Manager, IT Risk & Compliance
Role details
Job location
Tech stack
Job description
The Manager of IT Risk & Compliance is a strategic leader within the Global IT Security organization, responsible for driving the enterprise Governance, Risk, and Compliance (GRC) program. This role ensures that information systems align with global security strategies, regulatory requirements, and the IT roadmap. Acting as a key liaison between IT Security and business stakeholders, the Manager leads proactive, data-driven cybersecurity initiatives that strengthen enterprise resilience, reduce risk exposure, and support secure business growth.
Detailed Description
Performs tasks such as, but not limited to, the following:
Regulatory & Compliance Leadership Lead enterprise-wide governance for frameworks and regulations including NIST 800-171, DFARS, and CMMC, ensuring consistent implementation and ongoing compliance.
CMMC Program Execution Drive organizational readiness and successful execution of CMMC Level 2 assessments across Aerospace & Defense (A&D) sites.
Audit & Assurance Management Oversee the full lifecycle of internal and external IT audits, including preparation, stakeholder coordination, and timely remediation of findings.
GRC Program Management Implement and manage the enterprise GRC platform to centralize compliance tracking, POA&M management, and risk reporting.
Identity & Access Governance Define and enforce access control standards, including compliance with complex global requirements such as ITAR and EAR.
Security Documentation & Standards Direct the development and maintenance of System Security Plans (SSPs) and supporting security documentation.
Risk Identification & Mitigation Partner with site-level IT teams to identify vulnerabilities and embed security controls into business processes.
Program & Project Leadership Lead cross-functional security and compliance initiatives, managing scope, timelines, resources, and executive reporting., Duties may require extended periods of sitting and sustained visual concentration on a computer monitor or on numbers and other detailed data. Repetitive manual movements (e.g., data entry, using a computer mouse, using a calculator, etc.) are frequently required.
Requirements
- Strong understanding of IT security frameworks and standards (e.g., NIST, ISO/IEC 27001, COBIT, ITIL)
- Expertise in regulatory requirements including CMMC, DFARS, SOX, HIPAA, PCI DSS, and global compliance standards
- Ability to translate complex security and risk concepts for both technical and non-technical audiences
- Proven experience in risk management, internal controls, and audit processes
- Strong project and program management capabilities
- Advanced analytical and problem-solving skills
- Effective communication, collaboration, and stakeholder management skills
- Experience with enterprise GRC tools and platforms
- Solid understanding of change management processes
Typical Experience
- 5-7+ years of experience in IT Security, Risk Management, or Compliance, preferably in manufacturing or defense environments
- Strong working knowledge of NIST 800-171, CMMC, ITAR, and GDPR
- Demonstrated ability to manage multiple complex initiatives in regulated environments
Preferred Certifications:
- CMMC Certified Professional (CCP) (highly preferred)
- CMMC Certified Assessor (CCA)
- CISSP, CISA, ISO/IEC 27001 Lead Auditor, or PMP
Typical Education
Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
Benefits & conditions
The stated range includes Base Salary and target Short-Term Incentive (STI) compensation only. A comprehensive benefits package is offered in addition to this range.
The range described in this posting is an estimate by the Company, and may change based on several factors, including but not limited to a change in the duties covered by the job posting, or the credentials, experience or geographic jurisdiction of the successful candidate.
Salary Range: $107,000 - 147,000 USD
