Job Description

The Director of Governance and Risk will report to the CISO within Advance Auto Parts and will focus on the defining and deploying governance and risk management frameworks across Advance Auto Parts.  

The Director of Governance and Risk will oversee cybersecurity policy, standards, procedures, compliance, ensuring the company adheres to relevant regulations, industry standards, and internal and 3rd party risk management. The ideal candidate will combine expertise in both cybersecurity and risk management disciplines and have exceptional communication and stakeholder management skills.

This position is 4 days in office, 1 day remote per week, based at our corporate headquarters in Raleigh, North Carolina (North Hills) 

The key responsibilities of the role include:

• Develop a short term and long-term comprehensive Governance and Risk Management Strategy
• Develop, communicate, and implement enterprise-wide security policy, standards, procedures, and guidelines.
• Provide strategic guidance to the CISO for the representation of risks to the Board, Audit committee, and ERM
• Lead a team of cyber specialists, providing direction and supporting their development
• Conduct regular risk assessments, including PCI-DSS and SOX, and develop comprehensive risk management plans for various business units and projects
• Support Internal Audit with engagements requiring technology support.
• Vendor Risk Management (VRM): Oversee the VRM integration, including risk reviews, contract management, and ongoing monitoring to manage risks associated with third-party vendors and suppliers
• Support the identification, evaluation, and prioritization of cyber risks across the organization
• Oversee production, reporting and evolution of cyber risk metrics, including Key Performance Indicators (KPIs), scorecards, and Key Risk Indicators (KRIs)
• Conduct risk analysis, providing insights on issues and direction on risk mitigation strategies
• Drive automation, analytics, and continuous improvement of processes
• Engage with a range of senior stakeholders across Lines of Defense to ensure appropriate oversight and reporting of cybersecurity risks and vulnerabilities
• Collaborate with cross-functional teams on cyber risk remediation activities
• Ensure regulatory compliance with frameworks in NIST, SOC 1&2, PCI, SOX, CCPA
• Maintain the database and reporting platform to ensure compliance to our security policies and standards.

Skills/ Qualifications:

• Bachelor’s degree in information security, Computer Science, or a related field; Master’s degree preferred
• Minimum of 12 years of experience in cybersecurity, with a focus on risk management
• Expert in the implementation and operational management of OneTrust, working knowledge of Service Now, and Auditboard.
• Process driven with an extensive knowledge of cyber risk management frameworks, tools, and methodologies
• Master in the ability to “tell a story” through PowerPoint leveraging metrics and creativity for various levels of the enterprise (Board, ERM, Steerco, Business and/or tech leaders)
• Proven experience in senior leadership roles, managing teams, and influencing executive stakeholders, driving outcomes
• Experience in establishing and managing regulatory compliance in NIST, PCI-DSS, SOX, SOC 1/2, CCPA, HIPAA
• Deep understanding in cybersecurity metrics programs that are meaningful and risk/risk posture reporting
• Strategic thinker with a strong understanding of cyber risks, vulnerabilities, and risk mitigation options
• Innovative thinker, adaptable to change, self-driven, aggressive, and detail oriented with the ability to establish true partnerships that drives business enablement while managing risk
• Exceptional communication and executive level presentation skills, capable of translating technical risk into business terms
• Must have the ability to drive enterprise aligned roadmaps focusing on top cyber risks, cyber priorities, industry threats that align to the business
• Excellent analytical, problem-solving, and decision-making skills

California Residents click below for Privacy Notice: