Manager (IT) Compliance & Audit
ZS IT Governance, Risk & Compliance (GRC) team
Information Security, Privacy, and Environmental, Social & Governance (ESG)
independent assurance
Additionally, the GRC team fosters continuous improvement, not only by responding to evolving regulations but by driving proactive initiatives that embed a culture of compliance and risk awareness throughout ZS operations. This holistic approach helps safeguard ZS assets, data, and relationships in a fast-paced and increasingly interconnected business environment.
Manager (IT) Compliance & Audit
Manager, IT Compliance & Audit
Key Responsibilities:
Compliance & Audit Management:
- Lead and manage the implementation, maintenance, and certification processes for ISO 27001, 27701, 27017, HITRUST, SOC 2, SOC 3, and similar standards.
- Oversee and manage internal and external audits, identifying gaps, and ensuring timely closure of audit findings.
- Collaborate with cross-functional teams, including IT, security, legal, and risk management, to ensure alignment on security compliance initiatives.
- Drive continuous improvement initiatives to enhance compliance posture, developing and enforcing security policies, procedures, and controls.
Stakeholder Collaboration & Communication:
- Act as the primary liaison between teams and external auditors, certification bodies, and regulators.
- Build and maintain strong working with key stakeholders, including the CISO, CRO, DPO, Head of Cloud Engineering, IT, and legal teams, to ensure compliance objectives are met.
- Provide expert advice on compliance issues and support various departments with technical and policy-driven .
People Management & Leadership:
- Lead, mentor, and develop a team of professionals, fostering a high-performance culture.
- Manage team workload, project , and career development, ensuring that the team is up-to-date with industry standards and compliance practices.
- Oversee team training programs to ensure sharing and skills development in compliance and audit.
Project Management & Reporting:
- Lead compliance projects, including forecasting, resource planning, and reporting progress to leadership committees.
- Develop project timelines, track, and ensure timely delivery of compliance and audit activities.
- Provide regular reports and updates to management, including dashboards and key performance indicators (KPIs) to assess the organizations compliance and risk posture.
- Collaborate with internal teams to ensure smooth integration of compliance requirements into new and existing technologies, including AI, cloud services, and data privacy technologies.
Strategic Planning & Operational Compliance:
- Contribute to the development of the organizations broader compliance strategy, aligning with industry trends and emerging regulations.
- Proactively identify potential risks and vulnerabilities and develop risk mitigation strategies.
- Lead operational compliance efforts across various functions, ensuring comprehensive coverage of security, privacy, and data protection requirements.
Qualifications & Experience:
- Bachelors degree in computer science, Information Technology, Cybersecurity, or a related field. A masters degree or MBA is preferred.
- Minimum 10-12 years of experience in IT compliance, audit, and information security, with specific experience managing ISO 27001, ISO 27701, ISO 27017, HITRUST, SOC 2, SOC 3, and related certifications.
- Proven track record of managing compliance programs and leading audits across large, complex organizations.
- Strong leadership and people management experience, with a demonstrated ability to lead, develop, and motivate high-performing teams.
- Excellent project management skills with the ability to manage budgets, forecasts, timelines, and complex stakeholder requirements.
- Deep understanding of cloud security (Azure, AWS, GCP) and privacy standards, with experience working with cloud engineering and DevSecOps teams.
- Strong problem-solving skills with the ability to influence and engage with C-level executives and senior stakeholders.
Certifications (Preferred):
- CISA (Certified Information Systems Auditor)
- CISSP (Certified Information Systems Security Professional)
- CISM (Certified Information Security Manager)
- ISO 27001 Lead Auditor/Lead Implementer
- HITRUST Certified CSF Practitioner
- Certified Cloud Security Professional (CCSP)
- PMP (Project Management Professional) or equivalent certification
Skills:
- Strong technical knowledge in information security standards and frameworks.
- Exceptional communication and presentation skills, with the ability to articulate complex compliance issues to technical and non-technical audiences.
- Experience with AI and its implications n compliance, security, and data privacy will be an advantage.
- Proficiency in GRC (Governance, Risk, and Compliance) tools and software.
Why Join Us?
ZS is a global consulting firm; fluency in English is required. Candidates must possess work authorization for their intended country of employment. An on-line application, including a cover letter expressing interest and a full set of transcripts (official or unofficial), is required to be considered.
ZS offers a competitive compensation package with salary and bonus incentives, plus an attractive benefits package.
- Opportunity to lead and shape the compliance landscape of a forward-thinking organization.
- Work with cutting-edge technologies in a collaborative, dynamic environment.
- Competitive compensation and benefits package.
