Compliance and Risk Manager
Ensuring cybersecurity compliance across regulatory frameworks and industry standards.
Role Overview
As a Compliance and Risk Manager, you will be responsible for ensuring our organization meets all cybersecurity compliance requirements while effectively managing information security risks. This role requires deep knowledge of regulatory frameworks, risk assessment methodologies, and the ability to translate complex compliance requirements into actionable business practices.
You will work closely with legal, audit, and business teams to maintain compliance with various regulations while supporting business objectives and operational efficiency.
Key Responsibilities
Develop and maintain comprehensive cybersecurity risk management programs including risk assessment, treatment, and monitoring processes.
Ensure compliance with relevant cybersecurity regulations and standards including GDPR, HIPAA, PCI DSS, SOX, and industry-specific requirements.
Conduct regular compliance audits and risk assessments, documenting findings and coordinating remediation efforts with appropriate stakeholders.
Develop and maintain cybersecurity policies, procedures, and controls to address regulatory requirements and organizational risk tolerance.
Prepare compliance reports and documentation for internal stakeholders, auditors, and regulatory bodies as required.
Monitor changes in cybersecurity regulations and industry standards, assessing impact and implementing necessary updates to compliance programs.
Required Qualifications
Bachelor’s degree in Law, Business Administration, Cybersecurity, or related field, plus 6+ years of experience in compliance and risk management.
Deep knowledge of cybersecurity regulations and frameworks including GDPR, CCPA, HIPAA, PCI DSS, NIST Cybersecurity Framework, and ISO 27001.
Strong experience with risk assessment methodologies and tools, including qualitative and quantitative risk analysis techniques.
Professional certifications such as CISA, CRISC, CISSP, or legal qualifications related to privacy and cybersecurity law.
Excellent written and verbal communication skills with the ability to explain complex regulatory requirements to technical and business stakeholders.
Experience working with external auditors, legal counsel, and regulatory bodies during compliance assessments and investigations.
