Senior Manager, IT Risk & Compliance

The Senior Manager, IT Risk & Compliance, provides strategic leadership and hands on execution to strengthen and mature Patterson’s risk, compliance, and governance programs. This role is accountable for delivering measurable outcomes that protect the confidentiality, integrity, and availability of Patterson’s information assets while enabling business objectives. The successful candidate combines deep expertise in risk and compliance with a proven ability to execute, driving initiatives from strategy through implementation and operational adoption. This leader anticipates challenges, removes obstacles, and drives accountability for results while coaching and developing a high performing team that consistently delivers outcomes, embraces ownership, collaborates effectively, and continuously improves how work gets done across the organization.

This is a hybrid position based at Patterson’s headquarters in Mendota Heights, Minnesota, requiring at least two days per week on site, with remote work available on the remaining days as business needs allow.

Essential Functions

To perform this job successfully, an employee must be able to perform each essential function satisfactorily, with or without reasonable accommodation. To request reasonable accommodation, notify Human Resources or the manager who oversees the position.

• Lead and execute the organization's security compliance programs, owning the full lifecycle of control design, implementation, operation, and continuous improvement. Ensure sustainable risk reduction, regulatory compliance, and audit readiness by establishing clear accountability, driving disciplined execution, and resolving issues with urgency.

• Own the enterprise Payment Card Industry Data Security Standard (PCI DSS) compliance program from end to end, including scope management, cardholder data flows, control governance, assessments, remediation, and ongoing compliance. Partners across business and technology teams to drive accountability, close gaps, and deliver measurable outcomes.

• Lead the technical resiliency program by identifying critical systems and recovery requirements, validating disaster recovery objectives, conducting and documenting risk reviews and recovery exercises, and driving remediation activities to strengthen technical resilience.

• Execute and continuously enhance the third-party risk management program by leading vendor security assessments, evaluating control effectiveness, prioritizing remediation, and leveraging automation and AI driven capabilities to improve efficiency, scalability, and risk visibility.

• Drive a high impact security awareness program through targeted education, phishing simulations, employee risk analysis, and measurable interventions that strengthen security culture and improve organizational resilience.

• Lead external assessments and regulatory engagements by partnering with control owners, Internal Audit, and external assessors to demonstrate control effectiveness, coordinate audits, and ensure timely remediation across frameworks including HIPAA, PCI, SOX, and other applicable requirements.

• Own enterprise cyber risk management processes, including risk assessments, exception governance, and approval workflows. Maintain executive dashboards and a centralized risk register that provide actionable insights into risk exposure, mitigation progress, and control performance to support informed decision making.

• Serve as a trusted advisor and thought leader by building strong relationships with industry peers, regulatory bodies, and professional organizations. Translate emerging trends, regulatory developments, and leading practices into practical strategies that strengthen the organization's security and compliance posture.

• Lead, coach, and develop a high performing security risk and compliance team by setting clear expectations, fostering accountability, removing barriers to execution, and building a culture focused on ownership, collaboration, continuous improvement, and results.

Required Qualifications

• Bachelor's degree in Information Security, Cybersecurity, Information Technology, Computer Science, Engineering, or a related field, or equivalent combination of education and relevant work experience.

• Minimum of 9 years of experience in Information Security, Risk, Compliance, or IT Audit, including responsibility for enterprise risk or compliance programs.

• Minimum of 5 years of people leadership experience with direct responsibility for hiring, coaching, performance management, and team development.

• Hands on experience implementing and managing compliance programs aligned with one or more major regulatory frameworks, such as PCI DSS, HIPAA, or SOX.

• Experience developing metrics, dashboards, and reporting that communicate risk posture, control effectiveness, and program performance to leadership.

• Proven ability to lead cross functional initiatives, influence stakeholders, and drive accountability to achieve measurable business outcomes.

• Excellent written and verbal communication skills with the ability to present technical concepts clearly to business and executive audiences.

Preferred Qualifications

• Experience administering or utilizing Governance, Risk, and Compliance (GRC) platforms such as ServiceNow GRC, Vanta, or similar solutions.

• Strong working knowledge of cybersecurity frameworks and control standards, including NIST, ISO 27001, SOC 2, or similar frameworks.

• Experience owning or leading an enterprise PCI DSS compliance program, including scoping, assessments, remediation, and interactions with Qualified Security Assessors (QSAs).

• Experience leveraging automation, AI enabled capabilities, or workflow optimization to improve risk and compliance operations.

The potential compensation range for this role is below. The final offer amount would be based on various factors such as candidate location (geographical labor market), experience, and skills. $123,200.00 - $154,100.00