<p>The Information Security, Risk & Compliance Manager is responsible for developing, implementing, and maintaining FORTÉ's global information security and compliance program. This strategic, hands-on role ensures that the organization meets regulatory standards, manages enterprise risk, and responds to client audits. This individual will oversee internal security policy enforcement and serve as the organization's primary point of contact for privacy regulations, including GDPR.</p> <p>Cybersecurity Program Management</p> <ul> <li>Maintain and continuously improve FORTÉ's cybersecurity framework </li><li>Lead risk assessments, vulnerability analyses, and incident response procedures </li><li>Monitor and enhance internal controls to mitigate security risks </li></ul> <p>Regulatory Compliance and Risk</p> <ul> <li>Oversee compliance documentation and ensure internal audit readiness </li><li>Ensure adherence to SOC 2 Type II, ISO 27001, GDPR, and other applicable standards </li><li>Manage customer security questionnaires and third-party assessments </li><li>Maintain a formal risk register and lead organizational risk assessment initiatives </li></ul> <p>Privacy and Data Protection</p> <ul> <li>Serve as the primary contact for privacy regulations and compliance requirements </li><li>Implement and manage procedures for data classification, retention, and protection </li><li>Collaborate with Legal and HR teams on privacy incidents and data subject access requests </li></ul> <p>Disaster Recovery and Business Continuity</p> <ul> <li>Develop, test, and maintain disaster recovery and business continuity plans </li><li>Lead periodic tabletop exercises and drive executive-level readiness initiatives </li></ul> <p>QUALIFICATIONS:</p> <ul> <li>Bachelor's degree in information security, Computer Science, or a related field (or equivalent </li><li>experience). </li><li>5+ years of experience in cybersecurity, compliance, or IT risk management. </li><li>Familiarity with SOC 2 Type II, ISO 27001, NIST, and GDPR frameworks. </li><li>Hands-on experience with security technologies (e.g., SIEM, MFA, firewalls, endpoint </li><li>protection). </li><li>Professional certifications such as CISSP, CISM, CRISC, or CIPP preferred. </li><li>Strong strategic thinking and operational execution </li><li>Proven analytical and risk-based decision-making ability </li><li>Ability to manage cross-functional alignment and influence without authority </li><li>Self-starter able to work independently </li><li>Proficient with Microsoft Office Suite and other common enterprise platforms </li></ul>