Manager Information Security Compliance

Manager, Information Security Compliance & Risk | Hybrid, Boston, MA | $180,000–$200,000 + 20% Bonus | GRC • Risk • Audit • AI Governance

A leading global professional services organization is seeking a Manager of Information Security Compliance & Risk to lead and mature their firmwide GRC program. This is a high‑visibility leadership role overseeing a team of analysts and driving governance, audit readiness, third‑party risk, and AI security strategy.

The team is currently overloaded due to increased demand and rapid security evolution. This role was created to bring structure, leadership, and long‑term scalability — not just “add more bodies.” You’ll play a central role in shaping automation, modernizing processes, and scaling the entire GRC function.

What You’ll Lead

• Ownership of information security governance, risk, audit, and compliance programs
• SOC 2, ISO 27001, and regulatory audit oversight (non‑negotiable requirement)
• AI governance: policies, assessments, risk controls, emerging regulatory alignment
• Third‑party risk management, including modern vendor + sub‑vendor chains
• Enterprise risk register, dashboards, and leadership reporting
• Coordination across Security Engineering, Operations, Legal, Compliance, and Privacy
• Team leadership for three analysts + temporary staff (not hands‑on execution, but program leadership)

What You Bring

• Previous management experience leading a GRC or similar function
• Strong, up‑to‑date understanding of modern GRC, AI governance, and emerging risks
• Technical depth — able to understand what analysts do day‑to‑day, even if not doing the work yourself
• Experience with modern third‑party risk evaluation and vendor ecosystem assessments
• Exposure to complex or enterprise‑level security problems
• Bachelor’s degree strongly preferred; CISM or similar certification highly valued
• Exceptional communication and soft skills — this role requires executive‑level polish
• Not suitable for candidates with zero audit experience

Why This Role Stands Out

• Work directly under a highly respected security leader
• No history of layoffs — strong organizational stability
• Security is deeply embedded into the business, not a back‑office afterthought
• Opportunity to define automation strategy and scale the GRC program long‑term
• High impact, high visibility
• Compensation is reliable and bonus structure is consistent year‑over‑year

If you’re an experienced GRC leader looking to make a meaningful impact in a stable, forward‑thinking environment, feel free to reach out or send your resume.