Sr. Manager of Information Risk and Controls

Senior Manager, Information Risk & Controls
Long-term Contract
Midtown Atlanta, GA

About the Role
We are looking for a Senior Manager of Information Risk & Controls to help strengthen and evolve our firm’s risk management and control framework. In this role, you will support the Director of IT Security Governance, Risk & Compliance by overseeing and enhancing second‑line risk activities while helping improve how the first line manages information risks and controls.

You’ll work closely with IT subject matter experts across the organization to build, implement, and maintain cross‑functional information risk frameworks, governance processes, and control standards.

What You’ll Do

Framework Development & Execution

• Build and implement a comprehensive information risk and control framework that enhances second‑line oversight across information security, data governance, and technology risk.

IT Risk Assessment Leadership

• Lead assessments focused on technology, cybersecurity, data, and privacy risks—including those tied to infrastructure, cloud environments, data governance, and data quality.
• Identify, evaluate, and guide mitigation of key risks.

Reporting & Metrics

• Prepare and deliver reporting on IT and cyber risks, KRIs, and KPIs for the CIO, senior leadership, and Board committees.
• Provide insights on emerging threats, vulnerabilities, regulatory updates, and audit findings.

Collaboration & Oversight

• Partner closely with first‑line technology teams to strengthen the control environment.
• Collaborate with Internal Audit, Compliance, and Enterprise Risk Management to review, challenge, and improve risk and control processes.
• Provide independent second‑line oversight and challenge where needed.

Policy & Governance

• Lead updates and execution of risk management policies, procedures, and governance structures.
• Ensure alignment with regulatory expectations and regional requirements.

Risk & Control Awareness

• Promote a strong risk culture through training, education, and awareness initiatives across the organization.

Leadership & Influence

• Provide strategic thought leadership and help drive continuous improvement.
• Engage with senior stakeholders to share meaningful insights and recommendations on the evolving risk landscape.

What You Bring

Experience & Expertise

• 7–10 years of experience in risk and controls, including at least 5 years leading risk management across lines of defense within financial services or global consulting.
• Strong understanding of technology, data governance, cybersecurity, core IT principles, and control frameworks.
• Proven experience with risk aggregation, challenge, remediation oversight, and IT governance.

Framework & Regulatory Knowledge

• Familiarity with frameworks such as FFIEC, NIST CSF, COBIT, COSO, ISO 27001, and FHFA supervisory guidance.
• Hands‑on experience designing and implementing risk and control frameworks.

Skills & Capabilities

• Excellent communication skills, with the ability to influence, build consensus, and present data‑driven insights.
• Strong analytical and problem‑solving abilities; able to identify patterns, investigate root causes, and recommend solutions.
• Comfortable working in a complex, matrixed environment with varied stakeholders.
• Team‑oriented leadership style with the confidence to navigate challenging situations diplomatically.

Preferred Background

• Experience in asset management or broader financial services.
• Bachelor’s degree required; MBA or master’s degree preferred.

Certifications (One or more preferred)

• • CRISC, CISSP, CISA, CISM, CIPP, or related certifications.