IT Risk and Compliance Manager - Senior

Position Summary

The Information Security Risk and Compliance Governance Expert is responsible for overseeing the governance framework that supports IPH’s information security, risk management, and compliance initiatives. This role ensures alignment with regulatory requirements, internal policies, and industry standards.

• Manage cross‑functional teams to ensure enterprise governance and compliance initiatives align with strategic goals and are met on time and within budget.
• Lead SOC2 TypeII audit engagements that directly support revenue growth.
• Maintain regulatory engagement, stay current on future regulatory requirements and assess the business impact.
• Oversee enterprise data security and governance initiatives, ensuring alignment with regulatory requirements, internal policies, and industry best practices.
• Ensure compliance with applicable regulations and business requirements (e.g., SOC2, NYDFS, Delaware Insurance Data Security, PCI, HIPAA, GDPR) and influence executive leadership.
• Direct timely and appropriate data breach communications to partners and clients.
• Create and lead cross‑functional teams to complete and submit required business partner information security questionnaires.
• Develop and manage IPH’s information security governance framework.
• Lead board and executive leadership compliance and governance‑related initiatives.
• Develop key risk indicators (KPIs) and elevate emerging risks to leadership.
• Analyze governance, risk, and compliance data to identify trends, gaps, and improvement opportunities.
• Mentor junior team members and contribute to team development.
• Promote a culture of security awareness and risk‑informed decision‑making.

• Master’s degree in Information Security, Information Technology Management, Risk Management, or related field.
• 8+ years of experience in information security governance, risk, and compliance leadership roles.
• Professional certifications such as CISSP, CISM, CRISC, CDPSE, or CISA are preferred.
• Strong knowledge of security frameworks and standards (e.g., SOC2, NIST SP800‑53, ISO
  27001, PCI, HIPAA) and regulatory requirements (e.g., NYDFS, Delaware Insurance Data Security, PCI, HIPAA).
• Extensive experience with enterprise GRC platforms and tools.
• Excellent analytical, communication, and leadership skills.
• Demonstrated ability to effectively manage cybersecurity audits and risk assessments to positive outcomes.

• Ability to manage multiple priorities and work cross‑functionally.
• Expertise in developing governance frameworks and reporting structures.
• Strong attention to detail and problem‑solving capabilities.

• Comprehensive full medical, dental, and vision insurance
• Basic life insurance at no cost to the employee
• Company‑paid short‑term and long‑term disability
• 12 weeks of 100% paid parental leave
• Health Savings Account (HSA)
• Flexible Spending Accounts (FSA)
• Retirement savings plan
• Personal paid time off
• Paid holidays and company‑wide wellness day off
• Paid time off to volunteer at nonprofit organizations
• Pet‑friendly office environment
• Commuter benefits
• Group pet insurance
• On‑the‑job training and skills development
• Employee Assistance Program (EAP)

At IPH, we welcome and encourage applications from individuals with disabilities. Accommodations are available upon request for candidates participating in all aspects of the selection process.