IT Risk and Compliance Lead

Position Overview We are seeking an experienced IT Risk and Compliance Lead to establish, maintain, and oversee our organization's information security and compliance framework. This role will be responsible for ensuring IT operations align with regulatory requirements, industry standards, and organizational policies while managing risk across the technology landscape.
Key ResponsibilitiesRisk Management Lead the identification, assessment, and mitigation of IT and cybersecurity risks across the organization
Develop and maintain the IT risk register, tracking risk exposure and remediation efforts
Conduct regular risk assessments of systems, applications, and infrastructure
Partner with business units to evaluate technology risks associated with new initiatives and third-party relationships
Implement and oversee the vendor risk management program for technology suppliers
Compliance & Governance Ensure compliance with relevant regulations and standards including SOC Type 1 and Type 2, ISO 27001, GDPR, HIPAA, PCI-DSS, or other industry-specific requirements
Manage audit processes and serve as primary liaison with internal and external auditors
Develop and maintain IT policies, standards, and procedures aligned with compliance requirements
Monitor changes in regulatory landscape and assess impact on the organization
Coordinate compliance activities across IT and business functions
Security & Controls Design, implement, and monitor IT controls framework to mitigate identified risks
Oversee vulnerability management and remediation programs
Conduct security control testing and effectiveness assessments
Lead incident response planning from a compliance and risk perspective
Collaborate with security teams to align risk priorities with security initiatives
Reporting & Communication Prepare executive-level reports on IT risk posture, compliance status, and key metrics
Present findings and recommendations to senior leadership and board committees
Develop key risk indicators (KRIs) and compliance dashboards
Communicate complex technical risks in business terms to stakeholders at all levels
Required QualificationsExperience 7-10 years of progressive experience in IT risk management, compliance, audit, or related fields
Demonstrated experience managing compliance programs for major frameworks (SOC 2, ISO 27001, NIST, etc.)
Proven track record of successfully leading audit and assessment activities
Experience conducting IT risk assessments and developing remediation strategies
Background in vendor risk management and third-party assessments
Technical Skills Strong understanding of information security principles, controls, and best practices
Knowledge of cloud security frameworks (AWS, Azure, GCP)
Familiarity with security technologies including SIEM, vulnerability scanning, and access management tools
Understanding of network architecture, system infrastructure, and application security
Experience with GRC (Governance, Risk, and Compliance) platforms
Certifications One or more relevant certifications required: CISA, CRISC, CISSP, CISM, or equivalent
Additional certifications are a plus: ISO 27001 Lead Auditor, CDPSE, or cloud security certifications
Soft Skills Excellent written and verbal communication skills with ability to influence stakeholders
Strong analytical and problem-solving capabilities
Ability to work independently and manage multiple priorities simultaneously
Collaborative approach with ability to build relationships across technical and business teams
Detail-oriented with strong organizational and project management skills
Preferred Qualifications Experience in a leadership or team lead capacity
Industry-specific compliance experience relevant to our sector
Experience implementing compliance automation and continuous monitoring solutions
Understanding of DevSecOps and shift-left security practices

---