Senior Manager of Risk and Compliance

Essential Duties and Responsibilities

• Designs and leads the information security risk assessment strategy, methodology, and process.
• Coordinates the execution of enterprise-wide information security risk assessments, including the reporting and oversight of risk treatment plans to address findings.
• Oversees all internal control management functions including design, implementation, continuous monitoring, and reporting of security and IT General Controls.
• Perform internal control reviews, gap assessments, and documentation of compliance with applicable security and privacy regulations (e.g. HIPAA, SOC 2, NIST, ISO 27001)
• Oversee the development and maintenance of security policies, standards, and procedures aligned with leading frameworks.
• Support contract and vendor reviews by assessing third-party risk and advising on risk acceptance / treatment in conjunction with Sorenson Vendor management processes.
• Deliver regular reporting on metrics, KPI’s, risk posture, exceptions, remediation and audit status to appropriate parties.
• Provide approved responses to client inquiries and maintain library of records, documentation, and responses.
• Ensure key security controls are identified, implemented, tested, and remediated as required.
• Evaluate and advise on security control recommendations to mitigate information security risks.
• Work with business partners, global risk management, IT risk, product and data security, and outside consultants on required information security risk assessments and audits.
• Respond to security assessments, questionnaires and audits from regulators, clients and third-party business partners.
• Work directly with clients to provide advisory services and guidance that will reduce organizational risk, improve their overall security posture, and achieve compliance.
• Prepare reports and other deliverables that contain strategy, technical analysis, findings, and recommendations.
• Other duties as assigned.

This position manages employees and is responsible for the performance management and hiring of the employees.

Less than 25%

Minimum 4 Year / Bachelors Degree Information Security, Information Systems or related Field

Minimum Certification CISA

Preferred Certification CISSP, CRISC, CISM, or other equivalents

7+ years In Information Security with combinations in operational security, risk management, IT, Compliance and Audit

3+ years Leadership Specific to security governance, risk management and compliance programs, process, and execution

• Ability to write solution workflow diagrams, system documentation, playbooks, etc.
• Strong analytical skills
• Excellent written and verbal communications skills, including presentational skills
• Understanding of or experience with industry and regulatory standards, including NIST 800-53, HIPAA Security Rule, ISO 2700x, AICPA SOC 2, PCI DSS, GDPR, CCPA
• Prior experience auditing and performing quality control actions of audits.
• Hands-on experience with GRC platforms and work management tools (e.g. Jira, Confluence)
• Demonstrated experience in curating cyber security strategies and programs for large and complex organizations
• Proven ability to operate independently, manage multiple priorities, and drive results in a deadline-driven environment.
• Proven track record in defining, developing, and implementing cyber risk management structures, governance models, organizational transformations in the areas of cyber security
• Strong domain expertise and understanding of five or more of following areas:
• Cyber risk program management and delivery
• Security architecture
• Security technologies (e.g., firewalls, security event monitoring, intrusion detection and prevention, malware detection)
• Data protection (application security/SDLC)
• Third party risk management
• Cloud security

• Ability to sit and/or stand at a desk and work with a computer for extended periodsof time.
• Dexterity of hands and fingers to operate a computer keyboard, mouse, tools, and to handle other computer components.
• Regular…