Compliance Manager

West Monroe is seeking a Compliance Manager to join the internal Risk, Compliance & Cybersecurity (RCC) team. This role is responsible for leading and modernizing the firm’s cybersecurity compliance and governance programs while leveraging automation, AI capabilities, and integrated GRC tooling to reduce manual effort and improve operational efficiency. The Compliance Manager will work closely with IT, security engineering, legal, and business stakeholders to ensure adherence to industry frameworks and client security expectations. A key focus of this role will be identifying creative ways to automate compliance processes, integrate systems into the firm’s GRC platform, and establish reliable sources of truth for audit evidence, risk tracking, and governance reporting. This role will also oversee key security governance activities including incident response readiness, annual tabletop exercises, and security policy lifecycle management. Qualifications Candidates must demonstrate a strong understanding of cybersecurity governance, compliance frameworks, and enterprise risk management practices. The individual should be able to lead compliance initiatives while partnering with technical teams to ensure security controls are effectively implemented, monitored, and automated where possible. The ideal candidate will have experience across a range of governance and compliance services, including but not limited to: Security Compliance Frameworks (SOC 2, ISO 27001, NIST, CIS Controls) Third-Party Risk Management and Vendor Security Assessments Client Security Questionnaires and Assurance Programs Security Policy Development and Governance Programs Audit Coordination and Evidence Management AI Governance and Emerging Compliance Frameworks (e.g., ISO 42001) Security Risk Assessments and Control Evaluations Compliance automation using GRC platforms and system integrations Specific Skills Enterprise Compliance Program Leadership Own and lead enterprise‑level cybersecurity compliance programs aligned to SOC 2, NIST CSF, ISO 27001, CIS Controls, and related frameworks. Define compliance strategy, scope, and roadmap while ensuring consistent execution across the organization. Audit Management & Evidence Strategy Lead complex internal and external audits (e.g., SOC 2), serving as the primary point of contact for auditors. Define audit scope, manage timelines, and implement scalable evidence management practices that improve audit readiness and reduce disruption. Third Party Risk Management Lead vendor and third‑party security risk management programs, including due diligence assessments, ongoing monitoring, remediation tracking, and risk reporting. Ensure third‑party risk processes align with enterprise security and compliance requirements. Client Security Assurance & Due Diligence Oversee responses to client security questionnaires, assessments, and assurance requests. Partner with legal, sales, and delivery teams to ensure responses are accurate, consistent, and aligned with the firm’s security posture. Risk Management & Control Oversight Identify, assess, and track cybersecurity risks using risk registers and structured remediation plans. Partner with technical teams to ensure risks are addressed through effective and measurable control implementations. Policy & Governance Lifecycle Management Develop, maintain, and continuously improve security policies, standards, and procedures. Ensure governance documentation aligns with regulatory expectations, audit requirements, and operational practices. Incident Response Governance Maintain and mature incident response governance, including annual tabletop exercises, readiness assessments, and post‑incident lessons learned. Ensure response procedures are documented, tested, and continuously improved. Leadership, Influence & Communication Mentor and coach team members, supporting skill development, performance management, and knowledge growth. Communicate complex security and risk concepts effectively to senior leadership, technical teams, and business stakeholders. Program Metrics & Executive Reporting Develop dashboards and reports that provide leadership visibility into compliance posture, automation maturity, audit readiness, and risk exposure. Use metrics to inform decision‑making and drive continuous improvement. Compliance Automation & GRC Enablement Drive compliance automation initiatives using enterprise GRC platforms (e.g., Drata, ServiceNow GRC), with a focus on reducing manual effort and improving audit readiness. Design and implement integrations across security and business systems (e.g., IAM, endpoint, cloud, ticketing) to automate evidence collection, control validation, risk tracking, and reporting, establishing the GRC platform as a single source of truth. Identify and eliminate manual compliance tasks by leveraging automation, scripting, and AI‑driven workflows, including: Client questionnaire pre-population and consistency Policy generation and updates Evidence mapping and control alignment across frameworks Risk identification and summarization Build continuous control monitoring by integrating telemetry from security tools to enable real‑time evidence collection and reduce point‑in‑time audit efforts. Standardize and automate workflows (e.g., API‑based evidence collection, task routing via ServiceNow/Jira) to minimize manual follow‑ups and improve efficiency. Partner with engineering teams to integrate new tools into the compliance ecosystem and continuously improve processes, with a goal of reducing audit effort, increasing accuracy, and scaling the program efficiently. Requirements 8+ years of experience in cybersecurity governance, risk management, or compliance roles, with demonstrated ownership of enterprise‑level programs Proven experience leading and scaling compliance programs aligned to frameworks such as SOC 2, NIST, ISO 27001, and CIS Controls Extensive experience managing complex internal and external audits, including direct engagement with auditors and scope management Experience overseeing client security questionnaires, due diligence responses, and assurance activities, including coordination with legal, sales, and delivery teams Strong background in third‑party risk management, including vendor security assessments, ongoing monitoring, and remediation tracking Hands‑on experience with enterprise GRC platforms (e.g., Drata, ServiceNow GRC, or similar), including configuration, optimization, and integrations Demonstrated success driving compliance automation and system integrations to reduce manual effort and improve audit readiness Experience managing or mentoring team members, including coaching, knowledge development, and performance feedback Strong communication skills with the ability to influence senior stakeholders and translate security and risk concepts to technical and business audiences Excellent organizational, prioritization, and program management skills in complex, cross‑functional environments Preferences Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or a related technical field 8+ years of experience in cybersecurity governance, risk management, or compliance roles with ownership of enterprise‑scale programs Prior experience in consulting or professional services environments, supporting multiple stakeholders and competing priorities Hands‑on experience implementing and optimizing compliance programs using enterprise GRC platforms and automation capabilities Demonstrated success driving compliance automation, system integrations, and process maturity improvements Familiarity with AI governance concepts and emerging frameworks (e.g., ISO 42001) Industry certifications such as CISSP, CISA, CRISC, or CISM Benefits Employees (and their families) are covered by medical, dental, vision, and basic life insurance. Employees are able to enroll in our company’s 401k plan, purchase shares from our employee stock ownership program and be eligible to receive annual bonuses. Employees will also receive unlimited flexible time off and ten paid holidays throughout the calendar year. Eligibility for ten weeks of paid parental leave will also be available upon hire date. Compensation Seattle or Washington, D.C.: $161,300—$189,700 USD Los Angeles: $169,000—$198,800 USD New York City or San Francisco: $176,600—$207,800 USD A location not listed above: $153,600—$180,700 USD Equal Employment Opportunity West Monroe is an Equal Employment Opportunity Employer. We believe in treating each employee and applicant for employment fairly and with dignity. We base our employment decisions on merit, experience, and potential, without regard to race, color, national origin, sex, sexual orientation, gender identity, marital status, age, religion, disability, veteran status, or any other characteristic prohibited by federal, state or local law. To learn more about diversity, equity and inclusion at West Monroe, visit If you require a reasonable accommodation to participate in our recruiting process, please inquire by sending an email to View email address on click.appcast.io. #J-18808-Ljbffr