Overview
We are seeking a dynamic and highly skilled IT Governance & Compliance Manager to lead our organization's information security and IT governance initiatives. In this pivotal role, you will drive the development, implementation, and oversight of comprehensive security policies, ensuring adherence to regulatory frameworks and industry standards. Your expertise will help safeguard our IT infrastructure, manage risk assessments, and promote a culture of security awareness across all levels of the organization. Join us to shape our security landscape, enhance compliance programs, and champion best practices in cybersecurity and IT governance.
IT Governance & Compliance Manager
Responsible for ensuring the organization's information technology policies, systems, and processes comply with international regulations, industry standards, and corporate governance requirements. Serves as the subject matter expert for European and U.S. regulatory frameworks, collaborating with cross-functional teams to implement and maintain compliant IT operations.
IT Administration and Support
- Serve as one of the organization's primary global administrators for Microsoft 365 (Business Premium), managing user accounts, licensing, groups, mailboxes, security settings, and administrative roles across both locations.
- Provide on-site, first- and second-line IT support for end users, including troubleshooting hardware, software, printing, and connectivity issues, and coordinating escalations as needed.
- Administer and maintain on-premises infrastructure, including the Windows domain controller, application server, network firewall, local network equipment, and the Synology file and backup servers.
- Perform user lifecycle management (onboarding, offboarding, and access changes) in accordance with least privilege and access-control policies.
- Manage endpoint provisioning, configuration, patching, and security (antivirus/EDR, disk encryption, and device compliance) for desktops, laptops, and mobile devices.
- Monitor and verify backups, storage health, and system availability, and support disaster-recovery and business-continuity procedures.
- Maintain network connectivity and security, including firewall rules, VPN access, Wi-Fi, and switching, coordinating with vendors and the other location as required.
- Track and manage IT assets, licenses, and inventory, and maintain accurate configuration and system documentation.
- Apply and enforce IT policies, security controls, and compliance requirements in daily operations, ensuring administrative activities align with the organization's governance, risk, and compliance program.
- Maintain support records, change logs, and operational documentation to support audits, troubleshooting, and knowledge transfer.
Key Responsibilities:
- Develop, implement, and maintain IT governance, risk, and compliance (GRC) programs across global operations.
- Ensure compliance with European and U.S. regulatory requirements, including data privacy, cybersecurity, and information security standards.
- Interpret and apply international regulations, corporate policies, and industry best practices to IT processes and technology initiatives.
- Conduct IT risk assessments, compliance audits, and gap analyses, recommending corrective actions where necessary.
- Partner with legal, security, infrastructure, application development, and business stakeholders to ensure regulatory compliance.
- Create, update, and maintain IT policies, standards, procedures, and governance documentation.
- Monitor changes to global regulations and industry standards, evaluating their impact on business operations and technology environments.
- Support internal and external audits by preparing documentation, responding to audit requests, and coordinating remediation efforts.
- Oversee third-party vendor compliance and ensure suppliers meet contractual and regulatory security requirements.
- Deliver compliance awareness training and provide guidance to IT and business teams on governance and regulatory obligations.
- Develop metrics and executive reports on compliance status, risks, and remediation activities.
Qualifications:
- Strong knowledge of European regulations (including GDPR and related privacy laws) and U.S. IT regulatory and security frameworks.
- Experience with IT governance, risk management, cybersecurity, and compliance programs.
- Familiarity with standards such as ISO 27001, NIST Cybersecurity Framework, SOC 2, COBIT, and ITIL.
- Experience managing audits, risk assessments, and policy development.
- Excellent analytical, organizational, and communication skills.
- Ability to translate complex regulatory requirements into practical business and technical solutions.
- Bachelor’s degree in information technology, Computer Science, Cybersecurity, or a related field; relevant certifications such as CISSP, CISM, CRISC, CGEIT, or CISA are preferred.
Pay: $75,000.00 - $85,000.00 per year
Benefits:
- Flexible spending account
- Health insurance
- Paid time off
- Retirement plan
Work Location: In person