Information Security Manager

This role leads the firm’s Governance, Risk, and Compliance (GRC) program, including regulatory compliance, enterprise risk management, and audit assurance. It also owns Information Security AI governance, ensuring responsible and compliant use of AI and machine learning technologies.

The Manager oversees SOC 2 and ISO 27001 programs, a small team and works cross functionally with key business units.

Key Responsibilities

• Maintain security policies, standards, and governance framework
• Lead SOC 2 and ISO 27001 audits (readiness, evidence, remediation)
• Ensure compliance with regulatory, client, and contractual requirements
• Manage exceptions, risk acceptances, and compensating controls
• Maintain required security authorizations for regulated engagements
• Coordinate evidence collection and track renewal timelines
• Lead AI security governance and define usage standards
• Implement controls for AI tools (data, access, third-party risk)
• Support client/regulatory inquiries and track emerging requirements
• Maintain the risk register and conduct periodic assessments (including AI and third-party risk)
• Develop reporting and translate risks into business impact
• Assess vendor security posture and track remediation
• Lead audit coordination and track findings and improvements
• Manage and develop a team of three analysts
• Standardize processes and set priorities
• Partner across Security, Legal, Compliance, Privacy, and Data teams
• Support client assessments and due diligence

Qualifications

• Bachelor’s degree (relevant field preferred)
• 7–10 years in information security, GRC, audit, or risk
• Experience with SOC 2 and/or ISO 27001
• Team leadership experience
• Relevant certifications (e.g., CISSP, CISM, CRISC, CGRC) preferred
• Experience with GRC tools, third-party risk, and AI/data governance
• Strong communication and stakeholder management skills