Sr. Manager- Information Security Risk & Compliance
Location: Onsite 4 days a week in Atlanta, GA
Duration: Perm/ Full time role
Compensation: $170,000 to $190,000 per year
JOB DESCRIPTION
The Senior Manager – Information Security Risk & Compliance is a hands-on leader responsible for executing and operating the organization’s information security risk and compliance programs. This role directly performs risk assessments, supports audits, manages GRC tooling, and works closely with technical teams to remediate control gaps. The role balances leadership responsibilities with day-to-day execution and technical depth.
REQUIRED SKILLS AND EXPERIENCE
- Bachelor’s degree in Information Security, Computer Science, or related field.
- 8–12+ years of experience in information security, risk, compliance, or IT audit roles.
- Strong hands-on experience with risk assessments, audits, and control testing.
- Practical working knowledge of NIST CSF, ISO 27001/27002, SOC 2, and cloud security controls.
- Ability to independently manage multiple assessments and audits end-to-end. Preferred Certifications
- CISSP, CISM, CRISC, CISA, ISO 27001 Lead Implementer/Auditor, or equivalent.
Key Skills & Competencies
- Deep technical understanding of security controls and risk mitigation
- Strong documentation and evidence management skills
- Ability to translate compliance requirements into technical actions
- Comfortable working in fast-paced, hands-on environments
- Strong problem-solving and attention to detail
Key Responsibilities Hands-On Risk Management
- Perform and lead information security risk assessments across applications, infrastructure, cloud environments, and business processes.
- Maintain risk registers, document findings, assign remediation actions, and track closure.
- Conduct threat modeling and control gap analyses in collaboration with engineering and security teams.
- Perform and review third-party/vendor security risk assessments and questionnaires. Compliance & Audit Execution
- Directly manage compliance efforts for frameworks and regulations such as ISO 27001, SOC 2, PCI DSS, SOX, GDPR, or HIPAA (as applicable).
- Prepare audit evidence, coordinate walkthroughs, and respond to auditor and regulator requests.
- Execute control testing and validate control design and operating effectiveness.
- Track remediation plans and validate corrective actions. Policy, Standards & Controls
- Draft, update, and maintain information security policies, standards, and procedures.
- Map technical and administrative controls to compliance requirements and business risks.
- Work hands-on with system owners to design and implement security controls. GRC Tools & Metrics
- Administer and optimize GRC tools (e.g., Varonis, Lighbeam, Tenable, Auditboard etc).
- Build risk dashboards, compliance metrics, and executive-level reporting.
- Automate evidence collection and control monitoring where possible. Cross-Functional Collaboration
- Work closely with IT, Cloud, DevOps, Security Operations, Legal, Privacy, and Internal Audit teams.