manager will lead the firm’s IT risk, security, and operational governance. The role is highly collaborative, working closely with senior IT, Security Engineering, General Counsel, and firm leadership. It can be 100% remote or hybrid near a physical office.

• Strengthen IT Governance & Controls: develop executive‑level reporting on IT risk, compliance posture, and operational performance.
• Build and evolve KPI/KRI dashboards that provide real‑time visibility into risk trends and control effectiveness.
• Translate complex IT and security data into meaningful insights for decision‑making.
• Ensure adherence to IT policies, standards, and leading frameworks (e.g., NIST, ISO 27001).
• Own and evolve the firm’s IT risk register and Risk & Control Self‑Assessment (RCSA) program.
• Identify emerging and systemic risks across IT, security, privacy, and operational processes.
• Incident Governance & Investigations: partner with General Counsel, Security, and IT to lead internal investigations.
• Own ITSM Governance & Service Now Analytics: oversee governance and reporting across the IT Service Management ecosystem.
• Analyze incident, change, and problem management data to identify trends and improvement opportunities.
• Drive workflow optimization and automation within Service Now.
• Vendor
  
  Risk Management:
  
  review and advise on vendor agreements; enhance vendor risk processes including risk tiering, assessments, and monitoring.
• Introduce data‑driven approaches to risk management and operational oversight.
• Perform related duties as assigned or directed by supervisor and maintain compliance with all firm policies and procedures.

• Bachelor’s degree preferred.
• Seven years of experience in IT risk, security compliance, technology audit, or IT governance preferred.
• Experience operating in complex, regulated environments (e.g., law firms, financial services, consulting) preferred.
• Proven ability to lead reporting, analytics, and governance initiatives.
• Familiarity with Service Now and ITSM reporting, including understanding of incident, change, and problem management life cycles.
• Experience with security and collaboration platforms such as Microsoft 365, Purview, and email security tools.
• Working knowledge of frameworks such as the NIST Cybersecurity Framework, ISO/IEC 27001, and SOC 2.
• Strong understanding of control design, risk registers, RCSA programs, and audit response.
• Basic understanding of privacy regulations.
• Preferred certifications: CISA, CISSP, CRISC, CTPRM, and/or ITIL.

Compensation includes a base salary that varies by location, with discretionary year‑end merit bonus potential. Base pay ranges from $147,050 to $220,800 per year depending on geographic region. Benefits information is provided separately upon request.

Primary location:
Palo Alto, CA (other locations may be considered). The role may be performed remotely or in a hybrid model if the candidate resides near an office.

Equal Opportunity Employer (EOE).