Manager, Technical Risk & Compliance

This role requires a hybrid schedule and will be based in our South Charlotte, NC Headquarters (Tuesday through Thursday) and work fully remotely on Mondays and Fridays each week.

Curious how Shared Services fits into Red Ventures? Click here. 

Red Ventures is hiring a Manager, Technical Risk and Compliance to drive risk reduction across our organization and lead meaningful change wherever risk is not tolerable. This is a player-coach role, you will own the program and stay close to the work. This leader will own the technology risk program across multiple lines of business, from identification and prioritization through remediation and reporting, while establishing trusted partnerships and ensuring compliance obligations are met with rigor and consistency. If your compliance experience has been primarily vendor management and status reporting, this is probably not the right fit. This role includes direct people management responsibility, with a team that grows in scope over time.

What You’ll Do:

• Own the end-to-end technology risk lifecycle across all lines of business, including assessment, prioritization, remediation tracking, and executive reporting, ensuring every risk has a clear owner and is tracked to closure.
• Run the exception program, covering intake, review, approval routing, expiration tracking, and renewal governance, with no exceptions aging without an owner or a remediation commitment.
• Own the vendor and third-party risk assessment program, scoping and sequencing assessments based on exposure and business criticality, and embedding vendor risk review into onboarding and renewal cycles with Procurement and Legal.
• Drive compliance posture across PCI, SOC2, ISO 27001, and NYDFS, maintain the full obligation calendar, direct the team on assessments and evidence collection, and ensure no regulatory deadline is a surprise.
• Perform hands-on control testing, not just documentation review, but validating that technical controls are actually working, including logging enablement, encryption enforcement, and access scoping, and knowing when a screenshot is not sufficient evidence.
• Translate regulatory requirements into specific technical configurations and work directly with engineering to close gaps, you can read cloud configurations, IAM policies, and security tool outputs and assess whether a control is actually in place.
• Leverage AI tools and automation to accelerate compliance workflows, from drafting control narratives and risk assessments to streamlining evidence collection, closing audit gaps faster, and reducing manual toil across recurring compliance tasks.
• Assess AI, ML systems, and automated pipelines from a risk and compliance lens, understanding data flows, model governance, and where traditional frameworks require interpretation or adaptation.
• Eliminate the highest-friction manual GRC and compliance processes through tooling and workflow automation, targeting meaningful burden reduction within the first year.
• Serve as the security organization's primary interface to the business, building trusted relationships with BU leaders, Engineering, Finance, Legal, and Compliance, and translating risk into financial exposure, operational disruption, and regulatory consequence.

What We’re Looking For:

• Proven risk program ownership, has built or significantly matured a technology risk lifecycle end-to-end, and has been the one pulling evidence and validating controls, not just managing the auditor relationship.
• Technical compliance depth, 3 or more years in a GRC, compliance, or risk role where you were also the person who could validate the technical fix, not just track it in a spreadsheet.
• Hands-on audit experience, you have owned at least one major framework audit end-to-end, SOC 2 Type II, PCI DSS, or HIPAA, including evidence collection, control testing, and auditor response.
• Multi-stakeholder risk communication, translates technical risk into business impact for non-technical leaders across diverse business units.
• Automation-first mindset, track record of eliminating manual GRC or security processes through tooling, workflow automation, and AI-assisted compliance tasks.
• Cross-functional partnership builder, builds lasting relationships with Engineering, Finance, Legal, and BU leaders to drive risk accountability.
• Security architecture fluency, understands secure design principles, can read and evaluate cloud configurations and IAM policies, and can lead engineers through design reviews and risk mitigation work.
• Operates independently, sets direction, resolves blockers, and escalates only when a true decision is needed.
• AI and emerging tech risk awareness, can assess and advise on risks from AI adoption, automated pipelines, cloud architectures, and third-party integrations.
• People leader who develops talent, actively growing the team toward greater scope and ownership.

