Manager, IT Risk Operations

Wilson Sonsini is the premier legal advisor to technology, life sciences, and other growth enterprises worldwide. We represent companies at every stage of development, from entrepreneurial start-ups to multibillion-dollar global corporations, as well as the venture firms, private equity firms, and investment banks that finance and advise them. The firm has approximately 1,100 attorneys in 17 offices: 13 in the U.S., two in China, and two in Europe. Our broad spectrum of practices and entrepreneurial spirit allow exceptional opportunities for professional achievement and career growth.

Essential Duties and Responsibilities:

This high-impact position in the Governance, Risk & Compliance function sits at the center of the firm’s technology, security, and operational ecosystem. Managing a small team, you will work closely with senior leaders across IT, Security Engineering, General Counsel, and firm leadership to shape how risk is understood, measured, and managed. 

The role can be 100% remote or hybrid-in person if located near a physical office.

Strengthen IT Governance & Controls 

• Lead the development of executive-level reporting on IT risk, compliance posture, and operational performance 
• Build and evolve KPI/KRI dashboards that provide real-time visibility into risk trends and control effectiveness 
• Translate complex IT and security data into meaningful insights for decision making 
• Ensure adherence to IT policies, standards, and leading frameworks (e.g., NIST, ISO 27001) 
• Own and evolve the firm’s IT risk register and Risk & Control Self-Assessment (RCSA) program 
• Identify emerging and systemic risks across IT, security, privacy, and operational processes 

Incident Governance & Investigations 

• Partner with General Counsel, Security, and IT to lead internal investigations

Own ITSM Governance & ServiceNow Analytics 

• Oversee governance and reporting across the IT Service Management (ITSM) ecosystem 
• Analyze incident, change, and problem management data to identify trends and improvement opportunities 
• Drive workflow optimization and automation within ServiceNow  

Vendor Risk Management 

• Review and advise on vendor agreements
• Enhance vendor risk processes, including risk tiering, assessments, and monitoring 
• Identify opportunities to streamline processes, enhance reporting, and improve governance
• Introduce data-driven approaches to risk management and operational oversight 
• Perform related duties as assigned or directed by supervisor
• Maintain compliance with all firm policies and procedures

Education and/or Work Experience Requirements:

• Bachelor’s degree preferred
• Seven years of experience in IT risk, security compliance, technology audit, or IT governance preferred
• Experience operating in complex, regulated environments (e.g., law firms, financial services, consulting) preferred
• Proven ability to lead reporting, analytics, and governance initiatives 
• Familiarity with ServiceNow and ITSM reporting including understanding of incident, change, and problem management lifecycles 
• Experience with security and collaboration platforms such as Microsoft 365, Purview and email security tools 
• Working knowledge of frameworks such as the NIST Cybersecurity Framework, ISO/IEC 27001 and SOC 2 
• Strong understanding of control design, risk registers, RCSA programs, and audit response 
• Basic understanding of privacy regulations 
• CISA, CISSP, CRISC, CTPRM and/or ITIL preferred 

The compensation for this position may include a discretionary year-end merit bonus based on performance. We offer a highly competitive salary and benefits package.

Benefits information can be found here. Equal Opportunity Employer (EOE).