Third Party Risk Jobs in Chicago, IL (NOW HIRING)

Are you ready to make an impact?
West Monroe is seeking a Compliance Manager to join the internal Risk, Compliance & Cybersecurity (RCC) team. This role is responsible for leading and modernizing the firm's cybersecurity compliance and governance programs while leveraging automation, AI capabilities, and integrated GRC tooling to reduce manual effort and improve operational efficiency.
The Compliance Manager will work closely with IT, security engineering, legal, and business stakeholders to ensure adherence to industry frameworks and client security expectations. A key focus of this role will be identifying creative ways to automate compliance processes, integrate systems into the firm's GRC platform, and establish reliable sources of truth for audit evidence, risk tracking, and governance reporting.
This role will also oversee key security governance activities including incident response readiness, annual tabletop exercises, and security policy lifecycle management.
Qualifications
Candidates must demonstrate a strong understanding of cybersecurity governance, compliance frameworks, and enterprise risk management practices. The individual should be able to lead compliance initiatives while partnering with technical teams to ensure security controls are effectively implemented, monitored, and automated where possible.
The ideal candidate will have experience across a range of governance and compliance services, including but not limited to:

• Security Compliance Frameworks (SOC 2, ISO 27001, NIST, CIS Controls)
• Third-Party Risk Management and Vendor Security Assessments
• Client Security Questionnaires and Assurance Programs
• Security Policy Development and Governance Programs
• Audit Coordination and Evidence Management
• AI Governance and Emerging Compliance Frameworks (e.g., ISO 42001)
• Security Risk Assessments and Control Evaluations
• Compliance automation using GRC platforms and system integrations

Specific Skills Include, But Are Not Limited To:
Enterprise Compliance Program Leadership

• Own and lead enterprise-level cybersecurity compliance programs aligned to SOC 2, NIST CSF, ISO 27001, CIS Controls, and related frameworks.
• Define compliance strategy, scope, and roadmap while ensuring consistent execution across the organization.

Audit Management & Evidence Strategy

• Lead complex internal and external audits (e.g., SOC 2), serving as the primary point of contact for auditors.
• Define audit scope, manage timelines, and implement scalable evidence management practices that improve audit readiness and reduce disruption.

Third-Party Risk Management

• Lead vendor and third-party security risk management programs, including due diligence assessments, ongoing monitoring, remediation tracking, and risk reporting.
• Ensure third-party risk processes align with enterprise security and compliance requirements.

Client Security Assurance & Due Diligence

• Oversee responses to client security questionnaires, assessments, and assurance requests.
• Partner with legal, sales, and delivery teams to ensure responses are accurate, consistent, and aligned with the firm's security posture.

Risk Management & Control Oversight

• Identify, assess, and track cybersecurity risks using risk registers and structured remediation plans.
• Partner with technical teams to ensure risks ar addressed through effective and measurable control implementations.

Policy & Governance Lifecycle Management

• Develop, maintain, and continuously improve security policies, standards, and procedures.
• Ensure governance documentation aligns with regulatory expectations, audit requirements, and operational practices.

Incident Response Governance

• Maintain and mature incident response governance, including annual tabletop exercises, readiness assessments, and post-incident lessons learned.
• Ensure response procedures are documented, tested, and continuously improved.

Leadership, Influence & Communication

• Mentor and coach team members, supporting skill development, performance management, and knowledge growth.
• Communicate complex security and risk concepts effectively to senior leadership, technical teams, and business stakeholders.

Program Metrics & Executive Reporting

• Develop dashboards and reports that provide leadership visibility into compliance posture, automation maturity, audit readiness, and risk exposure.
• Use metrics to inform decision-making and drive continuous improvement.

Compliance Automation & GRC Enablement

• Drive compliance automation initiatives using enterprise GRC platforms (e.g., Drata, ServiceNow GRC), with a focus on reducing manual effort and improving audit readiness.
• Design and implement integrations across security and business systems (e.g., IAM, endpoint, cloud, ticketing) to automate evidence collection, control validation, risk tracking, and reporting, establishing the GRC platform as a single source of truth.
• Identify and eliminate manual compliance tasks by leveraging automation, scripting, and AI-driven workflows, including:
  • Client questionnaire pre-population and consistency
  • Policy generation and updates
  • Evidence mapping and control alignment across frameworks
  • Risk identification and summarization
• Build continuous control monitoring by integrating telemetry from security tools to enable real-time evidence collection and reduce point-in-time audit efforts.
• Standardize and automate workflows (e.g., API-based evidence collection, task routing via ServiceNow/Jira) to minimize manual follow-ups and improve efficiency.
• Partner with engineering teams to integrate new tools into the compliance ecosystem and continuously improve processes, with a goal of reducing audit effort, increasing accuracy, and scaling the program efficiently.

