Please note this position is based in our Phoenix, AZ Support Office. The IT Compliance Manager is responsible for ensuring Sprouts’ IT systems, policies, and processes adhere to applicable legal, regulatory, and industry standards. This role owns IT compliance frameworks including PCI DSS, NIST CSF, and SOX, regulatory adherence, and continuous improvement across the organization. The ideal candidate is self-directed, takes initiative to identify and resolve inefficiencies, and operates with confidence and accountability. This role serves as a cybersecurity culture champion, helping cultivate an empowered security culture where security awareness is integrated into the fabric of the organization and each team member is equipped to protect information assets.
Essential Functions:Team Leadership
· May lead/mentor compliance analysts.
· Assign and prioritize workload across compliance initiatives, audits, and remediation efforts.
· Conduct performance evaluations and support professional growth and certification goals.
· Accountable for prioritization of compliance activities and delivery of audit milestones.
SOX Compliance (ITGC / IT-Dependent Controls)
· Own and continuously refine SOX IT control design, documentation, and operating cadence, including control narratives, evidence expectations, and control owner alignment.
· Coordinate SOX audit evidence collection, perform quality review, and provide gap analysis and status reporting to stakeholders.
· Drive deficiency and remediation management, including action plan tracking, validation of corrective actions, and audit readiness.
· Proactively identify and resolve process inefficiencies in evidence collection and audit workflows.
· Deliver SOX evidence packages on time with minimal rework.
PCI-DSS Compliance
· Coordinate PCI-DSS compliance activities including audit preparedness, evidence management, and cross-functional alignment to maintain PCI-DSS posture.
· Maintain PCI-DSS program documentation (policies, standards, and procedures as applicable) and track compliance requirements across IT and security control owners.
· Drive PCI-DSS audit readiness and coordinate annual assessments with external QSAs and internal stakeholders.
Policy Maintenance, Lifecycle, and Enforcement
· Own the information security policy lifecycle (draft, review, approval, publish, attestation, and exception handling) and ensure policies are maintained, communicated, and measurable.
· Coordinate policy enforcement mechanisms with technical owners (standards, baselines, procedural controls, and compliance reporting) and maintain audit-ready documentation.
Security Awareness and Phishing Simulation Program Ownership
· Own enterprise security awareness program strategy, annual plan, and compliance tracking, including completion rates, effectiveness measurement, targeted campaigns, and culture alignment.
· Own the phishing simulation and testing program, including scenario design cadence, targeting strategy, results reporting, and continuous improvement actions.
Audit and Compliance Program Operations
· Coordinate internal and external audits and assessments (SOX, PCI-DSS, NIST-aligned assessments, penetration tests, and targeted control audits), including evidence management and stakeholder coordination.
· Build and maintain compliance reporting (dashboards, metrics, KRIs/KPIs, issue tracking) to provide transparency into compliance status, risks, and remediation progress.
· Provide gap analysis between security policies, standards, regulations, and actual practices, processes, and solutions. Recommend actions to management and track remediation.
· Partner with IT and business partners to prioritize and drive process improvements that remediate or mitigate control gaps and compliance findings.
Change Governance / CAB
· Coordinate weekly CAB meetings and drive Change Control processes to ensure SOX and security control requirements are met, including documentation, evidence, and audit alignment with existing change control policy.
Incident Response Support
· Support incident response by advising on compliance and control impact, evidence retention, and audit trail requirements, in partnership with Security Operations.
Knowledge, Skills, Abilities and Physical Requirements:
· Four-year degree or equivalent experience in a related field (e.g., Information Technology, Computer Science, Management Information Systems, or equivalent industry experience).
· 5+ years of experience in IT compliance, IT audit, or information security, with at least 1-2 years in a supervisory or lead capacity.
· Demonstrated working knowledge of PCI DSS, NIST CSF, and SOX requirements.
· Hands-on experience with SOX ITGC testing, evidence coordination, and deficiency management.
· Experience developing and maintaining IT policies and procedures.
