Manager, Security & Privacy Compliance (Financial Services)

We are seeking an experienced and strategic Manager of Security & Privacy Compliance to lead and mature enterprise-wide cybersecurity, privacy, and governance, risk, and compliance (GRC) programs across our financial services divisions.

This role is critical in ensuring ongoing compliance with key regulations such as NYDFS, GLBA, CCPA, and GDPR, while aligning with industry frameworks like CIS, NIST, and ISO 27001. The successful candidate will serve as a central partner to Legal, Compliance, IT, and HR, driving enterprise risk assessments, managing internal and external audits, and leading executive-level steering committee initiatives.

Key Responsibilities:

• Lead the development and execution of security and privacy compliance programs across multiple financial entities.
• Monitor and ensure alignment with evolving regulatory requirements (e.g., NYDFS, GLBA, CCPA, GDPR).
• Oversee enterprise risk assessments and control gap analyses, recommending mitigation plans.
• Facilitate internal and external security audits; prepare and present findings to stakeholders.
• Collaborate cross-functionally with Legal, IT, HR, and Compliance to embed security practices into business processes.
• Champion a culture of security and privacy awareness across all levels of the organization.
• Maintain and enhance GRC documentation, policies, and controls in accordance with industry frameworks (CIS, NIST, ISO 27001).
• Report regularly on the state of compliance, risk posture, and control maturity to executive leadership.