Manager, Information Security Compliance & Risk

Manager, Information Security Compliance & Risk

6 Month Contract-to-Hire

Boston, MA - 3 Days Onsite

firstPRO is currently accepting resumes for a Manager, Information Security Compliance & Risk opportunity with our banking client.

This individual will play a key leadership role in driving enterprise-wide security governance, risk management, and compliance initiatives across a highly regulated financial services environment. The ideal candidate will combine strong technical understanding with strategic oversight, helping ensure security controls, cloud technologies, and data platforms align with regulatory requirements and organizational risk standards.

This position will lead a small team while partnering closely with IT, infrastructure, audit, legal, and business stakeholders to strengthen the organization’s overall security posture and governance framework.

Responsibilities

• Manage and mentor a team of 2–3 direct reports focused on security compliance, governance, and risk initiatives.
• Lead the development, implementation, and continuous improvement of information security policies, standards, and controls.
• Partner with technology and business teams to identify, assess, and mitigate cybersecurity and operational risks.
• Oversee compliance efforts related to banking and regulatory requirements, including internal audits, external audits, and risk assessments.
• Support governance and security oversight for cloud environments, primarily within AWS.
• Collaborate with data and analytics teams supporting Snowflake environments to ensure secure data governance and access management practices.
• Assist in establishing and maintaining AI governance frameworks, including responsible AI usage, risk oversight, and policy alignment.
• Monitor security controls, remediation activities, and risk mitigation efforts across enterprise systems and applications.
• Conduct vendor and third-party security risk reviews and ensure alignment with organizational standards.
• Prepare reporting and presentations for leadership, audit teams, and regulatory stakeholders.
• Drive security awareness and promote a culture of compliance and risk accountability across the organization.

Qualifications

• 7 years of experience in Information Security, IT Risk, Cybersecurity Compliance, or related disciplines.
• Previous leadership or team management experience required.
• Experience working within banking, financial services, or other highly regulated industries preferred.
• Strong understanding of security governance frameworks, risk management methodologies, and compliance standards.
• Hands-on or working knowledge of AWS cloud environments.
• Experience supporting or securing enterprise data platforms such as Snowflake.
• Exposure to AI governance, data governance, or emerging technology risk management initiatives is highly preferred.
• Familiarity with regulatory and audit requirements such as SOX, FFIEC, NIST, ISO 27001, SOC, or related frameworks.
• Strong communication skills with the ability to interact across technical and non-technical stakeholders.
• Bachelor’s degree in Information Security, Computer Science, MIS, or related field preferred.
• Relevant certifications such as CISSP, CISM, CRISC, or AWS certifications are a plus.