Sign upLog in
JobsJobs in North CarolinaJobs in Raleigh, NCInformation Technology and Internet JobsIT Jobs

Sr. Manager, Information Security

Advance Stores Company

Raleigh, North Carolina

Apply
JOB DETAILS
SKILLS
Analysis Skills, Automation, CDE (Common Desktop Environment), CISA - Certified Information Systems Auditor, CISSP - Certified Information Systems Security Professional, Cloud Computing, Communication Skills, Computer Security, Continuous Improvement, Customer/Client Research, Detail Oriented, External Audit, HIPAA (Health Insurance Portability and Accountability Act), ISA Standards, Information Technology & Information Systems, Information Technology/Systems Audit, Information/Data Security (InfoSec), Internal Audit, Internet Security, Leadership, Legal, Maintain Compliance, Matrix Management, Metrics, PCI, PCI-DSS, People Management, Performance Analysis, Privacy Regulations, Regulations, Regulatory Requirements, Reporting Dashboards, Retail, Risk, Risk Management, Sales, Security Auditing, Service Level Agreement (SLA), State Laws and Regulations, Time Management, Training/Teaching, U.S. National Institute of Standards and Technology (NIST)
LOCATION
Raleigh, North Carolina
POSTED
23 days ago

Job Description

Role Summary

The Cybersecurity Compliance Manager is responsible for designing, operating, and continuously improving the company’s cybersecurity compliance program within a large‑scale retail environment. This role leads the day‑to‑day execution of compliance activities using the OneTrust GRC platform, with a strong focus on automation, controls monitoring, and audit‑ready evidence generation.

The role ensures enterprise alignment with NIST Cybersecurity Framework (CSF) and regulatory requirements including PCI DSS, HIPAA, and U.S. state privacy regulations (CCPA/CPRA).

This role is hybrid and based in our corporate headquarters in Raleigh, NC.

Key Responsibilities

Cybersecurity Compliance Program Execution

  • Operate and mature the enterprise cybersecurity compliance program aligned to NIST CSF and applicable regulatory frameworks (PCI DSS, HIPAA, CCPA/CPRA).
  • Translate regulatory and framework requirements into clear, monitored internal controls mapped to business systems and processes.
  • Serve as a subject matter expert for cybersecurity control compliance across IT, cloud, retail, e‑commerce, and corporate environments.
  • Lead day‑to‑day use of the OneTrust GRC compliance modules, including:
    • Control libraries and framework mappings
    • Automated evidence collection and surveys
    • Workflow‑driven control testing and remediation tracking
    • Compliance reporting and dashboards
  • Implement and enhance automation to reduce manual effort and eliminate point‑in‑time compliance gaps.
  • Partner with IT, Audit and Security teams to integrate OneTrust with upstream systems where feasible (e.g., vulnerability management, asset inventories).

Controls Monitoring & Assurance

  • Establish and operate a continuous controls monitoring (CCM) model in dynamic retail and cloud environments.
  • Monitor control performance, SLA adherence, and exception trends across in‑scope systems (e.g., PCI environments, customer data platforms).
  • Track control effectiveness metrics and produce regular compliance reporting for leadership.
  • Coordinate and support internal and external audits and assessments, including:
    • PCI DSS attestations
    • HIPAA risk and compliance reviews
    • Privacy regulatory inquiries and assessments
  • Maintain audit‑ready evidence within OneTrust and drive timely remediation of findings.
  • Partner with IT, Internal Audit, Legal, and Privacy to ensure consistent interpretation and execution of control requirements.
  • Work closely with system owners, IT leaders, cybersecurity team, and business partners to ensure controls are properly implemented and operated.
  • Assign control ownership, track accountability, and facilitate risk acceptance where appropriate.
  • Provide guidance and training to control owners on compliance expectations, evidence requirements, and remediation processes.

Required Qualifications

  • 6+ years of experience in cybersecurity compliance, GRC, or IT risk management, preferably in a retail or consumer‑facing enterprise.
  • Strong working knowledge of:
    • NIST Cybersecurity Framework (CSF)
    • PCI DSS
    • HIPAA Security Rule
    • CCPA/CPRA and U.S. privacy obligations
  • Experience supporting audits and regulatory assessments in complex, distributed environments.

Preferred Qualifications

  • Hands‑on experience with OneTrust GRC (or comparable GRC platforms) including compliance automation and evidence workflows.
  • Experience implementing continuous controls monitoring (CCM) or security metrics programs.
  • Retail industry experience supporting point‑of‑sale (POS), e‑commerce, or cardholder data environments (CDE).
  • Familiarity with third‑party risk and vendor compliance monitoring.
  • Relevant certifications (preferred, not required):
    • CISA, CISSP, CRISC, PCI ISA, or similar.

Key Competencies

  • Strong analytical and risk‑based thinking
  • Ability to translate regulatory language into practical, business‑aligned controls
  • Excellent stakeholder communication and influence skills
  • Detail‑oriented with a strong audit and evidence mindset
  • Comfortable operating in fast‑moving, matrixed retail organizations
We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age national origin, religion, sexual orientation, gender identity, status as a veteran and basis of disability or any other federal, state or local protected class. We comply with all applicable federal, state, and local laws.

California Residents click below for Privacy Notice:

About the Company

A

Advance Stores Company

Similar Job Searches

Application Analyst JobsComputer Analyst JobsComputer Consultant JobsComputer Operator JobsComputer Specialist JobsComputer Systems Specialist JobsComputer Technician JobsConfiguration Analyst JobsConfiguration Manager JobsDeployment Manager Jobs