Manager, Information Security Compliance & Risk

Boston, MA

Overview

An international economics consulting firm is seeking Manager, Information Security Compliance & Risk to join its Boston office.

The Manager, Information Security Compliance and Risk is responsible for leading the firm’s Governance, Risk, and Compliance (GRC) program, including regulatory compliance, enterprise risk management, and assurance activities that support client requirements and regulatory obligations.

This role also serves as the primary owner of Information Security AI governance, ensuring that the firm’s use of AI and machine learning technologies aligns with security, privacy, regulatory, and client expectations.

The role manages a team of three Information Security Analysts and owns SOC 2 and ISO 27001 certification programs, while partnering closely with Legal, Compliance, Privacy, IT, and Security Engineering and Operations to ensure effective control design, evidence collection, risk management, and continuous improvement.

Key Responsibilities

Governance and Compliance Leadership

  • Own and maintain the firm’s information security governance framework, including policies, standards, and procedures.
  • Lead annual SOC 2 and ISO 27001 audit cycles, including audit readiness, evidence coordination, and remediation tracking.
  • Ensure ongoing compliance with client, regulatory, and contractual information security requirements.
  • Manage policy exceptions, risk acceptances, and documentation of compensating controls.

Regulatory Authorization and Assurance

  • Lead the renewal and ongoing maintenance of government and client security authorizations, attestations, and approvals required for regulated engagements.
  • Coordinate cross-functional evidence collection and control validation to support authorization renewals and periodic reassessments.
  • Track authorization requirements, renewal timelines, and control changes to ensure continuous eligibility for regulated work.

AI Security Governance

  • Lead the Information Security AI governance program, ensuring secure, responsible, and compliant use of AI technologies across the firm.
  • Partner with Legal, Privacy, Compliance, and business stakeholders to define and maintain AI security requirements, risk assessments, and usage standards.
  • Establish and maintain security controls for AI-enabled tools, including data handling, access controls, model usage restrictions, and third-party AI risk.
  • Support client and regulatory inquiries related to AI security posture and governance practices.
  • Track emerging AI-related regulatory and security requirements and assess their impact on firm policies and controls.

Risk Management

  • Maintain and mature the enterprise information security risk register.
  • Facilitate periodic risk assessments, including risks associated with AI usage, data processing, and third-party technologies.
  • Develop and report meaningful risk metrics and dashboards for leadership review.
  • Translate technical and operational risks into clear business-impact language.

Third-Party and Emerging Risk Governance

  • Oversee third-party security risk management in partnership with Legal.
  • Lead structured reviews of vendor security posture, including AI and SaaS providers.
  • Track remediation plans and ongoing monitoring of third-party and AI-related risks.

Audit and Assurance Coordination

  • Serve as the primary liaison for internal and external audits related to information security.
  • Coordinate evidence collection across IT, Security Engineering, Privacy, and business stakeholders.
  • Track findings, corrective actions, and continuous improvement initiatives.

Team Leadership

  • Directly manage three Information Security Analysts.
  • Set priorities, provide mentorship, and support professional development.
  • Establish consistent processes, documentation standards, and performance expectations across the GRC function.

Cross-Functional Collaboration

  • Partner closely with Security Engineering and Operations to align governance requirements with technical controls.
  • Work with Legal, Compliance, Privacy, and Data Science teams on regulatory interpretation and AI governance requirements.
  • Support client security inquiries, assessments, and due diligence requests.

Expected Outcomes

  • Sustained audit readiness for SOC 2 and ISO 27001 with minimal disruption.
  • Clear, measurable visibility into information security and AI-related risk posture.
  • Consistent, scalable governance processes supporting firm growth and responsible AI adoption.
  • Strong alignment between governance requirements and operational security controls.

Skills, Knowledge & Experience

  • Bachelor’s degree required; degree in information security, risk management, or a related field preferred.
  • 7 to 10 years of experience in information security, GRC, audit, or risk management required.
  • Prior experience managing SOC 2 and or ISO 27001 programs required.
  • Demonstrated people management or team leadership experience.
  • Professional certifications such as CISSP, CISM, CRISC, CGRC, or ISO 27001 Lead Implementer or Auditor.
  • Experience with GRC platforms and risk management tooling.
  • Experience supporting AI governance, data governance, or emerging technology risk programs.
  • Experience supporting client-driven security assessments in a professional services environment.
  • An inclusive and growth-oriented mindset, strong interpersonal skills, and an ability to work across differences.
  • To the extent permitted by applicable law, eligible candidates must be authorized to work in the United States without sponsorship or restriction, now and in the future.

Company Benefits

The firm offers competitive compensation and a comprehensive benefits package. The estimated salary range for this position is $175,000–$200,000. Compensation offered will be based on a number of factors including work experience, education, and skill level. This role is eligible for a discretionary annual bonus that is determined in large part by individual performance.

Posted 2026-05-28

Recommended Jobs

Outreach Van Relief Counselor, Overnight

Pine Street Inn
Boston, MA

Job Description Job Description Description: SCHEDULE: On call as needed, 8:30 p.m. – 5:00 a.m. Pays $21.40 - $30.00 per hour (Salary ranges provided are based on relevant experience and…

View Details
Posted 2026-06-26

Dentist

Family Dental Group of Gardner
Gardner, MA

Job Description Job Description Summary We are seeking a skilled and experienced Dentist to join the team at our busy practice. This position would be for two of our locations. The ideal can…

View Details
Posted 2026-03-29

Drama FUNdamentals Teacher

The Park School
Brookline, MA

Job Description Job Description Job Responsibilities:    Teach classes classes focused in drama skill building: warm ups/games, acting tools, character development, improv, team building, des…

View Details
Posted 2026-06-22

P/T Retail Store Associate

adidas
Somerville, MA

At adidas we have been challenging the status quo for over 70 years and we’re not done yet. We are calling all Store Associates who don’t accept what “was” or what “is,” but those who want to create…

View Details
Posted 2026-01-26

Electronics Technician I

Automation Solutions Inc
Franklin, MA

Job Description Job Description Wire and build electrical control panels, junction boxes and subassemblies per customer requirement. Read and interpret schematics, diagrams, blueprints, spec…

View Details
Posted 2026-06-20

Sr. Software Engineer - Analytics

Hatch IT
Somerville, MA

Job Description Job Description hatch I.T. is partnering with Babel Street to find a Sr. Software Engineer - Analytics . Please see details below: About the Role Babel Street is looking f…

View Details
Posted 2026-06-22

Recruiter, Technology

Boston, MA

Kforce is a solutions firm specializing in technology, finance & accounting, and professional staffing services. Each year, we help more than 30,000 people find work. We partner with more than 3,000 c…

View Details
Posted 2026-05-29

Site Manager - Part Time

Springwell
Hudson, MA

Make a difference with your mornings! Community Nutrition Program seeks a Part-Time Dining Site Manager in Northborough and Hudson to help run our community dining program for older adults. This pr…

View Details
Posted 2026-01-02