Senior Manager of Risk and Compliance
Company: Sorenson
Location: Salt Lake City
Posted on: February 19, 2026
|
|
|
Job Description:
Job Description Job Description Essential Duties and
Responsibilities Designs and leads the information security risk
assessment strategy, methodology, and process. Coordinates the
execution of enterprise-wide information security risk assessments,
including the reporting and oversight of risk treatment plans to
address findings. Oversees all internal control management
functions including design, implementation, continuous monitoring,
and reporting of security and IT General Controls. Perform internal
control reviews, gap assessments, and documentation of compliance
with applicable security and privacy regulations (e.g. HIPAA, SOC
2, NIST, ISO 27001) Oversee the development and maintenance of
security policies, standards, and procedures aligned with leading
frameworks. Support contract and vendor reviews by assessing
third-party risk and advising on risk acceptance / treatment in
conjunction with Sorenson Vendor management processes. Deliver
regular reporting on metrics, KPI’s, risk posture, exceptions,
remediation and audit status to appropriate parties. Provide
approved responses to client inquiries and maintain library of
records, documentation, and responses. Ensure key security controls
are identified, implemented, tested, and remediated as required.
Evaluate and advise on security control recommendations to mitigate
information security risks. Work with business partners, global
risk management, IT risk, product and data security, and outside
consultants on required information security risk assessments and
audits. Respond to security assessments, questionnaires and audits
from regulators, clients and third-party business partners. Work
directly with clients to provide advisory services and guidance
that will reduce organizational risk, improve their overall
security posture, and achieve compliance. Prepare reports and other
deliverables that contain strategy, technical analysis, findings,
and recommendations. Other duties as assigned. Supervisory
Responsibility This position manages employees and is responsible
for the performance management and hiring of the employees. Travel
Requirements Travel Requirements: Less than 25% Education
Minimum/Preferred Education Description Minimum 4 Year / Bachelors
Degree Information Security, Information Systems or related Field
Minimum Certification CISA Preferred Certification CISSP, CRISC,
CISM, or other equivalents Experience Minimum Years of Experience
Description 7 years In Information Security with combinations in
operational security, risk management, IT, Compliance and Audit 3
years Leadership Specific to security governance, risk management
and compliance programs, process, and execution Knowledge, Skills,
and Abilities Ability to write solution workflow diagrams, system
documentation, playbooks, etc. Strong analytical skills Excellent
written and verbal communications skills, including presentational
skills Understanding of or experience with industry and regulatory
standards, including NIST 800-53, HIPAA Security Rule, ISO 2700x,
AICPA SOC 2, PCI DSS, GDPR, CCPA Prior experience auditing and
performing quality control actions of audits. Hands-on experience
with GRC platforms and work management tools (e.g. Jira,
Confluence) Demonstrated experience in curating cyber security
strategies and programs for large and complex organizations Proven
ability to operate independently, manage multiple priorities, and
drive results in a deadline-driven environment. Proven track record
in defining, developing, and implementing cyber risk management
structures, governance models, organizational transformations in
the areas of cyber security Strong domain expertise and
understanding of five or more of following areas: Cyber risk
program management and delivery Security architecture Security
technologies (e.g., firewalls, security event monitoring, intrusion
detection and prevention, malware detection) Data protection
(application security/SDLC) Third party risk management Cloud
security Working Conditions and Physical Requirements Ability to
sit and/or stand at a desk and work with a computer for extended
periodsof time. Dexterity of hands and fingers to operate a
computer keyboard, mouse, tools, and to handle other computer
components. Regular and predictable attendance required. Company
Summary Our Mission…Harnessing the power of language, we connect
diverse people and enrich the human experience. Our Vision…To
provide global language services that expand opportunities, nurture
belonging, and empower the world to connect beyond words. As one of
the world’s leading language services providers, Sorenson combines
patented technology with human-centric solutions. We strive to
increase accessibility and inclusion through communication
solutions for all: call captioning and video relay services,
over-video and in-person sign language and spoken language
interpreting, translation, real-time captioning, and
post-production language services. Sorenson’s impact vision and
plan extends to enhancing generational wealth and inclusive
workplaces for our employees and the communities we serve. We
achieve great things together working “The Sorenson Way” with our
employee values: Customer First, Can-Do Attitude, Collective
Action, Growth Mindset, Ownership, and Connect Direct. Disclaimer
This position has access to highly confidential, sensitive
information relating to the employees, customers, and technologies
of Sorenson Communications. It is essential that applicant possess
the requisite integrity to maintain the information in strictest
confidence. Apply today! www.sorenson.com/company/careers/ Equal
Employment Opportunity: Sorenson Communications is an EOE,
Disability/Age Employer.
Keywords: Sorenson, Logan , Senior Manager of Risk and Compliance, IT / Software / Systems , Salt Lake City, Utah