IT Compliance & Risk Senior Manager bei MISTRAS Group, Inc.

The IT Compliance & Risk Senior Manager is responsible for leading the enterprise-wide IT compliance and risk management strategy. This role ensures adherence to regulatory requirements (e.g., SOX, GDPR, CMMC, SOC2), internal policies, and industry standards while proactively identifying and mitigating IT-related risks. The ideal candidate will drive compliance transformation, embed governance into daily operations, and foster a culture of accountability and continuous improvement.

Compliance Leadership

• Develop, implement, and maintain IT compliance frameworks aligned with regulatory and internal requirements.
• Oversee audits, assessments, and control validations across IT systems and processes.
• Lead initiatives to automate and streamline compliance activities using analytics and exception-based reporting.

Risk Management

• Maintain IT risk registers and conduct Risk Control Self Assessments (RCSAs).
• Collaborate with cybersecurity and IAM teams to identify gaps and implement mitigation strategies.
• Serve as the primary liaison for internal and external audit engagements.

Policy & Governance

• Own the IT and Information Security policy frameworks, ensuring regular updates and awareness campaigns.
• Align IT controls with business risks and eliminate redundant or outdated controls.

Business Continuity & Resilience

• Manage the IT Business Continuity Program, including disaster recovery testing and reporting.
• Ensure critical IT services meet Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO).

Stakeholder Engagement & Training

• Provide compliance training and guidance to IT staff and business stakeholders.
• Translate complex regulatory requirements into actionable business language.

Minimum Requirements:

• Bachelor’s degree in Information Technology, Cybersecurity, or related field.
• 7+ years of experience in IT compliance, or audit.
• Strong knowledge of frameworks such as SOX, GDPR, CMMC, SOC2, ISO 27001, COBIT, and NIST.
• Experience with IAM platforms (e.g., ENTRA ID, OKTA), SSO, and Zero Trust architectures.
• Professional certifications preferred: CISA, CISSP, CRISC, or equivalent.
• Excellent communication, leadership, and analytical skills.

MISTRAS Group, Inc. is committed to equal employment opportunity. Employment decisions including initial hiring and all matters involving the terms and conditions of employment will be made without regard to any protected class under applicable law. If hired, the employment relationship is “At-Will,” which means that employment can be terminated at any time, and for any reason, at the option of either the Company or the employee.  Please direct questions about these policies to a MISTRAS Group, Inc. Human Resources representative. 

By submitting & signing , I hereby understand and agree to the terms and conditions of employment as outlined above.  I certify that the responses and information provided in this application (including any other supporting documentation such as a cover letter, resume, or transcript) are true and accurate to the best of my knowledge. I understand that misrepresenting or omitting information requested is cause for dismissal at any time, without notice. I hereby give the Company permission to contact schools, previous employers (unless otherwise indicated), references, and others disclosed in my application. 

Note to Applicants:

Smoking is prohibited in all indoor areas of the Company.  Employees may use designated smoking areas (if established) in accordance with applicable state and local law.

Rhode Island Applicants: The Company is subject to Chapters 29-38 of Title 28 of the General Laws of Rhode Island, and is therefore covered by the state’s workers’ compensation law.

Initial (if applicable):    Massachusetts Applicants: I understand that it is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

Initial (if applicable):    Maryland Applicants: I UNDERSTAND THAT UNDER MARYLAND LAW, AN EMPLOYER MAY NOT REQUIRE OR DEMAND, AS A CONDITION OF EMPLOYMENT, PROSPECTIVE EMPLOYMENT OR CONTINUED EMPLOYMENT, THAT ANY INDIVIDUAL SUBMIT TO OR TAKE A POLYGRAPH OR SIMILAR TEST. AN EMPLOYER WHO VIOLATES THIS LAW IS GUILTY OF A MISDEMEANOR AND SUBJECT TO A FINE NOT EXCEEDING $100.

Mistras Group, Inc. is an Equal Opportunity Employer/Veterans/Disabled: