×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security

Senior Manager of Risk and Compliance

Job in Taylorsville, Salt Lake County, Utah, USA
Listing for: Sorenson Communications
Full Time position
Listed on 2026-02-15
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Salary/Wage Range or Industry Benchmark: 80000 - 100000 USD Yearly USD 80000.00 100000.00 YEAR
Job Description & How to Apply Below

Essential Duties and Responsibilities

  • Designs and leads the information security risk assessment strategy, methodology, and process.
  • Coordinates the execution of enterprise-wide information security risk assessments, including the reporting and oversight of risk treatment plans to address findings.
  • Oversees all internal control management functions including design, implementation, continuous monitoring, and reporting of security and IT General Controls.
  • Performs internal control reviews, gap assessments, and documentation of compliance with applicable security and privacy regulations (e.g., HIPAA, SOC 2, NIST, ISO 27001).
  • Oversees the development and maintenance of security policies, standards, and procedures aligned with leading frameworks.
  • Supports contract and vendor reviews by assessing third‑party risk and advising on risk acceptance / treatment in conjunction with Sorenson Vendor management processes.
  • Delivers regular reporting on metrics, KPIs, risk posture, exceptions, remediation and audit status to appropriate parties.
  • Provides approved responses to client inquiries and maintains a library of records, documentation, and responses.
  • Ensures key security controls are identified, implemented, tested, and remediated as required.
  • Evaluates and advises on security control recommendations to mitigate information security risks.
  • Works with business partners, global risk management, IT risk, product and data security, and outside consultants on required information security risk assessments and audits.
  • Responds to security assessments, questionnaires and audits from regulators, clients and third‑party business partners.
  • Works directly with clients to provide advisory services and guidance that will reduce organizational risk, improve their overall security posture, and achieve compliance.
  • Prepares reports and other deliverables that contain strategy, technical analysis, findings, and recommendations.
  • Other duties as assigned.
Supervisory Responsibility

This position manages employees and is responsible for the performance management and hiring of the employees.

Travel Requirements

Travel Requirements:
Less than 25%

Education Minimum/Preferred Education Description

Minimum 4 Year / Bachelors Degree in Information Security, Information Systems or related field.

Minimum Certification: CISA.

Preferred Certification: CISSP, CRISC, CISM, or other equivalents.

Experience
  • 7+ years in Information Security with combinations in operational security, risk management, IT, Compliance and Audit.
  • 3+ years of Leadership specific to security governance, risk management and compliance programs, process, and execution.
Knowledge, Skills, and Abilities
  • Ability to write solution workflow diagrams, system documentation, playbooks, etc.
  • Strong analytical skills.
  • Excellent written and verbal communication skills, including presentation skills.
  • Understanding of or experience with industry and regulatory standards, including NIST 800-53, HIPAA Security Rule, ISO 27000x, AICPA SOC 2, PCI DSS, GDPR, CCPA.
  • Prior experience auditing and performing quality control actions of audits.
  • Hands‑on experience with GRC platforms and work‑management tools (e.g., Jira, Confluence).
  • Demonstrated experience in curating cyber security strategies and programs for large and complex organizations.
  • Proven ability to operate independently, manage multiple priorities, and drive results in a deadline‑driven environment.
  • Proven track record in defining, developing, and implementing cyber risk management structures, governance models, organizational transformations in the areas of cyber security.
  • Strong domain expertise and understanding of five or more of the following areas:
  • Cyber risk program management and delivery.
  • Security architecture.
  • Security technologies (e.g., firewalls, security event monitoring, intrusion detection and prevention, malware detection).
  • Data protection (application security/SDLC).
  • Third‑party risk management.
  • Cloud security.
Working Conditions and

Physical Requirements
  • Ability to sit and/or stand at a desk and work with a computer for extended periods of time.
  • Dexterity of hands and fingers to operate a computer keyboard, mouse, tools, and to handle other…
Position Requirements
10+ Years work experience
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search