The Client Questionnaires & Audit Manager - IS & Risk Mgt.

Client Questionnaires & Audit Manager, Information Security & Risk Management

Role Description:

• The Client Questionnaires & Audit Manager, Information Security position will be an integral member of the Information Security and Risk Management team. This role will be responsible for organizing and managing internal and external audits. Work in Chief Information Security Officer (CISO) office under Director, Information Security Governance, Risk and Compliance. Successful candidate will have a good mix of security knowledge, understanding of industry best practice, and a demonstrated background in information security risk management.
• The candidate will be responsible for managing and responding to client security questionnaires, audits, and assessments related to the organizations information security posture. This role involves working closely with internal teams, clients, and external auditors to ensure the companys security practices align with industry standards and client requirements. The manager will also coordinate audit activities to ensure compliance with security frameworks and regulations.

The ideal candidate:

• is a self-starter, with the ability to drive tasks to completion independently and learn new skills on the job as program requirements evolve.
• possesses strong business judgment, deep analytical thinking, is comfortable managing multiple responsibilities within a fast-paced environment, and has worked collaboratively with others to develop, implement, and communicate business improvement and innovative strategies.
• possesses strong verbal and written communication skills, a solution-oriented approach, and relationship-building skills are important attributes to succeed in this role. Successful candidate will develop strong relationships, collaborate across teams, coordinate multiple timelines, and manage complex, cross discipline projects.
• global view of their business and think in terms of immediate problem solving but also automating, expanding, and scaling solutions broadly.

Responsibilities:

• Client Security Questionnaires:
• Establish a repository of standardized security questionnaire responses and ensure they are updated with the implemented security controls, certifications, and policies.
• Manage responses to client security questionnaires in a timely and accurate manner.
• Collaborate with internal teams (e.g., IT, legal, Information Security) to gather necessary documentation and information for client inquiries.
• Serve as the main point of contact for clients regarding security-related inquiries and responses.
• Client MSA Security Terms and Conditions Review:
• Create security terms and conditions for inclusion in contracts.
• Review security terms and conditions and provide feedback to legal team.
• Audit Coordination:
• Lead and coordinate client and internal audits to assess the organization's compliance with security policies, procedures, and regulatory requirements (e.g., ISO 27001, HIPAA).
• Serve as the liaison between the organization and external auditors or clients performing audits.
• Prepare and provide evidence for security audits, ensuring all documentation is complete and accurate.
• Collaborate with internal teams to design and implement mitigation strategies for identified risks.
• Collaborate with control owners to create corrective action plans to ensure appropriate remediation efforts are implemented and completed in a timely manner.
• Cyber Insurance Response:
• Respond to cyber insurance questionnaires based on implemented security controls, certifications, and policies.
• Process Improvement:
• Identify opportunities to improve the efficiency and effectiveness of client questionnaire responses and audit processes.
• Develop and implement templates, and workflows to streamline the completion of client questionnaires.
• Continuously improve the organization's internal audit and compliance processes to meet client expectations.
• Stakeholder Engagement:
• Engage with clients and third-party auditors in discussions around the organization's security posture.
• Communicate effectively with internal stakeholders, including IT, legal, compliance, and senior leadership, to ensure timely responses to audits and questionnaires.
• Provide recommendations to management regarding areas of improvement in security practices and compliance.

Experience:

• 10+ years of experience in information security, with a focus on audit management.
• Experience with responding to security questionnaires and managing client audits.
• Experience in managing third-party audits and internal audit processes.
• Familiarity with compliance frameworks such as NIST, ISO 27001, HIPAA, and others.
• Demonstrated advanced verbal and written communication skills
• Excellent project management and organizational skills, with the ability to handle multiple audits and client requests simultaneously.
• Excellent organization skills and be a self-motivated learner

Qualifications:

• Bachelors degree in Information Security, Cybersecurity, Communications, Education, Computer Science, Engineering or related field or equivalent work experience
• CISA, CRISC, CISM, or CISSP certifications (one or more) preferred

Why Join Us

• Remote work flexibility and a collaborative team environment.
  
• Work on meaningful Transformation projects with global clients.
  
• Continuous learning and growth opportunities.
  
• Supportive culture where your voice matters and your work makes an impact.