Manager IT Risk & Compliance Job Description
An IT Risk & Compliance Manager ensures that the organization conducts its cybersecurity processes in compliance with laws and regulations, professional standards, international standards, and accepted business practices. These professionals perform audits at regular intervals and execute design control systems, advising the management on possible risks that might occur, and organization policies.
The major task of a Manager of IT Risk & Compliance to protect the company against cybersecurity events, meet our customers cybersecurity audit expectations, and communicate global security risks to allow the company to plan and adapt to an ever-changing cybersecurity landscape. These professionals carry out the risk management process by thorough planning of business and cybersecurity related tasks, and implementing and enforcing the policies within the organization.
An IT Risk & Compliance Manager requires detailed expertise, attention to minute details and a global awareness and understanding of the data cybersecurity landscape .
Responsibilities for the Manager IT Risk & Compliance
- Obtain, maintain and update ISO27001 data cybersecurity certifications globally.
- Continually refine the IT Risk Framework and its associated controls and reporting.
- Document and maintain alignment of framework IT policies and procedures with risk, quality, and compliance, while continually communicating with the business leaders.
- Design remediation and attestation approaches to drive IT improvement actions and results as related to cybersecurity.
- Design and implement information systems controls in alignment with the organization’s risk appetite and tolerance levels to support business objectives.
- Initiate and implement cybersecurity analytics reporting systems/metrics, through the use of a global Key Risk Indicator (KRI) program and lead quarterly updates.
- Track and actively manage the resolution of risk and control issues, including but not limited to audit findings, third party discovery tools, quarterly penetration testing and through the use of corrective action plans.
- Maintain the cybersecurity risk register.
- Actively participate in cybersecurity audits from, including but not limited to our customers and insurance carriers.
- Provide oversight by independently reviewing, challenging, and assessing Operational & Compliance risk events, process issues, systems issues and people issues, as related to cybersecurity.
- Responsible for developing and managing a global cybersecurity budget.
- Lead the IT Risk & Compliance staff .
- Provide technical subject matter expertise to service delivery for risk, compliance, and information security controls.
- Build, maintain, and utilize networks of client relationships and industry involvement in the cyber security community, to communicate the company’s value proposition.
- Build employee development plans to foster career growth.
- Create personal or management incentive plans for each team member, which ties to corporate or local project objectives.
- Develop succession planning within the IT Risk & Compliance team.
- Domestic and international travel are required..
Qualifications for the IT Risk & Compliance Manager
- Technical knowledge of cybersecurity and compliance processes.
- Knowledge of operational technology compliance, ideally within the manufacturing services industry.
- Must demonstrate the major steps in IT risk and compliance management (identification, analysis, planning, monitoring, reporting, and controlling risks).
- 5+ years of relevant cybersecurity experience.
- BS in Computer Science or other technical degree.
- Team management experience preferred.
- Cybersecurity certifications preferred.