CYBERSECURITY RISK & COMPLIANCE MANAGER

Job Title: Cybersecurity Risk & Compliance Manager

Location: Remote (USA)

Job Type: Full-Time

Department: Information Security / GRC (Governance, Risk, and Compliance)

About The Role

A top leading U.S based company is hiring an experienced and motivated Cybersecurity Risk & Compliance Manager to join the growing Information Security team. This fully remote role is responsible for developing, implementing, and maintaining our organization’s cybersecurity risk management and compliance programs. You will play a key role in ensuring that our security practices align with regulatory requirements, industry standards, and internal policies.

This position offers the flexibility of remote work and the opportunity to shape the risk and compliance landscape of a dynamic and fast-paced organization.

Risk Management

1. Lead the development and execution of the enterprise cybersecurity risk management framework.
2. Conduct regular risk assessments, threat modelling, and risk treatment planning across systems, processes, and vendors.
3. Identify, assess, and communicate risks to executive leadership and stakeholders with actionable recommendations.
4. Track and manage risk remediation efforts and risk register updates.

Compliance & Audit

1. Ensure compliance with relevant regulatory and industry frameworks such as NIST CSF, ISO 27001, SOC 2, PCI-DSS, HIPAA, GDPR, CCPA, and others as applicable.
2. Manage internal and external audits, including evidence collection, coordination with control owners, and auditor interactions.
3. Maintain and continuously improve cybersecurity policies, procedures, and standards.
4. Monitor changes in laws and regulations to ensure ongoing compliance.

Governance

1. Support the development and maintenance of GRC tools and platforms for managing risk, compliance, and audit activities.
2. Develop metrics and dashboards for reporting on cybersecurity risk and compliance posture.
3. Promote awareness and understanding of risk and compliance requirements across departments.

Third-Party Risk Management

1. Lead the vendor risk management process including security due diligence, risk assessments, and ongoing monitoring.
2. Review and assess third-party contracts and security documentation.

Requirements

1. Bachelor’s degree in Cybersecurity, Information Technology, Risk Management, or a related field. A Master’s degree is a plus.
2. 5+ years of experience in cybersecurity, with at least 3 years in risk management and compliance roles.
3. Strong knowledge of regulatory frameworks and standards (e.g., NIST, ISO, SOC 2, PCI-DSS, HIPAA).
4. Experience with GRC platforms (e.g., ServiceNow, Archer, LogicGate, OneTrust).
5. Familiarity with cloud environments (e.g., AWS, Azure, GCP) and associated security and compliance requirements.
6. Strong analytical, organizational, and communication skills.
7. Ability to work independently and manage multiple priorities in a remote setting.

Benefits

1. 100% remote work flexibility within the USA
2. Competitive salary and performance bonuses
3. Comprehensive health, dental, and vision insurance
4. 401(k) with company match
5. Generous PTO, paid holidays, and parental leave
6. Professional development opportunities and certification reimbursement
7. A collaborative and innovative work culture.

Equality Statement:

We are committed to creating a diverse environment and are proud to be an equal opportunity employer. All qualified applicants will receive consideration without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.