Manager, Information Security Compliance & Risk jobs in United States
cer-icon
Apply on Employer Site
company-logo

Analysis Group · 21 hours ago

Manager, Information Security Compliance & Risk

positionBoston, MA
timeFull-time
remoteHybrid
senioritySenior Level
money$175K/yr - $200K/yr
date7+ years exp

Analysis Group is one of the largest international economics consulting firms, providing expertise in economics, finance, health care analytics, and strategy. The Manager, Information Security Compliance and Risk is responsible for leading the firm’s Governance, Risk, and Compliance (GRC) program, managing a team of Information Security Analysts, and ensuring compliance with security and regulatory requirements related to AI and machine learning technologies.

Consulting
check
Growth OpportunitiesbadNo H1Bnote

Responsibilities

Own and maintain the firm’s information security governance framework, including policies, standards, and procedures
Lead annual SOC 2 and ISO 27001 audit cycles, including audit readiness, evidence coordination, and remediation tracking
Ensure ongoing compliance with client, regulatory, and contractual information security requirements
Manage policy exceptions, risk acceptances, and documentation of compensating controls
Lead the renewal and ongoing maintenance of government and client security authorizations, attestations, and approvals required for regulated engagements
Coordinate cross-functional evidence collection and control validation to support authorization renewals and periodic reassessments
Track authorization requirements, renewal timelines, and control changes to ensure continuous eligibility for regulated work
Lead the Information Security AI governance program, ensuring secure, responsible, and compliant use of AI technologies across the firm
Partner with Legal, Privacy, Compliance, and business stakeholders to define and maintain AI security requirements, risk assessments, and usage standards
Establish and maintain security controls for AI-enabled tools, including data handling, access controls, model usage restrictions, and third-party AI risk
Support client and regulatory inquiries related to AI security posture and governance practices
Track emerging AI-related regulatory and security requirements and assess their impact on firm policies and controls
Maintain and mature the enterprise information security risk register
Facilitate periodic risk assessments, including risks associated with AI usage, data processing, and third-party technologies
Develop and report meaningful risk metrics and dashboards for leadership review
Translate technical and operational risks into clear business-impact language
Oversee third-party security risk management in partnership with Legal
Lead structured reviews of vendor security posture, including AI and SaaS providers
Track remediation plans and ongoing monitoring of third-party and AI-related risks
Serve as the primary liaison for internal and external audits related to information security
Coordinate evidence collection across IT, Security Engineering, Privacy, and business stakeholders
Track findings, corrective actions, and continuous improvement initiatives
Directly manage three Information Security Analysts
Set priorities, provide mentorship, and support professional development
Establish consistent processes, documentation standards, and performance expectations across the GRC function
Partner closely with Security Engineering and Operations to align governance requirements with technical controls
Work with Legal, Compliance, Privacy, and Data Science teams on regulatory interpretation and AI governance requirements
Support client security inquiries, assessments, and due diligence requests

Qualification

Information SecurityGRC ManagementSOC 2 CertificationISO 27001 CertificationRisk ManagementAI GovernanceProfessional CertificationsTeam LeadershipInterpersonal SkillsGrowth-oriented MindsetCross-functional Collaboration

Required

Bachelor's degree required
7 to 10 years of experience in information security, GRC, audit, or risk management required
Prior experience managing SOC 2 and or ISO 27001 programs required
Demonstrated people management or team leadership experience
Professional certifications such as CISSP, CISM, CRISC, CGRC, or ISO 27001 Lead Implementer or Auditor
Experience with GRC platforms and risk management tooling
Experience supporting AI governance, data governance, or emerging technology risk programs
Experience supporting client-driven security assessments in a professional services environment
An inclusive and growth-oriented mindset, strong interpersonal skills, and an ability to work across differences
eligible candidates must be authorized to work in the United States without sponsorship or restriction, now and in the future

Preferred

degree in information security, risk management, or a related field

Benefits

Competitive compensation
Comprehensive benefits package
Discretionary annual bonus that is determined in large part by individual performance

Company

Analysis Group

twittertwittertwitter
Glassdoor4.3
company-logo
Analysis Group is one of the largest international economics consulting firms
dateFounded in 1981
location
Boston, Massachusetts, USA
people-size1001-5000 employees
web-link
http://www.analysisgroup.com

Funding

Current Stage
Late Stage

Leadership Team

leader-logo
Bruce Stangle
Expert witness in economics and finance; Co-founder
linkedin
leader-logo
Amy Santamaria
Senior Human Resources Business Partner
linkedin

Recent News

PR Newswire
Analysis Group Co-Authors Examine the Advancements in and Application of Health Economics and Outcomes Research to the Evaluation of Cell and Gene Therapies for Rare Diseases
2025-07-22
Mac Observer
U.S. Developers Cash In: Apple’s App Store Drives $406 Billion in Sales
2025-05-30
MacRumors
U.S. App Store Ecosystem Facilitated $406 Billion in Sales in 2024, Up From $142 Billion in 2019
2025-05-30
Company data provided by crunchbase