· Strong understanding of risk assessment methodologies and mitigation planning.
· Experience with change management processes and CAB governance.
· Demonstrated ability to work independently, make confident decisions, and drive improvements without constant direction.
Preferred
- Relevant certifications such as CISA or CRISC.
· Experience in the retail or grocery industry.
· Experience with ServiceNow and KnowBe4.
· Experience managing security awareness and phishing simulation platforms.
· Familiarity with GRC (Governance, Risk, and Compliance) platforms.
· Experience working with Big 4 or external audit firms, including coordinating walkthroughs and evidence requests.
Competencies
· Communication: Convey information, ideas, and feedback clearly and concisely in an engaging manner that helps others understand and retain the message; listening actively to others.
· Customer Focus: Place a high priority on the customer’s perspective when making decisions and taking action; implementing service practices that meet the customers' and own organization’s needs.
· Driving for Results: Set SMART goals and measure progress; tenaciously working to meet or exceed goals and making continuous improvement. Seeking innovative ways to solve problems that result in unique and differentiated solutions.
· Positive Approach: Demonstrate a positive attitude in the face of difficult or challenging situations; provide an uplifting (yet realistic) outlook on what the future holds and the opportunities it might present.
· Coaching and Developing Others: Engaging team members and teams in developing and committing to individual development plans that target specific behaviors, skills, or knowledge needed to ensure performance improvement or prepare for success in new responsibilities; planning and supporting the development of individual skills and abilities.
#LI-NA1
Benefits:In addition to a rewarding career, Sprouts offers a comprehensive program to help support you and your family. These programs include:
Eligibility requirements may apply for the following benefits:
Get Paid Every Day!
Sprouts Farmers Market offers DailyPay - if you’re hired as an eligible employee, you’ll be able to transfer the money you’ve already earned at no extra cost, and get it the next business day, for free. We offer DailyPay so you don’t have to wait for payday to access the money you’ve already worked for. With DailyPay, you can see how much you’ve made every day and you can transfer your money any time before payday.
You can learn more by visiting https://www.dailypay.com/partners/sprouts-farmers-market/.
Why Sprouts:Grow with us!
If you have a passion for inspiring people and a flair for fresh food, consider applying for a job at Sprouts! With a focus on customer service, our neighborhood grocery stores offer high-quality, farm fresh produce, natural meats, plenty of scoop-your-own bulk goods and much more in a fun, friendly, old-fashioned farmer’s market setting. Come grow your career in healthy living with a fast-paced, rapidly growing company and teams that pride themselves on empowering others along their journey.
The above statements are intended to describe the general nature and level of the work being performed by people assigned to this work. This is not an exhaustive list of all duties, responsibilities, and requirements. Sprouts’ management reserves the right to amend and change duties, responsibilities, and requirements to meet business and organizational needs as necessary.
Sprouts will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of the Fair Chance in Hiring Ordinance.
California Residents: We collect information in accordance with California law, please see here for more information.
It's Healthy Living for Less! An impeccable eye for what's next in nutrition. A continuous drive to go the extra mile. Sprouts Farmers Market works to deliver the best possible shopping experience, helping customers live a healthy lifestyle at an affordable price—not just buy groceries. Sprouts is a healthy grocery store offering fresh, natural and organic foods at great prices. Since 2002, we've been committed to providing our customers with the best-in-class service—and to improving it every day. This commitment has taken us from a small grocery store in Chandler, Ariz. to the leading food retailer we are today. We're proud to serve customers in 10 states with more than 190 stores. Additionally, we strive to be the ultimate healthy living resource with recipes, how-to videos, wellness webinars and compelling content on sprouts.com. Our social media sites and email subscriptions give customers exclusive access to health tips, product information, and web-only coupons for extra savings. Our money-back guarantee, online experiences and product promotions allow us to serve more customers in fresh, new ways. We believe food is an industry of innovation, and in that spirit we are flexible, adaptable and responsive. Foods change. Tastes change. Times change. But our commitment to happy, healthy customers will never change.