The Senior Manager – Information Security Risk & Compliance is a hands-on leader responsible for executing and operating the organization’s information security risk and compliance programs. This role directly performs risk assessments, supports audits, manages GRC tooling, and works closely with technical teams to remediate control gaps. The role balances leadership responsibilities with day-to-day execution and technical depth.
Key Responsibilities
Hands-On Risk Management
• Perform and lead information security risk assessments across applications, infrastructure, cloud environments, and business processes.
• Maintain risk registers, document findings, assign remediation actions, and track closure.
• Conduct threat modeling and control gap analyses in collaboration with engineering and security teams.
• Perform and review third-party/vendor security risk assessments and questionnaires.
Compliance & Audit Execution
• Directly manage compliance efforts for fram...