Senior Manager of Risk and Compliance

Job Summary
This position is a hands-on leader responsible for the execution and operational delivery of Sorenson’s security compliance, risk management, and audit functions. This position oversees a team of compliance analysts and works cross-functionally with stakeholders to ensure Sorenson’s security controls and compliance objectives are met. They are responsible for managing day-to-day security risk activities, responding to client audit and assessment requests, overseeing third-party vendor reviews, and leading internal assessments and risk treatment tracking. The ideal candidate combines deep operational knowledge with the ability to mentor and guide a growing team.

Essential Duties and Responsibilities

• Designs and leads the information security risk assessment strategy, methodology, and process.
• Coordinates the execution of enterprise-wide information security risk assessments, including the reporting and oversight of risk treatment plans to address findings.
• Perform internal control reviews, gap assessments, and documentation of compliance with applicable security and privacy regulations (e.g. HIPAA, SOC 2, NIST, ISO 27001)
• Manage risk and compliance resources for team execution.
• Oversee the development and maintenance of security policies, standards, and procedures aligned with leading frameworks.
• Support contract and vendor reviews by assessing third-party risk and advising on risk acceptance / treatment in conjunction with Sorenson Vendor management processes.
• Deliver regular reporting on metrics, KPI’s, risk posture, exceptions, remediation and audit status to appropriate parties.
• Provide approved responses to client inquiries and maintain library of records, documentation, and responses.
• Ensure key security controls are identified, implemented, tested, and remediated as required.
• Evaluate and advise on security control recommendations to mitigate information security risks.
• Evaluate and advise on implementation and effectiveness of security controls for compliance with applicable information security laws, regulations, and policies.
• Work with business partners, global risk management, IT risk, product and data security, and outside consultants on required information security risk assessments and audits.
• Respond to security assessments, questionnaires and audits from regulators, clients and third-party business partners.
• Work directly with clients to provide advisory services and guidance that will reduce organizational risk, improve their overall security posture, and achieve compliance.
• Prepare reports and other deliverables that contain strategy, technical analysis, findings, and recommendations.
• Other duties as assigned.

Supervisory Responsibility
This position manages employees and is responsible for the performance management and hiring of the employees.

Travel Requirements
Travel Requirements: Less than 25%

Education Minimum/Preferred Education Description
Minimum 4 Year / Bachelors Degree Information Security, Information Systems or related Field
Minimum Certification CISA
Preferred Certification CISSP, CRISC, CISM, or other equivalents

Experience
Minimum Years of Experience Description
5+ years In Information Security with combinations in operational security, risk management, IT, Compliance and Audit
3+ years Specific to security risk management and compliance programs, process, and execution

Knowledge, Skills, and Abilities

• Ability to write solution workflow diagrams, system documentation, playbooks, etc.
• Strong analytical skills
• Excellent written and verbal communications skills, including presentational skills
• Understanding of or experience with industry and regulatory standards, including NIST 800-53, HIPAA Security Rule, ISO 2700x, AICPA SOC 2, PCI DSS, GDPR, CCPA
• Prior experience auditing and performing quality control actions of audits.
• Hands-on experience with GRC platforms and work management tools (e.g. Jira, Confluence)
• Demonstrated experience in curating cyber security strategies and programs for large and complex organizations
• Proven ability to operate independently, manage multiple priorities, and drive results in a deadline-driven environment.
• Proven track record in defining, developing, and implementing cyber risk management structures, governance models, organizational transformations in the areas of cyber security
• Strong domain expertise and understanding of five or more of following areas:
• Cyber risk program management and delivery
• Security architecture
• Security technologies (e.g., firewalls, security event monitoring, intrusion detection and prevention, malware detection)
• Data protection (application security/SDLC)
• Third party risk management
• Cloud security

Working Conditions and Physical Requirements

• Ability to sit and/or stand at a desk and work with a computer for extended periodsof time.
• Dexterity of hands and fingers to operate a computer keyboard, mouse, tools, and to handle other computer components.
• Regular and predictable attendance required.

Company Summary
Our Mission…Harnessing the power of language, we connect diverse people and enrich the human experience.

Our Vision…To provide global language services that expand opportunities, nurture belonging, and empower the world to connect beyond words.

As one of the world’s leading language services providers, Sorenson combines patented technology with human-centric solutions. We strive to increase accessibility and inclusion through communication solutions for all: call captioning and video relay services, over-video and in-person sign language and spoken language interpreting, translation, real-time captioning, and post-production language services. Sorenson’s impact vision and plan extends to enhancing generational wealth and inclusive workplaces for our employees and the communities we serve.

We achieve great things together working “The Sorenson Way” with our employee values: Customer First, Can-Do Attitude, Collective Action, Growth Mindset, Ownership, and Connect Direct.

Disclaimer
This position has access to highly confidential, sensitive information relating to the employees, customers, and technologies of Sorenson Communications. It is essential that applicant possess the requisite integrity to maintain the information in strictest confidence.

Apply today! www.sorenson.com/company/careers/

Equal Employment Opportunity:
Sorenson Communications is an EOE, Disability/Age Employer.