This is an onsite position and requires USC or GC. Non-negotiable
Lead the development, implementation, and continuous improvement of the IT compliance framework
• Ensure alignment with regulatory requirements and industry standards (e.g., NIST, ISO 27001, SOC 2, PCI-DSS,
GDPR, SOX)
• Assist with maintaining IT policies, standards, and procedures
• Oversee IT risk assessments, control evaluations, and mitigation strategies
• Assist with the maintenance and management of the enterprise IT risk register with risk ownership and
remediation tracking
• Partner with CISO to align compliance and security risk priorities
• Serve as primary liaison for internal and external audits (e.g., SOX ITGC, SOC, PCI)
• Coordinate audit responses, evidence collection, and remediation activities
• Ensure timely closure of audit findings and control gaps
• Assist with implementation and monitoring of IT general controls (ITGCs) and automated controls
• Evaluate effectiveness of controls and recommend enhancements
• Support continuous monitoring and compliance automation initiatives
• Oversee IT compliance aspects of third-party risk management programs
• Ensure vendors meet security and compliance requirements (e.g., due diligence, ongoing assessments)
• Collaborate with cybersecurity, procurement, and legal teams on contractual compliance