Sign upLog in
Finance Jobs

Director Governance Risk and Compliance

Advance Stores Company

Raleigh, North Carolina

Apply
JOB DETAILS
SKILLS
Alliance/Partner Management, Analysis Skills, Automation, Business Plan, Computer Science, Computer Security, Continuous Improvement, Contract Management, Contract Review, Cross-Functional, Database Administration, Detail Oriented, Enterprise Protection, Establish Priorities, HIPAA (Health Insurance Portability and Accountability Act), Industry Standards, Information/Data Security (InfoSec), Internal Audit, Internet Security, Leadership, Maintain Compliance, Management Strategy, Metrics, Microsoft PowerPoint, Operations Management, PCI, PCI-DSS, Parts Sales, Performance Metrics, Presentation/Verbal Skills, Problem Solving Skills, Process Improvement, Production Control, Regulations, Regulatory Compliance, Risk, Risk Analysis, Risk Management, Risk Management Framework (RMF), Sarbanes-Oxley Act (SOX), Scorecarding, Security Compliance, Security Policy, ServiceNow, Team Lead/Manager, Technical Support, U.S. National Institute of Standards and Technology (NIST), Web Analytics, Web Application Framework
LOCATION
Raleigh, North Carolina
POSTED
23 days ago

Job Description

The Director of Governance and Risk will report to the CISO within Advance Auto Parts and will focus on the defining and deploying governance and risk management frameworks across Advance Auto Parts.  

The Director of Governance and Risk will oversee cybersecurity policy, standards, procedures, compliance, ensuring the company adheres to relevant regulations, industry standards, and internal and 3rd party risk management. The ideal candidate will combine expertise in both cybersecurity and risk management disciplines and have exceptional communication and stakeholder management skills.

This position is 4 days in office, 1 day remote per week, based at our corporate headquarters in Raleigh, North Carolina (North Hills) 

The key responsibilities of the role include:

  • Develop a short term and long-term comprehensive Governance and Risk Management Strategy
  • Develop, communicate, and implement enterprise-wide security policy, standards, procedures, and guidelines.
  • Provide strategic guidance to the CISO for the representation of risks to the Board, Audit committee, and ERM
  • Lead a team of cyber specialists, providing direction and supporting their development
  • Conduct regular risk assessments, including PCI-DSS and SOX, and develop comprehensive risk management plans for various business units and projects
  • Support Internal Audit with engagements requiring technology support.
  • Vendor Risk Management (VRM): Oversee the VRM integration, including risk reviews, contract management, and ongoing monitoring to manage risks associated with third-party vendors and suppliers
  • Support the identification, evaluation, and prioritization of cyber risks across the organization
  • Oversee production, reporting and evolution of cyber risk metrics, including Key Performance Indicators (KPIs), scorecards, and Key Risk Indicators (KRIs)
  • Conduct risk analysis, providing insights on issues and direction on risk mitigation strategies
  • Drive automation, analytics, and continuous improvement of processes
  • Engage with a range of senior stakeholders across Lines of Defense to ensure appropriate oversight and reporting of cybersecurity risks and vulnerabilities
  • Collaborate with cross-functional teams on cyber risk remediation activities
  • Ensure regulatory compliance with frameworks in NIST, SOC 1&2, PCI, SOX, CCPA
  • Maintain the database and reporting platform to ensure compliance to our security policies and standards.

Skills/ Qualifications:

  • Bachelor’s degree in information security, Computer Science, or a related field; Master’s degree preferred
  • Minimum of 12 years of experience in cybersecurity, with a focus on risk management
  • Expert in the implementation and operational management of OneTrust, working knowledge of Service Now, and Auditboard.
  • Process driven with an extensive knowledge of cyber risk management frameworks, tools, and methodologies
  • Master in the ability to “tell a story” through PowerPoint leveraging metrics and creativity for various levels of the enterprise (Board, ERM, Steerco, Business and/or tech leaders)
  • Proven experience in senior leadership roles, managing teams, and influencing executive stakeholders, driving outcomes
  • Experience in establishing and managing regulatory compliance in NIST, PCI-DSS, SOX, SOC 1/2, CCPA, HIPAA
  • Deep understanding in cybersecurity metrics programs that are meaningful and risk/risk posture reporting
  • Strategic thinker with a strong understanding of cyber risks, vulnerabilities, and risk mitigation options
  • Innovative thinker, adaptable to change, self-driven, aggressive, and detail oriented with the ability to establish true partnerships that drives business enablement while managing risk
  • Exceptional communication and executive level presentation skills, capable of translating technical risk into business terms
  • Must have the ability to drive enterprise aligned roadmaps focusing on top cyber risks, cyber priorities, industry threats that align to the business
  • Excellent analytical, problem-solving, and decision-making skills
We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age national origin, religion, sexual orientation, gender identity, status as a veteran and basis of disability or any other federal, state or local protected class. We comply with all applicable federal, state, and local laws.

California Residents click below for Privacy Notice:

About the Company

A

Advance Stores Company

Similar Job Searches

Asset Manager JobsBudget Analyst JobsCash Manager JobsCost Analyst JobsCredit Analyst JobsCredit Coordinator JobsCredit Manager JobsCredit Officer JobsCredit Risk Manager JobsDirector Of Finance Jobs