The Cybersecurity Compliance Manager will serve as a strategic leader and hands-on expert in enterprise cybersecurity governance, risk, and compliance. This role is designed for a highly skilled professional with deep technical acumen and a proven track record of managing complex security frameworks, regulatory obligations, and audit readiness. The successful candidate will be responsible for driving risk mitigation, maintaining policy integrity, and ensuring the organization’s cybersecurity posture aligns with evolving federal and state regulations. This is not a role for a generalist-it requires a practitioner with advanced knowledge, precision, and the ability to lead and execute at the highest level.

REQUIRED SKILLS AND QUALIFICATIONS

• Master’s degree in Information Systems, Cybersecurity, or a related field (or equivalent experience).
• Minimum of 7 years of hands-on experience in cybersecurity compliance, risk management, and policy governance.
• Demonstrated leadership in managing cross-functional security initiatives and mentoring technical teams.
• Expertise in GRC platforms (preferably Onspring) and enterprise risk frameworks.
• Strong knowledge of federal/state cybersecurity regulations, audit standards, and policy enforcement.
• Industry certifications such as CISSP, CISA, CRISC, or equivalent are preferred.
• Exceptional communication skills with the ability to present complex risk data to executive audiences.
• Proven ability to work independently while leading collaborative efforts across departments.

• Lead the enterprise-wide enhancement and utilization of the Governance, Risk, and Compliance (GRC) platform (Onspring) for cybersecurity risk management.
• Oversee the full lifecycle of cybersecurity risks, including identification, mitigation planning, tracking, and closure.
• Improve engagement and accountability among risk owners to ensure timely mitigation.
• Communicate risk posture, trends, and mitigation timelines to executive leadership and stakeholders.
• Monitor and interpret changes in federal and state cybersecurity regulations and assess their impact on business operations.
• Maintain and enforce cybersecurity policies, ensuring operational alignment with regulatory and contractual obligations.
• Audit technical teams and departmental applications for compliance with security policies, access controls, and governance standards.
• Conduct third-party risk assessments and annual reviews of vendor cybersecurity practices.
• Manage the completion of cybersecurity audit questionnaires for external stakeholders and partners.
• Lead the cybersecurity components of SOC 2 Type 2 audits for applicable business units.