Information Security Risk Compliance Manager

New York, United States | Posted on 09/26/2025

Job Title: Information Security Risk Compliance Manager

Location-NYC, NY

Descrption

Seeks an Information Security Risk Compliance Manager who will have the responsibility for several functions associated with IT security – from ensuring the security of software to selecting and/or constructing and deploying broader network security systems.

Scope of Work

Objectives:

The Information Security Risk Compliance Manager oversees the organization's efforts in

• Compliance management,
• Security awareness and training,
• Security audits and assessments, reporting and communication, continual improvement, and cross-functional collaboration.
• Theirrole is to ensure that the organization's systems, networks, and processes are secure, compliant with regulations and standards, and aligned with organizational goals and objectives.

Responsibilities:

• Conduct risk assessments to identify potential threats and vulnerabilities to the organization.
• Develop and implement risk management strategies and policies to mitigate identified risks.
• Monitor and evaluate risk exposure across various departments and business units.
• Coordinate with stakeholders to ensure compliance with regulatory requirements and industry standards.
• Communicate risk management strategies and findings to senior management and relevant stakeholders.
• Leadthe development and maintenance of the organization's risk register andrisk management framework.
• Provide guidance and support to departments and teams in implementing risk mitigation measures.
• Conduct training and awareness programs on risk management principles and practices.
• Continuously monitor and review the effectiveness of risk management strategies andadjust as necessary.
• Stay updated on emerging risks and industry trends to proactively address potential threats to the organization.
• Maintain and enhance the company-wide security awareness program.
• Take ownership of establishing and enforcing security standards both within theteam and across the organization. Work proactively and collaboratively toachieve change management and buy-in.
• Compliance Management:
  Ensure compliance with relevant regulations, standards, and frameworks such as GDPR, HIPAA, ISO 27001, NIST, etc., by establishing and maintaining appropriate controls and processes.
• Risk Mitigation:
  Develop and oversee risk mitigation strategies and controls toaddress identified security risks, including implementing technical controls, security best practices, and security awareness training programs.
• Incident Response:
  Develop and implement incident response plans and procedures to effectively respond to and manage security incidents, including data breaches, cyberattacks, and security breaches.
• Vendor
  
  Risk Management:
  
  Assess and manage risks associated with third-party vendors and service providers, including evaluating their security posture, conducting due diligence assessments, and ensuring contractual compliance.
• Cross-functional collaboration:
  Collaborate with IT teams, legal, HR, compliance, and other departments to ensure a holistic approach to information security risk management and compliance.
• Continual Improvement:
  Monitor industry trends, emerging threats, and regulatory changes to ensure that the organization's information security risk and compliance programs remain up-todate and effective.

Preferred

Skills:

• Excellent verbal and written communication skills.
• Abilityto work both independently and as part of a team.
• Knowledge of Networking (Firewall, Networking Protocols);
• Working knowledge Frameworks
• Working knowledge of Information Security Domains