IT Compliance Manager — Remote, SOX & SOC 2 Expert

Our company culture is rooted in collaboration, expertise, and innovation. We aim to promote progress and inspire our clients, employees, investors, and communities to achieve their greatest potential. We enable possibility. As the Manager, IT Compliance, you will work closely with the CISO and Director of IT Security to manage, lead, and deliver the compliance function. You will be the main point of contact for all IT Compliance activities, including leading and coordinating IT control assessment activities (SOX, SOC 2, etc.) and customer information security due diligence reviews. Responsibilities Work with IT process owners to identify, improve, and document detailed controls for key application, security, and infrastructure components. Provide ongoing organization-wide guidance on IT control requirements and impact. Facilitate requests between control owners and internal/external audit teams and serve as the primary contact for audit engagements. Manage and report on IT control gaps, track issues to completion, and provide recommendations for improvements. Lead the design and implementation of efficient and effective controls within the organization. Participate in data privacy governance activities such as data mapping and data privacy assessments. Manage the response to IT-related customer security assessments. Proactively identify IT control gaps with a focus on automating control reviews wherever possible. Manage the access recertification process. Required Qualifications 5+ years of combined experience in Information Systems audit, IT security, IT governance, IT risk, and IT compliance. In-depth knowledge of Sarbanes‑Oxley, PCI‑DSS, ISO 27001, SOC 2, and NYDFS Cybersecurity Regulation. Working knowledge of Windows operating systems and Active Directory security, including users and groups, Group Policy, domain structures, and security auditing. Working knowledge of agile development methodology. Working knowledge of DevOps practices and technologies. Desire to measure and continuously improve across all areas and facets. Demonstrated ability to balance short‑term tactical wins with long‑term strategic solutions. Transformative mindset and experience as a change agent. Preferred Qualifications 8+ years of combined experience in Information Systems audit, IT security, IT risk, and IT compliance. Certifications such as CISSP, CISA, CISM, or CCSK. Excellent oral and written communication skills with the ability to convey technical concepts to both technical and non‑technical audiences. Ability to build relationships and influence colleagues at all levels, uncover business issues, and identify needs. Experience in a highly regulated industry, such as insurance or financial services. Knowledge of SQL, Python, and PowerShell scripting. Environment & Physical Factors Raleigh or Remote work with the ability to travel to the main office quarterly for key meetings. Travel within the U.S. up to 10‑20% of the time. Incumbent may be asked to perform other duties as required. Compensation Salary DOE; base salary range $90,000–$130,000 per year. Total compensation (base salary, short‑ and long‑term incentives) will be determined based on location, role responsibilities, qualifications, and business needs. Full benefits package available, including multiple medical plans plus dental, vision, and prescription drug coverage; 401(k) with generous matching; PTO starting at 20 days per year; up to 12 paid company holidays per year; 2 paid days of Volunteer Time Off; basic life and AD&D insurance; short- and long-term disability; paid parental leave up to 10 weeks; student loan assistance and tuition reimbursement; backup child and elder care; and more. #J-18808-Ljbffr Arch Insurance Group Inc.