Lead - IT Product Manager

The IT Compliance function is responsible for ensuring the organization s technology systems, infrastructure, and data adhere to relevant regulations, legal requirements, and internal policies. It includes assessing, developing, implementing, and monitoring controls and processes to mitigate risks, maintain audit readiness, and safeguard operational integrity.

We are seeking a motivated and experienced Lead IT Product Manager to help enable the next generation of IT compliance. This role requires a strong foundation in control implementation, risk management, and audit collaboration.

Key Responsibilities:

• Risk Management Framework: Help maintain and continuously improve the IT risk management framework, including policies and procedures.

• IT Risk Assessments: Conduct assessments to identify, evaluate, and mitigate risks across systems, infrastructure, and third-party vendors.

• Governance Frameworks: Support the implementation of IT governance frameworks such as COBIT, ISO 27001, and ITIL.

• Compliance Monitoring: Monitor adherence to regulatory requirements (e.g., GDPR, SOX, HIPAA) and internal controls.

• Risk and Control Documentation: Collaborate with IT and business units to document risks, controls, and mitigation strategies.

• Remediation Tracking & Reporting: Track and report on efforts to address identified IT risks or control deficiencies.

• Policy Development & Review: Assist in developing and reviewing key IT policies, including information security, acceptable use, and data classification.

• Audit Support: Prepare documentation and provide support for internal and external IT audits.

• Risk Register Management: Maintain an up-to-date risk register and ensure accurate, timely reporting to senior management.

• SOC Reports: Review, understand, and be able to explain the SOC reports and concepts.

• Continuous Learning: Stay current with emerging IT risks, trends, threats, and regulatory changes.

• Education and Enablement: Partner with functional areas to ensure that they understand their responsibilities regarding data security and regulatory adherence.

• SDLC Review: Assess SDLC projects and provide feedback on process improvements Qualifications

Experience

• 3-8 years in IT risk management, IT audit, information security, or governance

• Strong understanding of risk assessment methodologies, governance frameworks, and regulatory compliance

• Proven success in implementing controls, including for ITGC and ITAC

• Proficiency in reviewing and communicating SOC reports and procedures

• Expertise corresponding with internal and external audit teams

• Strong analytical and problem-solving skills

• Excellent written and verbal communication, across various functional areas and layers of the organization

• Ability to collaborate with technical and non-technical stakeholders

• Detail-oriented with strong organizational skills

• Desire for process efficiency and continuous improvement, including within the SDLC methodology

Preferred Qualifications

• Hands-on experience GRC tools such as Auditboard, RSA Archer, ServiceNow GRC, etc.

• Working and/or audit experience in SaaS applications like Netsuite, Salesforce, Workday, PowerBI, Blackline, AWS, etc.