Minimum Qualifications: 

• At least 7 years of experience in cybersecurity, technology risk, or security operations.
• Demonstrated experience owning a technology risk program, not just contributing to one.
• Experience leading cross-functional risk assessments across multiple business units or technology domains.
• Strong understanding of risk and control frameworks including NIST, ISO 27001, and FAIR.
• Experience in regulated environments including SOC2, PCI, and NYDFS.
• Proven track record of automating manual security or GRC processes, including use of AI tools for compliance acceleration.
• Ability to assess AI, ML systems, and automated workflows from a risk and compliance perspective, including data flows and model governance.
• Strong stakeholder influence skills, with the ability to lead without authority.
• Experience managing technical and risk teams.

Preferred Qualifications: 

• Multi-business-unit or holding company experience, with familiarity operating in federated environments where risk priorities and technology stacks vary by business unit.
• Hands-on GRC platform experience with ServiceNow GRC, Archer, OneTrust, Drata, Vanta, or similar, including workflow automation and reporting configuration.
• Has designed a vendor risk assessment program from scratch, not just contributed to an existing one.
• Experience building risk dashboards or executive risk briefings that were used to drive business decisions.
• Active certifications such as CISA, CRISC, CCSP, or AWS Security Specialty.
• Prior experience at a company that went through a SOC 2 Type II or PCI Level 1 audit from scratch.
• Background that started in IT, cloud, or security engineering before moving into risk and compliance.
  
  

Compensation: 

This range reflects total cash compensation, which may include base salary only or base salary plus target bonus, depending on the role. Where eligible, equity may also be offered separately and not included below. Actual compensation varies based on location, experience, and qualifications.

• Total Cash Compensation Range: $150,000 - $210,000 per year

Additionally, the following benefits are provided by Red Ventures, subject to eligibility requirements.

• Health Insurance Coverage (medical, dental, and vision)
• Life Insurance
• Short and Long-Term Disability Insurance
• Flexible Spending Accounts
• Holiday Pay
• 401(k) with match
• Employee Assistance Program
• Paid Parental Bonding Benefit Program
• Flexible Paid Time Off (PTO): We believe time to rest and recharge is essential.  That’s why we offer a generous and flexible PTO policy.  Full-time employees accrue 20 days of PTO for a full calendar year annually, with an increase to 25 days after five years of service.

Who We Are:

Red Ventures is a global portfolio of high-growth companies — spanning several U.S. businesses, a joint venture in the health services industry, and strategic investments in Europe. Their businesses include The Points Guy, Lonely Planet, Bankrate, the Allconnect Platform, RV Home Client Growth, RV Growth & Transformation, Sage Home Loans Corporation, and more. Across the portfolio, Red Ventures businesses deliver seamless digital experiences for consumers, help Fortune 100 clients solve large-scale digital growth challenges, and create world-class experiences and opportunities for employees. Learn more at redventures.com and follow @RedVentures on LinkedIn and Instagram.

At Red Ventures, we believe diverse, inclusive teams are better. To help you better understand our core values and beliefs, we encourage you to watch this brief YouTube video: Our Belief Statements. This will give you insight into the principles that guide our work and our commitment to fostering an inclusive environment.

Red Ventures is an equal opportunity employer that does not discriminate against any employee or applicant because of race, creed, color, religion, gender, sexual orientation, gender identity/expression, national origin, disability, age, genetic information, veteran status, marital status, pregnancy or any other basis protected by law. Employment at Red Ventures is based solely on a person's merit and qualifications. 

We are committed to providing equal employment opportunities to qualified individuals with disabilities. This includes providing reasonable accommodation where appropriate. Should you require a reasonable accommodation to apply or participate in the job application or interview process, please contact accommodation@redventures.com. 

If you are based in California, we encourage you to read this important information for California residents linked here.

 

At Red Ventures, we believe in real human connection. That’s why we do not hire someone through text, social media, or email only. As part of the hiring process, you should expect live conversations with RV teammates before any offer is made. Also, keep an eye on the sender: we only use official @redventures.com email addresses at the portfolio level or business specific email addresses (e.g., @thepointsguy.com), not ones like “redventurescareer.com.” We will never ask candidates to send money, buy equipment, or share financial account info during your journey with us. You can always find our open roles on redventures.com— if you receive a message that seems suspicious, please use redventures.com to verify the opportunity.

For more, the U.S. Federal Trade Commission has published helpful articles to help individuals learn more about protecting themselves from recruiter scams. If you think you’ve been targeted, feel free to report it to your local authorities. Stay safe out there!

#LI-LM2 #LI-HYBRID