IT Manager - Controls & Risk Management
Listed on 2026-07-01
-
IT/Tech
Cybersecurity, Information Security, IT Consultant, Data Security
IT Manager - Controls & Risk Management
Location:
Westborough, Massachusetts Duration: 6-12+ Months
Metro West/ Hybrid
- Tuesday;
Wednesday and Thursday
Our client is a leading publicly traded technology operator. They are recruiting a Manager of Controls and Risk Management to bolster their Information Security group. This team supports the control framework globally (ISO 27001/27002, Sarbanes-Oxley and Payment Card Industry compliance to name a few) and enhances the information security and risk management program.
Scope of Role- Manage the IT control framework globally and drive the design and implementation of SOX controls.
- Conduct and monitor third-party system certifications and conduct security and privacy impact assessments for existing and new initiatives across the Company.
- Implement/ update GRC tools within the department to further the visibility of controls and access review process, resulting in more efficient processes throughout the Company.
- Perform issue analysis and risk mitigation procedures in coordination with management.
- Provide guidance and coaching to control owners globally on audit methodology and evidence requirement improving audit experience for internal and external auditors.
- Oversee access reviews, SOCI/II reviews, and security policies.
- Conduct and monitor third-party system certifications and conduct security and privacy impact assessments for existing and new initiatives across the Company.
- Run various trainings promoting awareness of cybersecurity, governance, risk, and compliance.
Qualifications- Bachelor's degree in Information Systems, Accounting or Computer Science, or equivalent work experience required.
- 5 plus years of IT, information security, or IT audit experience required.
- Experience with IT general controls, information security, and privacy regulations strongly preferred.
- Experience developing, documenting, and maintaining security and/or privacy frameworks, standards, and controls preferred.
- Knowledge of risk management and assessment methods and technologies and/or audit experience required.
- Knowledge of Sarbanes-Oxley required.
- Knowledge of Information Security Standards (e.g., ISO 27001/27002, NIST) and Data Privacy - Compliance Regulations (e.g., GDPR, CCPA, HIPAA, etc.) preferred.
Why is This a Great OpportunityThis opportunity will be attractive to an information technology professional that enjoys leveraging their technical skills to deal with the challenging and changing risk and control issues faced by a complex organization. You may be a strong performer in a consulting firm and/ or currently in another organization looking for a new challenge. Prior experience in a large complex organization is a must.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).