The Senior Director of Governance, Risk, and Compliance will report to the Global CISO within Advance Auto Parts and will focus on the measurement, analysis, oversight and reporting of cybersecurity risks and controls.
The Senior Director of GRC will lead the Cyber Risk team, and will be responsible for the ownership, operation and optimization of the team’s policies, standards, risk identification, assessment and reporting processes. The ideal candidate will combine expertise in both cybersecurity and risk management disciplines and have exceptional communication and stakeholder management skills.
The Senior Director of Governance, Risk, and Compliance will play a key role in the leadership of that team and the organization’s compliance to our security standards. This position is based in Raleigh, NC and part of a Hybrid work arrangement, requiring four days/week in office.
ESSENTIAL DUTIES AND RESPONSIBILITIES include the following: other duties may be assigned:
Develop a short term and long term comprehensive GRC Strategy
Develop, communicate, and implement enterprise-wide security policies, standards, procedures, and guidelines.
Provide strategic guidance to the CISO for representing risks to the Board, Audit Committee, and ERM
Lead and develop a team of high-performing cyber risk specialists
Lead the identification, evaluation, and prioritization of cyber risks across the organization
Oversee production, reporting and evolution of cyber risk metrics, including Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs)
Conduct cyber risk assessments and provide reporting to a range of senior stakeholders
Conduct cyber maturity assessments and provide reporting to a range of senior stakeholders
Conduct risk analysis, providing insights on issues and direction on risk mitigation strategies
Drive automation, analytics, and continuous improvement of processes
Engage with a range of senior stakeholders across Lines of Defense to ensure appropriate oversight and reporting of cybersecurity risks
Collaborate with cross-functional teams on cyber risk assessment and remediation activities
Ensure regulatory compliance with frameworks in NIST, SOC 1/2, PCI, SOX, CCPA
Oversee security audits / Partner with Internal Audit
Represent cybersecurity in the Enterprise Risk Management committee
Create a comprehensive security awareness program.
Report on and ensure compliance to our security policies and standards through a robust compliance program.
QUALIFICATIONS:
Extensive knowledge of cyber risk management frameworks and methodologies
Proven experience in leadership roles, managing teams, and influencing executive stakeholders
Experience in establishing and managing regulatory compliance in NIST, PCI-DSS, SOX, SOC 1/2, CCPA, HIPAA
Strategic thinker with a strong understanding of cyber threats, vulnerabilities, and risk mitigation options
Innovative thinker and adaptable to change
Exceptional communication and presentation skills, capable of translating technical risk into business terms
Excellent analytical, problem-solving, and decision-making skills
EDUCATION AND EXPERIENCE REQUIREMENTS:
Bachelor’s degree in Information Security, Computer Science, or a related field; Master’s degree preferred
Minimum of 10 years of experience in cybersecurity, with a focus on risk management
Relevant certifications such as CISSP, CISM, CRISC or similar
#LI-LM1
California Residents click below for Privacy Notice:
https://jobs.advanceautoparts.com/us/en/disclosures