We are seeking an IT Compliance & Risk Manager to lead the governance and assurance functions for our Information Technology Division. Reporting directly to the Head of IT, you will serve as the guardrails for the IT department, ensuring that our diverse technology landscape, ranging from Corporate Applications and Digital Workplace to Infrastructure and Cyber Security that operates within acceptable risk and compliance standards.
You will manage the IT Risk framework, oversee operational process compliance, lead audit engagements, and manage a direct report responsible for Identity Governance. Your goal is to provide the Head of IT with a clear, honest view of the organization's risk posture while ensuring operational teams adhere to defined policies.
Key Responsibilities
1. Enterprise Risk Management & Reporting
- Risk Framework Owner: Define and maintain the IT Risk Management framework, tailoring industry standards (NIST/ISO) to the specific needs of a fast-moving media enterprise.
- Executive Reporting: Act as the strategic risk advisor to the Head of IT. Produce monthly State of Compliance reports, risk heatmaps, and executive dashboards that translate technical issues into business risks.
- Risk Register: Maintain a live IT Risk Register, actively tracking vulnerabilities across Infrastructure, Cyber Security, and Applications, and driving remediation efforts with technical leads.
2. Operational Compliance & Process Assurance
- Process Governance (ITIL/COBIT): Go beyond theoretical controls to ensure operational reality matches policy. Verify that the Service Desk, Infrastructure, and Digital teams are adhering to Standard Operating Procedures (SOPs).
- Change Management: Sit on the Change Advisory Board (CAB) or oversee the process to ensure that changes to production environments (both Enterprise and Digital) follow strict approval workflows and testing protocols.
- Policy Lifecycle: Own the lifecycle of all IT policies. Ensure they are updated annually, communicated effectively to staff, and enforced operationally.
- Disaster Recovery (DR) Assurance: Verify that DR plans for critical infrastructure and applications are not just documented, but regularly tested and validated to ensure that recovery objectives are aligned with Business Continuity requirements in partnership with the BCP function.
3. Audit Management (Internal & External)
- Audit Liaison: Serve as the primary point of contact for all IT-related audits, managing relationships with Internal Audit and External Auditors (Big 4).
- Control Assurance (ITGC): Guarantee the design and operating effectiveness of IT General Controls, specifically focusing on Financial (ERP) and HR systems.
- Deficiency Remediation: Drive the closure of audit findings. Work with technical teams to implement practical, sustainable fixes for identified gaps.
4. Team Leadership & Identity Oversight
- Managerial Oversight: Manage and mentor the Identity Management Compliance Manager. Provide strategic direction to ensure their work on workforce access governance aligns with broader IT security goals.
- Identity Assurance: Retain overall accountability for the Identity governance function, ensuring that User Access Reviews (UAR) and Joiner/Mover/Leaver (JML) processes are executed compliantly by your direct report.
Collaboration Structure
- Head of IT: You act as the control conscience for the department, providing transparency on risk.
- Digital Workplace Lead: You ensure that the tools provided to employees meet data handling and privacy standards
- Application & Infrastructure Leads: You validate that their operational realities align with compliance requirements (e.g., are servers actually patched according to the policy).
- Cyber Security Leads: Partner closely to provide independent risk and compliance oversight, ensuring that infrastructure and security controls are operating in line with approved policies and risk appetite.
- Enterprise Risk: Partner closely to provide input into the overall Risk management for the organization
Qualifications & Experience
Education & Certifications
- Bachelor's degree in Information Systems, Business Administration, or related field.
- Required: CISA (Certified Information Systems Auditor) or CRISC (Certified in Risk and Information Systems Control).
- Preferred: ITIL Foundation/Practitioner (to demonstrate operational process understanding) or CISM.
Experience
- 8+ years of experience in IT Governance, Risk, and Compliance (GRC).
- People Management: Experience managing direct reports or small teams.
- Operational Background: Experience not just in auditing, but in understanding IT Operations. You should understand how a Service Desk works, how server patching is operationalized, and how Change Management functions in a live environment.
- Media/Enterprise Experience: Experience working in complex environments with a mix of standard corporate IT and specialized digital/production technologies.
Core Competencies
- Process Oriented: Ability to look at an operational workflow (e.g., How do we deploy code) and identify control gaps.
- Pragmatic Governance: Ability to balance the need for strict compliance with the need for operational speed in a media organization.
Communication: Ability to report upwards clearly and concisely to senior leadership.