Requirements

• 8+ years of experience in cybersecurity governance, risk management, or compliance roles, with demonstrated ownership of enterprise-level programs
• Proven experience leading and scaling compliance programs aligned to frameworks such as SOC 2, NIST, ISO 27001, and CIS Controls
• Extensive experience managing complex internal and external audits, including direct engagement with auditors and scope management
• Experience overseeing client security questionnaires, due diligence responses, and assurance activities, including coordination with legal, sales, and delivery teams
• Strong background in third-party risk management, including vendor security assessments, ongoing monitoring, and remediation tracking
• Hands-on experience with enterprise GRC platforms (e.g., Drata, ServiceNow GRC, or similar), including configuration, optimization, and integrations
• Demonstrated success driving compliance automation and system integrations to reduce manual effort and improve audit readiness
• Experience managing or mentoring team members, including coaching, knowledge development, and performance feedback
• Strong communication skills with the ability to influence senior stakeholders and translate security and risk concepts to technical and business audiences
• Excellent organizational, prioritization, and program management skills in complex, cross-functional environments

Preferences

• Bachelor's degree in Cybersecurity, Information Systems, Computer Science, or a related technical field
• 8+ years of experience in cybersecurity governance, risk management, or compliance roles with ownership of enterprise-scale programs
• Prior experience in consulting or professional services environments, supporting multiple stakeholders and competing priorities
• Hands-on experience implementing and optimizing compliance programs using enterprise GRC platforms and automation capabilities
• Demonstrated success driving compliance automation, system integrations, and process maturity improvements
• Familiarity with AI governance concepts and emerging frameworks (e.g., ISO 42001)
• Industry certifications such as CISSP, CISA, CRISC, or CISM

Based on pay transparency guidelines, the salary range for this role can vary based on your proximity to one of our West Monroe offices (see table below). Information on our competitive total rewards package, including our bonus structure and benefits is here. Individual salaries are determined by evaluating a variety of factors including geography, experience, skills, education, and internal equity.
Employees (and their families) are covered by medical, dental, vision, and basic life insurance. Employees are able to enroll in our company's 401k plan, purchase shares from our employee stock ownership program and be eligible to receive annual bonuses. Employees will also receive unlimited flexible time off and ten paid holidays throughout the calendar year. Eligibility for ten weeks of paid parental leave will also be available upon hire date.
Seattle or Washington, D.C.
$161,300-$189,700 USD
Los Angeles
$169,000-$198,800 USD
New York City or San Francisco
$176,600-$207,800 USD
A location not listed above
$153,600-$180,700 USD
Other consultancies talk at you.
At West Monroe, we work with you.
We're a global business and technology consulting firm passionate about creating measurable value for our clients, delivering real-world solutions.
The combination of business and technology is not new, but how we bring them together is unique. We're fluent in both. We know that technology alone is not the answer, but how we apply it is. We rely on data to constantly adapt and solve new challenges. Actions that work today with outcomes that generate value for years to come.
At West Monroe, we zero in on the heart of the opportunity, getting to results faster and preparing people for what's next.
You'll feel the difference in how we work. We show up personally. We're right there in the room with you, co-creating through the challenges. With West Monroe, collaboration isn't a lofty promise, but a daily action. We work together with you to turn vision into clear action with lasting impact.
West Monroeis an Equal Employment Opportunity Employer
We believe in treating each employee and applicant for employment fairly and with dignity. We base our employment decisions on merit, experience, and potential, without regard to race, color, national origin, sex, sexual orientation, gender identity, marital status, age, religion, disability, veteran status, or any other characteristic prohibited by federal, state or local law. To learn more about diversity, equity and inclusion at West Monroe, visit www.westmonroe.com/inclusion. If you require a reasonable accommodation to participate in our recruiting process, please inquire by sending an email to recruiting@westmonroe.com.
Please review our current policy regarding use of generative artificial intelligence during the application process.
If you are based in California, we encourage you to read West Monroe's Notice at Collection for California residents, provided pursuant to the California Consumer Privacy Act (CCPA) and linked here.