Senior It Compliance Manager

Description:

As the Senior Manager, IT Compliance, you will be responsible for developing, implementing, and overseeing the Global IT governance, risk, and compliance programs. You will ensure that technology systems, processes, and controls align with regulatory requirements, industry standards, and internal policies. You will partner closely with IT, Security, Internal Audit, Legal, and business stakeholders to reduce risk and maintain a strong compliance posture. Additionally, you will lead the center of excellence for the Internal Audit department by assessing technologies, including AI, to automate processes, conducting complex data analyses to improve efficiency, and supporting audit work.

What We Can Offer You

Our benefits include but are not limited to.
Flexible working and holiday entitlements
Discounted childcare in one of our nurseries
Fantastic range of discounts on high street retailers, grocery stores, cinema tickets, holidays and more
Wide range of wellbeing resources, supporting our teams for the ups and downs of daily life

Why Bright Horizons?

We’ve been voted Great Place to Work for the last 17 consecutive years, as well as being awarded the newly created Great Place for Wellbeing and Great Place for Women 2022.

Our support functions enable our nurseries to deliver the best possible care and education to over 10,000 children across the UK. Through this support, our nurseries can deliver excellence – with 98% of our 300+ portfolio being rated Good or Outstanding by Ofsted.

We’re on a mission to change the future for children, families, and the people we work with, and are committed to progressive working values like flexibility, work-life balance, and wellbeing.

Essential Functions And Responsibilities

Develop and maintain the organization’s IT compliance framework, policies, and standards.
Ensure alignment with relevant regulations and standards through direct oversight or collaboration with InfoSec and Privacy teams(e.g., SOX, SOC 2, ISO 27001, GDPR, etc.).
Manage annual compliance planning, goal setting, and program maturity initiatives.
Identify, develop, and manage the implementation of recommendations to enhance IT controls and optimize business processes.
Identify, assess, and monitor IT risks across systems, applications, and infrastructure.
Oversee remediation plans and risk treatment strategies.
Serve as primary liaison for internal and external IT audits.
Coordinate audit activities, evidence collection, testing, and remediation efforts.
Ensure timely completion of corrective actions and management responses.
Oversee the creation, update, and enforcement of IT policies, procedures, and standards.
Implement and monitor IT general controls (ITGCs) and automated controls.
Ensure policies support secure and compliant technology operations
Lead periodic IT control assessments and readiness reviews.
Manage compliance-related tools and GRC platforms.
Create compliance dashboards, metrics, and executive reporting.
Ensure compliance assessments for third-party service providers.
Review SOC reports, security questionnaires, and vendor control environments.
Manage compliance training programs for IT teams and broader stakeholders.
Promote a culture of risk awareness and accountability.
Manage and mentor the IT compliance & data analytics & automation teams.
Work closely with IT, including Infosec and Privacy leadership, Internal Audit, Legal, and business leaders.
Provide strategic recommendations to senior leadership on compliance risks.
Identify opportunities to streamline the Internal Audit process using existing software tools (Wdesk, Workday) and analytics tools (Alteryx, Power BI).
Utilize data analytics tools for preparation, analysis, and visualization, employing advanced techniques to assist internal audit projects.
Manage the design and deployment of automated control testing, robotic process automation (RPA), scripts, or dashboards to increase efficiency and coverage of compliance activities.
Initiate efforts to improve testing efficiency, reduce manual work, and enhance overall assurance quality.

Decision Making 

Manage strategic decisions related to the design, implementation, and enhancement of IT compliance frameworks, controls, and governance processes.
Prioritises and evaluates IT risks, determining appropriate mitigation actions and advising senior leadership on risk tolerance and trade‑offs.
Determines compliance requirements across multiple regulatory frameworks and interprets how they apply to business operations and technology systems.
Approves and escalates issues related to audit findings, control failures, vendor risks, and policy exceptions, ensuring timely remediation and risk reduction.
Exercises independent judgment in resolving compliance gaps, assessing materiality, and deciding when to involve executive leadership, Internal Audit, Legal, or external auditors.
Evaluates technology initiatives (system changes, new platforms, integrations, cloud migrations) for compliance and control impact, making go/no‑go recommendations.
Makes staffing and resource allocation decisions within the IT compliance & Center of Excellence to support program objectives and service delivery.
Guides policy decisions, including creation, revision, exception handling, and enforcement across the organization.

Influence 

Advises executive leadership (CIO, CISO, CFO, General Counsel, Internal Audit) on compliance risks, regulatory expectations, and control maturity.
Influences technology strategy by ensuring compliance requirements are embedded in system design, security architecture, and IT operations.
Partners cross‑functionally with IT, Security, Engineering, Legal, Procurement, and Business Operations to drive consistent policy adoption and risk management practices.

Impact

Reducing financial, operational, and regulatory risk through effective control design, monitoring, and remediation governance.
Ensuring audit readiness and positive audit outcomes, which directly affect financial reporting integrity, market trust, and regulatory confidence.
Enhancing customer and stakeholder trust by demonstrating strong governance, risk management, and data protection practices.
Supporting business growth and scalability by ensuring new systems, integrations, and products are designed with compliance in mind.

Essential Skills And Experience

Strong knowledge of regulatory requirements (SOX, HIPAA, etc.).
Experience leading internal/external IT audits and control assessments.
Familiarity with GRC tools and frameworks (NIST, COBIT, ISO 27000).
Excellent communication and leadership skills.
Strong organizational, prioritization, and time management abilities, consistently excelling in high-pressure, fast-paced settings.
Experience utilizing audit documentation and workflow management platforms (e.g., Workiva) is highly advantageous.
Results-driven, focused professional with a strong sense of ownership, accountability, and motivation to achieve excellence.
Preferred certification:
CISA (Certified Information Systems Auditor)
CISSP (Certified Information Systems Security Professional)
CRISC (Certified in Risk and Information Systems Control)
CISM (Certified Information Security Manager)

Education Level Required

Relevant Degree or minimum additional years of experience in lieu of applicable degree
10 years performing IT Auditing or IT Compliance, including Sarbanes-Oxley compliance and staff supervision. Preferably with public accounting firm or fortune 100 organization with structured risk & compliance processes and procedures.