This is an onsite position and requires USC or GC. Non-negotiable

Lead the development, implementation, and continuous improvement of the IT compliance framework

• Ensure alignment with regulatory requirements and industry standards (e.g., NIST, ISO 27001, SOC 2, PCI-DSS,

GDPR, SOX)

• Assist with maintaining IT policies, standards, and procedures

• Oversee IT risk assessments, control evaluations, and mitigation strategies

• Assist with the maintenance and management of the enterprise IT risk register with risk ownership and

remediation tracking

• Partner with CISO to align compliance and security risk priorities

• Serve as primary liaison for internal and external audits (e.g., SOX ITGC, SOC, PCI)

• Coordinate audit responses, evidence collection, and remediation activities

• Ensure timely closure of audit findings and control gaps

• Assist with implementation and monitoring of IT general controls (ITGCs) and automated controls

• Evaluate effectiveness of controls and recommend enhancements

• Support continuous monitoring and compliance automation initiatives

• Oversee IT compliance aspects of third-party risk management programs

• Ensure vendors meet security and compliance requirements (e.g., due diligence, ongoing assessments)

• Collaborate with cybersecurity, procurement, and legal teams on contractual compliance