Compliance Manager

Are you ready to make an impact

West Monroe is seeking a Compliance Manager to join the internal Risk Compliance & Cybersecurity (RCC) team. This role is responsible for leading and modernizing the firms cybersecurity compliance and governance programs while leveraging automation AI capabilities and integrated GRC tooling to reduce manual effort and improve operational efficiency.

The Compliance Manager will work closely with IT security engineering legal and business stakeholders to ensure adherence to industry frameworks and client security expectations. A key focus of this role will be identifying creative ways to automate compliance processes integrate systems into the firms GRC platform and establish reliable sources of truth for audit evidence risk tracking and governance reporting.

This role will also oversee key security governance activities including incident response readiness annual tabletop exercises and security policy lifecycle management.

Qualifications

Candidates must demonstrate a strong understanding of cybersecurity governance compliance frameworks and enterprise risk management practices. The individual should be able to lead compliance initiatives while partnering with technical teams to ensure security controls are effectively implemented monitored and automated where possible.

The ideal candidate will have experience across a range of governance and compliance services including but not limited to:

• Security Compliance Frameworks (SOC 2 ISO 27001 NIST CIS Controls)
• Third-Party Risk Management and Vendor Security Assessments
• Client Security Questionnaires and Assurance Programs
• Security Policy Development and Governance Programs
• Audit Coordination and Evidence Management
• AI Governance and Emerging Compliance Frameworks (e.g. ISO 42001)
• Security Risk Assessments and Control Evaluations
• Compliance automation using GRC platforms and system integrations

Specific Skills Include But Are Not Limited To:

Enterprise Compliance Program Leadership

• Own and lead enterpriselevel cybersecurity compliance programs aligned to SOC 2 NIST CSF ISO 27001 CIS Controls and related frameworks.
• Define compliance strategy scope and roadmap while ensuring consistent execution across the organization.

Audit Management & Evidence Strategy

• Lead complex internal and external audits (e.g. SOC 2) serving as the primary point of contact for auditors.
• Define audit scope manage timelines and implement scalable evidence management practices that improve audit readiness and reduce disruption.

ThirdParty Risk Management

• Lead vendor and thirdparty security risk management programs including due diligence assessments ongoing monitoring remediation tracking and risk reporting.
• Ensure thirdparty risk processes align with enterprise security and compliance requirements.

Client Security Assurance & Due Diligence

• Oversee responses to client security questionnaires assessments and assurance requests.
• Partner with legal sales and delivery teams to ensure responses are accurate consistent and aligned with the firms security posture.

Risk Management & Control Oversight

• Identify assess and track cybersecurity risks using risk registers and structured remediation plans.
• Partner with technical teams to ensure risks ar addressed through effective and measurable control implementations.

Policy & Governance Lifecycle Management

• Develop maintain and continuously improve security policies standards and procedures.
• Ensure governance documentation aligns with regulatory expectations audit requirements and operational practices.

Incident Response Governance

• Maintain and mature incident response governance including annual tabletop exercises readiness assessments and postincident lessons learned.
• Ensure response procedures are documented tested and continuously improved.

Leadership Influence & Communication

• Mentor and coach team members supporting skill development performance management and knowledge growth.
• Communicate complex security and risk concepts effectively to senior leadership technical teams and business stakeholders.

Program Metrics & Executive Reporting

• Develop dashboards and reports that provide leadership visibility into compliance posture automation maturity audit readiness and risk exposure.
• Use metrics to inform decisionmaking and drive continuous improvement.

Compliance Automation & GRC Enablement

• Drive compliance automation initiatives using enterprise GRC platforms (e.g. Drata ServiceNow GRC) with a focus on reducing manual effort and improving audit readiness.
• Design and implement integrations across security and business systems (e.g. IAM endpoint cloud ticketing) to automate evidence collection control validation risk tracking and reporting establishing the GRC platform as a single source of truth.
• Identify and eliminate manual compliance tasks by leveraging automation scripting and AI-driven workflows including:
  • Client questionnaire pre-population and consistency
  • Policy generation and updates
  • Evidence mapping and control alignment across frameworks
  • Risk identification and summarization
• Build continuous control monitoring by integrating telemetry from security tools to enable real-time evidence collection and reduce point-in-time audit efforts.
• Standardize and automate workflows (e.g. API-based evidence collection task routing via ServiceNow/Jira) to minimize manual follow-ups and improve efficiency.
• Partner with engineering teams to integrate new tools into the compliance ecosystem and continuously improve processes with a goal of reducing audit effort increasing accuracy and scaling the program efficiently.

Requirements

• 8 years of experience in cybersecurity governance risk management or compliance roles with demonstrated ownership of enterpriselevel programs
• Proven experience leading and scaling compliance programs aligned to frameworks such as SOC 2 NIST ISO 27001 and CIS Controls
• Extensive experience managing complex internal and external audits including direct engagement with auditors and scope management
• Experience overseeing client security questionnaires due diligence responses and assurance activities including coordination with legal sales and delivery teams
• Strong background in thirdparty risk management including vendor security assessments ongoing monitoring and remediation tracking
• Handson experience with enterprise GRC platforms (e.g. Drata ServiceNow GRC or similar) including configuration optimization and integrations
• Demonstrated success driving compliance automation and system integrations to reduce manual effort and improve audit readiness
• Experience managing or mentoring team members including coaching knowledge development and performance feedback
• Strong communication skills with the ability to influence senior stakeholders and translate security and risk concepts to technical and business audiences
• Excellent organizational prioritization and program management skills in complex crossfunctional environments

Preferences

• Bachelors degree in Cybersecurity Information Systems Computer Science or a related technical field
• 8 years of experience in cybersecurity governance risk management or compliance roles with ownership of enterprisescale programs
• Prior experience in consulting or professional services environments supporting multiple stakeholders and competing priorities
• Handson experience implementing and optimizing compliance programs using enterprise GRC platforms and automation capabilities
• Demonstrated success driving compliance automation system integrations and process maturity improvements
• Familiarity with AI governance concepts and emerging frameworks (e.g. ISO 42001)
• Industry certifications such as CISSP CISA CRISC or CISM

Other consultancies talk at you.
At West Monroe we work with you.

Were a global business and technology consulting firm passionate about creating measurable value for our clients delivering real-world solutions.

The combination of business and technology is not new but how we bring them together is unique. Were fluent in both. We know that technology alone is not the answer but how we apply it is. We rely on data to constantly adapt and solve new challenges. Actions that work today with outcomes that generate value for years to come.

At West Monroe we zero in on the heart of the opportunity getting to results faster and preparing people for whats next.

Youll feel the difference in how we work. We show up personally. Were right there in the room with you co-creating through the challenges. With West Monroe collaboration isnt a lofty promise but a daily action. We work together with you to turn vision into clear action with lasting impact.

West Monroeis an Equal Employment Opportunity Employer
We believe in treating each employee and applicant for employment fairly and with dignity. We base our employment decisions on merit experience and potential without regard to race color national origin sex sexual orientation gender identity marital status age religion disability veteran status or any other characteristic prohibited by federal state or local law. To learn more about diversity equity and inclusion at West Monroe visit If you require a reasonable accommodation to participate in our recruiting process please inquire by sending an email to .

Please review our current policy regarding use of generative artificial intelligence during the application process.

If you are based in California we encourage you to read West Monroes Notice at Collection for California residents provided pursuant to the California Consumer Privacy Act (CCPA) and linkedhere.