IT Security Compliance and Assurance Manager

Basic Function

Wolters Kluwer Global Business Services (GBS) is designed to provide services to the business units in the areas of technology, sourcing, procurement, legal, finance, and human resources. These global centers promote team collaboration using best practices around a specific focus area to drive results and enhance operational efficiencies. There is a constant endeavor to benchmark against best-in-class industry standards to improve the quality of deliverables, increase cost savings, enhance productivity, and reduce time to market for products and applications.

We are looking for a detail-oriented, Compliance-driven, Team oriented, IT Security Manager to join our growing Cyber Technology Controls (CTC) team.

This role focuses on technology control assessments, audit coordination, regulatory compliance, and IT issue management. You will work closely with internal technology teams, external auditors, and business stakeholders to ensure compliance with the required regulations, standards and frameworks by leading critical IT control testing, audit, and assessment programs across various business units and products.

Essential Duties and Responsibilities

• Conduct compliance assessments by reviewing processes, policies, audit reports, security controls and evidence to advise on compliance outcomes, residual risk, and remediation strategies.
• Monitor and support internal and external audits, ensuring readiness for certification and regulatory validations.
• Monitor and assess security controls, finding / gaps, and recommending improvements.
• Help enforce compliance across industry frameworks such as AICPA SOC 2, ISO 27001/27701, PCI-DSS, NIST 800-53, HIPAA/HITRUST, FISMA and others.
• Prepare audit reports, track findings, and support corrective action/remediation plans.
• Champion/Drive security compliance and educate team members and stakeholders on the latest regulatory/industry security compliance requirements, controls, remediation strategies, tools and technologies.
• Work with the Policies and Standards team to communicate gaps, findings, and recommendations to strengthen and expand required control language.
• Exhibit strong judgement across testing, communication, and reporting to technical, non-technical, external and internal personnel across all IT Compliance and Audit topics and domains.
• Maintain up-to-date knowledge of compliance trends, versions, requirements, and best practices.
• Effective communication and reporting of Compliance for and from External Audits/Certifications.

Job Qualifications

Education:

Required: Bachelor’s degree in science, Computer Applications, Business Information Systems, Information Technology, or equivalent in related fields. Knowledge across any of the frameworks and regulations such as PCI-DSS, SSAE 18/SOC, ISO/IEC, HIPAA/HITRUST, NIST 800-53, NIST CSF, etc.

Preferred:

Certifications proving expertise in Information Security or certifications related to the above-mentioned frameworks, specially – Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified Cloud Security Professional (CCSP), MITRE, ISO Lead Auditor/Implementor or further that would complement the role.

Experience:  

• Minimum 12+ years’ experience in developing/contributing to industry standard compliance documentation, building relationships, conducting/facilitating audits, providing performance feedback while meeting stakeholders and client expectations.
• 8+ years of experience testing IT and Security controls across design and operating effectiveness.
• 6+ years of knowledge and experience of compliance and audit with all or any of SOC1, SOC2, SOX, HIPAA, ISO 27001, PCI DSS, Fed Ramp/State Ramp, etc.
• 6+ years as a Subject Matter Expert (SME); working with industry frameworks including ISO, NIST 800-53, NIST/CSF, etc.
• Strong written, verbal and presentation skills; including interactions with key stakeholders, internal executive management, external executive management, supervisors, and leaders.
• Experienced working in office and remote environments.  Independent, motivated self-starter with the ability to analyze requirements, compliance and related problems, think critically, problem solve, influence change.
• Strong experience in managing complex technical audits and assessments and driving them to successful outcomes within stringent deadlines.
• Excellent interpersonal skills, including the ability to work across a highly matrixed organization, interacting, influencing, and negotiating effectively with all levels of leadership and peers.
• Strong leadership skills and experience leading engagements, establishing budgets, developing work programs/plans, building relationships, mentoring staff, providing performance feedback, and monitoring workloads of team(s) while meeting stakeholder and client expectations.
• Experienced with security compliance services with ability to identify continuous improvement opportunities to drive control assessments and remediation mgmt.
• Knowledge of ITGC and demonstrated risk-based approach to information security.

Our Interview Practices

To maintain a fair and genuine hiring process, we kindly ask that all candidates participate in interviews without the assistance of AI tools or external prompts. Our interview process is designed to assess your individual skills, experiences, and communication style. We value authenticity and want to ensure we’re getting to know you—not a digital assistant. To help maintain this integrity, we ask to remove virtual backgrounds and include in-person interviews in our hiring process. Please note that use of AI-generated responses or third-party support during interviews will be grounds for disqualification from the recruitment process.

Applicants may be required to appear onsite at a Wolters Kluwer office as part of the recruitment process.