Senior Manager of Risk and Compliance jobs in United States
cer-icon
Apply on Employer Site
company-logo

Sorenson Communications · 15 hours ago

Senior Manager of Risk and Compliance

positionUnited States
timeFull-time
remoteRemote
senioritySenior Level
date7+ years exp

Sorenson Communications is a leading language services provider that combines patented technology with human-centric solutions. They are seeking a Senior Manager of Risk and Compliance to design and lead the information security risk assessment strategy, oversee internal control management functions, and ensure compliance with security and privacy regulations.

Telecom & CommunicationsTelecommunicationsVoIP

Responsibilities

Designs and leads the information security risk assessment strategy, methodology, and process
Coordinates the execution of enterprise-wide information security risk assessments, including the reporting and oversight of risk treatment plans to address findings
Oversees all internal control management functions including design, implementation, continuous monitoring, and reporting of security and IT General Controls
Perform internal control reviews, gap assessments, and documentation of compliance with applicable security and privacy regulations (e.g. HIPAA, SOC 2, NIST, ISO 27001)
Oversee the development and maintenance of security policies, standards, and procedures aligned with leading frameworks
Support contract and vendor reviews by assessing third-party risk and advising on risk acceptance / treatment in conjunction with Sorenson Vendor management processes
Deliver regular reporting on metrics, KPI’s, risk posture, exceptions, remediation and audit status to appropriate parties
Provide approved responses to client inquiries and maintain library of records, documentation, and responses
Ensure key security controls are identified, implemented, tested, and remediated as required
Evaluate and advise on security control recommendations to mitigate information security risks
Work with business partners, global risk management, IT risk, product and data security, and outside consultants on required information security risk assessments and audits
Respond to security assessments, questionnaires and audits from regulators, clients and third-party business partners
Work directly with clients to provide advisory services and guidance that will reduce organizational risk, improve their overall security posture, and achieve compliance
Prepare reports and other deliverables that contain strategy, technical analysis, findings, and recommendations
Other duties as assigned

Qualification

Information SecurityRisk ManagementCompliance AuditingSecurity FrameworksCISA CertificationCISSP CertificationGRC PlatformsCyber Risk ManagementAnalytical SkillsCommunication SkillsLeadership ExperienceDocumentation Skills

Required

Designs and leads the information security risk assessment strategy, methodology, and process
Coordinates the execution of enterprise-wide information security risk assessments, including the reporting and oversight of risk treatment plans to address findings
Oversees all internal control management functions including design, implementation, continuous monitoring, and reporting of security and IT General Controls
Perform internal control reviews, gap assessments, and documentation of compliance with applicable security and privacy regulations (e.g. HIPAA, SOC 2, NIST, ISO 27001)
Oversee the development and maintenance of security policies, standards, and procedures aligned with leading frameworks
Support contract and vendor reviews by assessing third-party risk and advising on risk acceptance / treatment in conjunction with Sorenson Vendor management processes
Deliver regular reporting on metrics, KPI's, risk posture, exceptions, remediation and audit status to appropriate parties
Provide approved responses to client inquiries and maintain library of records, documentation, and responses
Ensure key security controls are identified, implemented, tested, and remediated as required
Evaluate and advise on security control recommendations to mitigate information security risks
Work with business partners, global risk management, IT risk, product and data security, and outside consultants on required information security risk assessments and audits
Respond to security assessments, questionnaires and audits from regulators, clients and third-party business partners
Work directly with clients to provide advisory services and guidance that will reduce organizational risk, improve their overall security posture, and achieve compliance
Prepare reports and other deliverables that contain strategy, technical analysis, findings, and recommendations
This position manages employees and is responsible for the performance management and hiring of the employees
Travel Requirements: Less than 25%
Minimum 4 Year / Bachelors Degree Information Security, Information Systems or related Field
Minimum Certification CISA
7+ years In Information Security with combinations in operational security, risk management, IT, Compliance and Audit
3+ years Leadership Specific to security governance, risk management and compliance programs, process, and execution
Ability to write solution workflow diagrams, system documentation, playbooks, etc
Strong analytical skills
Excellent written and verbal communications skills, including presentational skills
Understanding of or experience with industry and regulatory standards, including NIST 800-53, HIPAA Security Rule, ISO 2700x, AICPA SOC 2, PCI DSS, GDPR, CCPA
Prior experience auditing and performing quality control actions of audits
Hands-on experience with GRC platforms and work management tools (e.g. Jira, Confluence)
Demonstrated experience in curating cyber security strategies and programs for large and complex organizations
Proven ability to operate independently, manage multiple priorities, and drive results in a deadline-driven environment
Proven track record in defining, developing, and implementing cyber risk management structures, governance models, organizational transformations in the areas of cyber security
Strong domain expertise and understanding of five or more of following areas: Cyber risk program management and delivery, Security architecture, Security technologies (e.g., firewalls, security event monitoring, intrusion detection and prevention, malware detection), Data protection (application security/SDLC), Third party risk management, Cloud security
Ability to sit and/or stand at a desk and work with a computer for extended periods of time
Dexterity of hands and fingers to operate a computer keyboard, mouse, tools, and to handle other computer components
Regular and predictable attendance required

Preferred

Preferred Certification CISSP, CRISC, CISM, or other equivalents

Company

Sorenson Communications

twittertwitter
Glassdoor3.2
company-logo
Sorenson Communications provideS the highest-quality communication products and services to all deaf and hard-of-hearing individuals.
dateFounded in 2003
location
Salt Lake City, Utah, USA
people-size10001+ employees
web-link
http://www.sorenson.com

Funding

Current Stage
Late Stage

Leadership Team

leader-logo
Paget Alves
Chairman & Chief Executive Officer
linkedin
leader-logo
Brandon Arthur
Chief Corporate Development Officer
linkedin

Recent News

Newsfile
Sorenson Appoints Kaj van de Loo as General Manager of Advanced Sign Technology
2025-12-10
TechAfrica News
Athena Core Technologies Appoints Jorge Rodriguez as CEO to Lead East Africa’s Digital Infrastructure Expansion
2025-10-23
thefastmode.com
Athena Core Appoints Jorge Rodriguez as CEO to Expand East Africa's DC & Fiber Network
2025-10-22
Company data provided by crunchbase