Senior IT Compliance Program Manager

Job Description:

Role Summary:

The Senior IT Compliance Program Manager is responsible for designing, implementing, and managing a comprehensive IT compliance program that aligns with regulatory, statutory, contractual, and internal security requirements. This role serves as the primary liaison between IT, internal stakeholders, and external auditors/regulators to ensure audit readiness, continuous compliance, and a mature control environment. It will also require deep domain expertise in regulatory frameworks (e.g., SOX, HIPAA, PCI-DSS, GDPR, NIST), modern IT environments (Cloud, DevOps), risk management, and control design.

Key Responsibilities:

• Compliance Program Development:
  Design and maintain a scalable IT compliance framework aligned with business goals, risk appetite, and regulatory mandates.
• Cross-Functional Collaboration:
  Partner with functional teams and outsourced providers to ensure operational effectiveness of compliance controls across multiple regulatory frameworks and industry certifications.
• Governance, Risk, and Compliance Expertise:
  Act as a GRC subject matter expert, guiding product and engineering teams on compliance initiatives. Identify and remediate risks affecting product and infrastructure security.
• Assessments and Audits:
  Independently lead routine and complex assessments/audits. Collect and review evidence to support internal and external audits.
• Reporting and Communication:
  Deliver timely reports, metrics, and remediation strategies. Manage complex, cross-functional projects and dependencies.
• Efficiency and Scalability:
  Drive improvements in the efficiency and scalability of compliance programs to support organizational growth.
• Leadership Metrics:
  Provide leadership with actionable metrics on risk, audit issues, and remediation progress.

Job Requirements:

Qualifications:

• Bachelor’s Degree in Computer Science or related field highly preferred
• 5+ years of experience in IT compliance, audit, or information security governance.
• Proven experience with compliance frameworks such as SOX, HIPAA, HITRUST, PCI-DSS, ISO 27001, GDPR, NIST CSF, and SOC 2.
• Strong understanding of internal audit processes and closure of audit findings.
• Excellent communication and collaboration skills across cross-functional and outsourced teams.
• Ability to manage multiple priorities in a fast-paced environment.
• Strong analytical and problem-solving skills.
• Experience with the full audit lifecycle (scoping, evidence collection, walkthroughs, remediation).
• Familiarity with modern IT environments (cloud-native platforms, IAM, logging, network segmentation, vulnerability management).
• Demonstrated ability to write, operationalize, and test IT controls.

Preferred Qualifications:

• Certifications such as CISA, CRISC, CGRC, CISSP, CIPM, or equivalent.
• Experience with GRC platforms (e.g., ServiceNow GRC, Workiva, Vanta), CSPM tools, or compliance-as-code platforms.
• Understanding of Agile/DevOps principles and their impact on compliance.
• Ability to translate complex compliance requirements into actionable guidance for technical teams.

#LI-RJ1

#LI-hybrid

IND123

Target Market Salary Range:

Actual compensation packages take into account a wide range of factors that are unique to each candidate, including but not limited to geographic location; skill sets; relevant education and certifications; depth of experience; performance; and other business and organizational needs. The disclosed reasonable estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled.  At Envista, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case. The total compensation package for this position may also include an annual performance bonus, medical/dental/vision benefits, 401K match, and/or other applicable compensation plans.

Operating Company:

Envista is a global family of more than 30 trusted dental brands, united by a shared purpose: to partner with professionals to improve lives. Envista helps its partners deliver the best possible patient care through industry-leading products, solutions, and technology. Our comprehensive portfolio, including dental implants and treatment options, orthodontics, and digital imaging technologies, covers an estimated 90% of dentists’ clinical needs for diagnosing, treating, and preventing dental conditions as well as improving the aesthetics of the human smile.

Envista and all Envista Companies are equal opportunity employers that evaluate qualified applicants without regard to race, color, national origin, religion, sex, age, marital status, disability, veteran status, sexual orientation, gender identity, or other characteristics protected by law. The “EEO is the Law” poster is available at: http://www.dol.gov/ofccp/regs/ compliance/posters/pdf/eeopost.pdf.

Envista and its family of companies (Envista) will not accept unsolicited resumes from any source other than directly from a candidate.  Envista will consider unsolicited referrals and/or resumes submitted by vendors such as search firms, staffing agencies, professional recruiters, fee-based referral services and recruiting agencies (Agency) to have been referred by the Agency free of charge and Envista will not pay a fee for any placement resulting from the receipt such unsolicited resumes.  An Agency must obtain advance written approval from Envista's internal Talent Acquisition or Human Resources team to submit resumes, and then only in conjunction with a valid fully-executed contract approved by the Global Talent Acquisition leader and in response to a specific job opening.  Envista will not pay a fee to any Agency that does not have such agreement and written approval in place.