IT Compliance & Audit Manager

Manager (IT) Compliance & Audit

The ZS IT Governance, Risk & Compliance (GRC) team is a global function that plays a critical role in aligning with ZS' business strategy and operating model. The team's mission is to empower ZS' 13,000+ employees and their clients with the tools, insights, and frameworks needed to effectively manage operational risk and meet compliance requirements in an increasingly complex regulatory landscape.

The GRC team is responsible for ensuring that ZS maintains the highest standards of compliance by managing a diverse portfolio of certifications and audits across multiple domains, including Information Security, Privacy, and Environmental, Social & Governance (ESG). The team's scope of work includes maintaining compliance with industry-recognized standards such as ISO 27001, ISO 27701, ISO 27017, HITRUST, SOC 2, SOC 3, and ESG, providing comprehensive oversight on risk management, security, and privacy practices.

By offering independent assurance to both internal stakeholders and external parties, the GRC team ensures that ZS consistently adheres to globally established compliance frameworks, controls, policies, and industry standards. This stewardship strengthens ZS' ability to mitigate risks, meet client and regulatory expectations, and uphold its reputation as a trusted partner across industries.

Additionally, the GRC team fosters continuous improvement, not only by responding to evolving regulations but by driving proactive initiatives that embed a culture of compliance and risk awareness throughout ZS operations. This holistic approach helps safeguard ZS assets, data, and relationships in a fast-paced and increasingly interconnected business environment.

Manager (IT) Compliance & Audit

The Manager, IT Compliance & Audit will be a seasoned leader in the information security compliance domain, driving projects related to critical certifications like ISO 27001, ISO 27701, ISO 27017, HITRUST, SOC 2, SOC 3, and others. The individual will play a pivotal role in managing and ensuring compliance with regulatory and operational security standards while collaborating with various stakeholders, including the CISO, CRO, DPO, Head of Cloud Engineering, IT Stakeholders, and other senior leaders. The role requires hands-on technical and functional expertise, along with the ability to manage and develop teams, oversee compliance programs, and report to leadership committees.

Key Responsibilities:

Compliance & Audit Management:

• Lead and manage the implementation, maintenance, and certification processes for ISO 27001, 27701, 27017, HITRUST, SOC 2, SOC 3, and similar standards.
• Oversee and manage internal and external audits, identifying gaps, and ensuring timely closure of audit findings.
• Collaborate with cross-functional teams, including IT, security, legal, and risk management, to ensure alignment on security compliance initiatives.
• Drive continuous improvement initiatives to enhance compliance posture, developing and enforcing security policies, procedures, and controls.

Stakeholder Collaboration & Communication:

• Act as the primary liaison between teams and external auditors, certification bodies, and regulators.
• Build and maintain strong working with key stakeholders, including the CISO, CRO, DPO, Head of Cloud Engineering, IT, and legal teams, to ensure compliance objectives are met.
• Provide expert advice on compliance issues and support various departments with technical and policy-driven .

• People Management & Leadership:
• Lead, mentor, and develop a team of professionals, fostering a high-performance culture.
• Manage team workload, project , and career development, ensuring that the team is up-to-date with industry standards and compliance practices.
• Oversee team training programs to ensure sharing and skills development in compliance and audit.

• Project Management & Reporting:
• Lead compliance projects, including forecasting, resource planning, and reporting progress to leadership committees.
• Develop project timelines, track, and ensure timely delivery of compliance and audit activities.
• Provide regular reports and updates to management, including dashboards and key performance indicators (KPIs) to assess the organizations compliance and risk posture.
• Collaborate with internal teams to ensure smooth integration of compliance requirements into new and existing technologies, including AI, cloud services, and data privacy technologies.

Strategic Planning & Operational Compliance:

• Contribute to the development of the organizations broader compliance strategy, aligning with industry trends and emerging regulations.
• Proactively identify potential risks and vulnerabilities and develop risk mitigation strategies.
• Lead operational compliance efforts across various functions, ensuring comprehensive coverage of security, privacy, and data protection requirements.

Qualifications & Experience:

• Bachelors degree in computer science, Information Technology, Cybersecurity, or a related field. A masters degree or MBA is preferred.
• Minimum 10-12 years of experience in IT compliance, audit, and information security, with specific experience managing ISO 27001, ISO 27701, ISO 27017, HITRUST, SOC 2, SOC 3, and related certifications.
• Proven track record of managing compliance programs and leading audits across large, complex organizations.
• Strong leadership and people management experience, with a demonstrated ability to lead, develop, and motivate high-performing teams.
• Excellent project management skills with the ability to manage budgets, forecasts, timelines, and complex stakeholder requirements.
• Deep understanding of cloud security (Azure, AWS, GCP) and privacy standards, with experience working with cloud engineering and DevSecOps teams.
• Strong problem-solving skills with the ability to influence and engage with C-level executives and senior stakeholders.

Certifications (Preferred):

• CISA (Certified Information Systems Auditor)
• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager)
• ISO 27001 Lead Auditor/Lead Implementer
• HITRUST Certified CSF Practitioner
• Certified Cloud Security Professional (CCSP)
• PMP (Project Management Professional) or equivalent certification

Skills:

• Strong technical knowledge in information security standards and frameworks.
• Exceptional communication and presentation skills, with the ability to articulate complex compliance issues to technical and non-technical audiences.
• Experience with AI and its implications n compliance, security, and data privacy will be an advantage.
• Proficiency in GRC (Governance, Risk, and Compliance) tools and software.

Why Join Us?

ZS is a global consulting firm; fluency in English is required. Candidates must possess work authorization for their intended country of employment. An on-line application, including a cover letter expressing interest and a full set of transcripts (official or unofficial), is required to be considered.

ZS offers a competitive compensation package with salary and bonus incentives, plus an attractive benefits package.

• Opportunity to lead and shape the compliance landscape of a forward-thinking organization.
• Work with cutting-edge technologies in a collaborative, dynamic environment.
• Competitive compensation and benefits package.