Manager IT Compliance

Location: Bethpage, NY, US, 11714 Brand: Optimum Requisition #: 11821 Job Summary The ManagerIT Compliance will oversee and manage our company’s SOX, PCI, AI governance, and related IT governance, risk, and compliance obligations. The ideal candidate will have a mixture of security, risk management, AI governance, and IT compliance skills with a history of managing and delivering complex compliance projects on time and within budget. This role will supervise multiple teams of compliance specialists and act as a central point of contact for the organization for all compliance matters. Responsibilities Provide leadership, guidance and direction to the Security & IT Compliance team and related stakeholders Act as a central contact person for the organization for all matters related to Security & IT Compliance Define and maintain the Security & IT Compliance framework for the various IT Compliance disciplines including people, process and technologies needed to maintain compliance Design, specify, implement, and monitor internal controls which help to ensure that AUSA is compliant with relevant laws and regulations, internal policies and standards, and other requirements Evaluate IT controls and drive the remediation of control weaknesses, communicate to respective compliance stakeholders Supervise the performance of risk assessments, self-audits and establish performance metrics against control-related policies and procedures Provide recommendations for meeting compliance requirements and manage any exceptions to closure Develop and deliver multi-faceted training/awareness programs to teach staff the importance of compliance, and the ways in which compliance is maintained with laws and regulations, internal policies and standards and other requirements Maintain an up-to-date and thorough understanding of all requirements which AUSA must comply, including laws and regulations, contractual commitments, internal policies and procedures Provide oversight to compliance activities when interacting with third parties/vendors. Review contractual agreements, ensuring IT compliance adherence is stipulated Prepare/perform/approve performance evaluations and development plans; Interview/approve personnel for hire Manage vendor relationships, ensures the vendors are responsive to company needs Negotiate with legal on all contracts, statements of work and maintenance agreements to ensure compliance Participate in budget planning and analysis Lead the design and operation of the company’s AI governance and compliance program, aligning controls and policies with recognized frameworks such as the NIST AI Risk Management Framework (AI RMF), ISO/IEC 42001, and applicable AI-related regulations Perform compliance and risk assessments of internal and third-party AI/ML use cases – including generative and agentic AI – evaluating data privacy, security, bias, model transparency, and regulatory exposure prior to deployment Maintain the enterprise AI inventory and the accompanying policies, standards, and acceptable-use guidelines that govern responsible adoption of AI across the organization Partner with Legal, Privacy, Data Science, Engineering, and the AI Governance Committee (or equivalent forum) to operationalize responsible AI principles within existing GRC, change-management, and SDLC processes Drive automation of evidence collection, control testing, and continuous controls monitoring through modern GRC platforms (e.g., Archer, Vanta, Drata, AuditBoard) to reduce manual effort and audit fatigue across control owners Develop and report compliance KPIs, control health dashboards, and AI-risk indicators to senior leadership, audit committee stakeholders, and external auditors Monitor the evolving regulatory and standards landscape (SEC cybersecurity disclosure rules, state and federal AI legislation, EU AI Act, sector-specific telecom obligations) and translate emerging requirements into actionable controls and roadmap items Qualifications A bachelor’s degree in Information Technology, Computer Science, or related fields. 10+ years of experience in cybersecurity, IT compliance, or auditing, particularly in PCI and Sarbanes-Oxley (SOX) regulations 3+ years of direct leadership experience (ideally in a matrix environment), as well as managing external resources Strong communication, project management, and team collaboration skills are essential for working across departments and with auditors Knowledge of IT general controls (ITGC), access management, change management, and system development. Familiarity with security and compliance frameworks (e.g., SOC 1, SOC 2, ISO 27001) is essential Experience in assessing and managing IT-related risks that impact financial reporting and auditing Ability to design, implement, and monitor compliance programs, ensuring that IT systems and controls meet SOX and PCI regulatory requirements An in-depth understanding of process governance, risk and compliance discipline. Knowledge of the latest trends in the management of Security & IT Compliance Working knowledge of AI risk and governance frameworks (NIST AI RMF, ISO/IEC 42001, OWASP AI Security & Privacy Guide, MITRE ATLAS) and the ability to translate them into auditable controls within an enterprise GRC program Hands‑on experience with GRC tooling for control testing, evidence management, policy lifecycle, and continuous compliance monitoring (e.g., Archer, ServiceNow GRC, Vanta, Drata, AuditBoard, MetricStream) Familiarity with data‑privacy and AI‑related regulations (GDPR, CCPA/CPRA, state‑level AI laws, EU AI Act) and the ability to translate them into operational controls and vendor‑management requirements Ability to organize, plan, execute and supervise multiple major projects with minimal supervision Excellent communication and interpersonal skills Preferred Qualifications Experience leading AI‑specific vendor risk reviews, building AI control catalogs, or operating an AI Governance Committee is strongly preferred Additional GRC and AI‑governance certifications such as CGRC, CGEIT, IAPP AI Governance Professional (AIGP), or ISO/IEC 42001 Lead Implementer are highly desirable Experience operating within a telecom, media, or other highly regulated industry, including familiarity with CPNI, FCC, and customer‑data obligations, is a plus Security certifications such as CISSP, CISM, CISA, and CRISC are a plus A current PCI ISA or QSA certification and recent experience is highly desirable Technical conference participation, paper submissions, and public presentations Pay is competitive and based on a number of job‑related factors, including skills and experience. The starting pay rate/range at time of hire for this position in the posted location is $123,379.00 - $202,694.00 / year. The rate/range provided herein is the anticipated pay at the time of hire and does not reflect future job opportunity. Applicants must be authorized to work for ANY employer in the U.S. Please note that at this time, we do not provide visa sponsorship for employment. We are an Equal Opportunity Employer committed to recruiting, hiring and promoting qualified people of all backgrounds regardless of gender, race, color, creed, national origin, religion, age, marital status, pregnancy, physical or mental disability, sexual orientation, gender identity, military or veteran status, or any other basis protected by federal, state, or local law. #J-18808-Ljbffr Optimum