Manager of IT Compliance & Audit

ZS is a place where passion changes lives. As a management consulting and technology firm focused on transforming global healthcare and beyond, our most valuable asset is our people. Here you'll work side-by-side with a powerful collective of thinkers and experts shaping solutions from start to finish. At ZS, we believe that making an impact demands a different approach; and that's why here your ideas elevate actions, and here you'll have the freedom to define your own path and pursue cutting-edge work . We partner collaboratively with our clients to develop products that create value and deliver company results across critical areas of their business including portfolio strategy, customer insights, research and development, operational and technology transformation, marketing strategy and many more . If you dare to think differently, join us, and find a path where your passion can change lives.
Our most valuable asset is our people .
At ZS we honor the visible and invisible elements of our identities, personal experiences and belief systems-the ones that comprise us as individuals, shape who we are and
make us unique. We believe your personal interests, identities, and desire to learn are part of your success here. Learn more about our diversity, equity, and inclusion efforts and the networks ZS supports to assist our ZSers in cultivating community spaces, obtaining the resources they need to thrive, and sharing the messages they are passionate about.
The ZS IT Governance, Risk & Compliance (GRC) team is a global function that plays a critical role in aligning with ZS' business strategy and operating model. The team's mission is to empower ZS' 13,000+ employees and their clients with the tools, insights, and frameworks needed to effectively manage operational risk and meet compliance requirements in an increasingly complex regulatory landscape.
The GRC team is responsible for ensuring that ZS maintains the highest standards of compliance by managing a diverse portfolio of certifications and audits across multiple domains, including Information Security, Privacy, and Environmental, Social & Governance (ESG). The team's scope of work includes maintaining compliance with industry-recognized standards such as ISO 27001, ISO 27701, ISO 27017, HITRUST, SOC 2, SOC 3, and ESG, providing comprehensive oversight on risk management, security, and privacy practices.
By offering independent assurance to both internal stakeholders and external parties, the GRC team ensures that ZS consistently adheres to globally established compliance frameworks, controls, policies, and industry standards. This stewardship strengthens ZS' ability to mitigate risks, meet client and regulatory expectations, and uphold its reputation as a trusted partner across industries.
Additionally, the GRC team fosters continuous improvement, not only by responding to evolving regulations but by driving proactive initiatives that embed a culture of compliance and risk awareness throughout ZS' operations. This holistic approach helps safeguard ZS' assets, data, and relationships in a fast-paced and increasingly interconnected business environment.
What You'll Do -
The Manager, IT Compliance & Audit will be a seasoned leader in the information security compliance domain, driving projects related to critical certifications like ISO 27001, ISO 27701, ISO 27017, HITRUST, SOC 2, SOC 3, and others. The individual will play a pivotal role in managing and ensuring compliance with regulatory and operational security standards while collaborating with various stakeholders, including the CISO, CRO, DPO, Head of Cloud Engineering, IT Stakeholders, and other senior leaders. The role requires hands-on technical and functional expertise, along with the ability to manage and develop teams, oversee compliance programs, and report to leadership committees.
Key Responsibilities:
Compliance & Audit Management:

• Lead and manage the implementation, maintenance, and certification processes for ISO 27001, 27701, 27017, HITRUST, SOC 2, SOC 3, and similar standards.
• Oversee and manage internal and external audits, identifying gaps, and ensuring timely closure of audit findings.
• Collaborate with cross-functional teams, including IT, security, legal, and risk management, to ensure alignment on security compliance initiatives.
• Drive continuous improvement initiatives to enhance compliance posture, developing and enforcing security policies, procedures, and controls.

Stakeholder Collaboration & Communication:

• Act as the primary liaison between internal teams and external auditors, certification bodies, and regulators.
• Build and maintain strong working relationships with key stakeholders, including the CISO, CRO, DPO, Head of Cloud Engineering, IT, and legal teams, to ensure compliance objectives are met.
• Provide expert advice on compliance issues and support various departments with technical and policy-driven guidance.

People Management & Leadership:

• Lead, mentor, and develop a team of compliance professionals, fostering a high-performance culture.
• Manage team workload, project assignments, and career development, ensuring that the team is up-to-date with industry standards and compliance practices.
• Oversee team training programs to ensure knowledge sharing and skills development in compliance and audit.

Project Management & Reporting:

• Lead compliance projects, including budgeting, forecasting, resource planning, and reporting progress to leadership committees.
• Develop project timelines, track milestones, and ensure timely delivery of compliance and audit activities.
• Provide regular reports and updates to senior management, including dashboards and key performance indicators (KPIs) to assess the organization's compliance and risk posture.
• Collaborate with internal teams to ensure smooth integration of compliance requirements into new and existing technologies, including AI, cloud services, and data privacy technologies.

Strategic Planning & Operational Compliance:

• Contribute to the development of the organization's broader compliance strategy, aligning with industry trends and emerging regulations.
• Proactively identify potential risks and vulnerabilities and develop risk mitigation strategies.
• Lead operational compliance efforts across various functions, ensuring comprehensive coverage of security, privacy, and data protection requirements.

What You'll Bring -

• Bachelor's degree in computer science, Information Technology, Cybersecurity, or a related field. A master's degree or MBA is preferred.
• 10-15 years of experience in IT compliance, audit, and information security, with specific experience managing ISO 27001, ISO 27701, ISO 27017, HITRUST, SOC 2, SOC 3, and related certifications.
• Proven track record of managing compliance programs and leading audits across large, complex organizations.
• Strong leadership and people management experience, with a demonstrated ability to lead, develop, and motivate high-performing teams.
• Excellent project management skills with the ability to manage budgets, forecasts, timelines, and complex stakeholder requirements.
• Deep understanding of cloud security (Azure, AWS, GCP) and privacy standards, with experience working with cloud engineering and DevSecOps teams.
• Strong problem-solving skills with the ability to influence and engage with C-level executives and senior stakeholders.

Certifications (Preferred):

• CISA (Certified Information Systems Auditor)
• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager)
• ISO 27001 Lead Auditor/Lead Implementer
• HITRUST Certified CSF Practitioner
• Certified Cloud Security Professional (CCSP)
• PMP (Project Management Professional) or equivalent certification

Perks & Benefits:
ZS offers a comprehensive total rewards package including health and well-being, financial planning, annual leave, personal growth and professional development. Our robust skills development programs, multiple career progression options and internal mobility paths and collaborative culture empowers you to thrive as an individual and global team member.
We are committed to giving our employees a flexible and connected way of working. A flexible and connected ZS allows us to combine work from home and on-site presence at clients/ZS offices for the majority of our week. The magic of ZS culture and innovation thrives in both planned and spontaneous face-to-face connections.
Considering applying?
At ZS, we're building a diverse and inclusive company where people bring their passions to inspire life-changing impact in global healthcare and beyond. We are most interested in finding the best candidate for the job and recognize the value that candidates with all backgrounds, including non-traditional ones, bring. If you are interested in joining us, we encourage you to apply even if you don't meet 100% of the requirements listed above.
ZS is an equal opportunity employer and is committed to providing equal employment and advancement opportunities without regard to any class protected by applicable law.
To Complete Your Application:
Candidates must possess work authorization for their intended country of employment. An on-line application, including a full set of transcripts (official or unofficial), is required to be considered.
NO AGENCY CALLS, PLEASE.
Find Out More At:
www.zs.com