The IT Risk and Compliance Manager is responsible for leading the development, implementation, and oversight of the organization’s IT risk and compliance programs. This role ensures that IT operations and systems align with regulatory requirements, internal policies, and industry best practices. The manager will work closely with IT, security, audit, and business stakeholders to identify risks, implement controls, and maintain a strong compliance posture across the enterprise.

Job Description Section Template

Essential Job Duties and Responsibilities

• Lead IT compliance initiatives related to SOX, GDPR, HIPAA, and other applicable regulations.

• Coordinate internal and external audits, including evidence collection, control testing, and issue remediation.

• Maintain and update IT policies, standards, and procedures to reflect regulatory and operational changes.

• Monitor compliance with internal policies and escalate non-compliance issues as needed.

• Develop and deliver regular reports and dashboards on IT risk and compliance metrics to senior leadership.

• Support governance committees and participate in cross-functional risk and compliance forums.

• Provide guidance and training to IT and business teams on risk and compliance requirements.

• Partner with Security, Legal, Internal Audit, and other stakeholders to ensure a unified approach to risk and compliance.

• Identify opportunities for automation and process improvement in risk and compliance workflows.

• Stay current on emerging risks, regulatory changes, and industry trends.

• Develop and maintain the IT Risk Management framework, including risk identification, assessment, mitigation, and reporting.

• Conduct regular risk assessments and ensure appropriate controls are in place.

• Collaborate with IT and business units to monitor risk exposure and drive remediation efforts.

• Maintain risk registers and ensure alignment with enterprise risk management objectives.

Education and Experience

• Bachelor’s degree in Information Systems, Cybersecurity, Business, or a related field.

• 8+ years of experience in IT risk management, compliance, or audit roles.

• Strong knowledge of regulatory frameworks (e.g., SOX, NIST, ISO 27001, COBIT).

• Experience with GRC platforms such as AuditBoard, Pathlock, or SAP GRC.

• Excellent communication, analytical, and project management skills.

• Ability to work independently and collaboratively across departments.

Skills and Abilities

• Professional certifications such as CPA, CISA, CRISC, CISSP..

• Experience with enterprise applications and cloud environments.

• Familiarity with data privacy regulations and third-party risk management.

Travel Required

• Estimated 10%