Job Description

The Senior Director of Governance, Risk, and Compliance will report to the Global CISO within Advance Auto Parts and will focus on the measurement, analysis, oversight and reporting of cybersecurity risks and controls.

The Senior Director of GRC will lead the Cyber Risk team, and will be responsible for the ownership, operation and optimization of the team’s policies, standards, risk identification, assessment and reporting processes. The ideal candidate will combine expertise in both cybersecurity and risk management disciplines and have exceptional communication and stakeholder management skills.

The Senior Director of Governance, Risk, and Compliance will play a key role in the leadership of that team and the organization’s compliance to our security standards. This position is based in Raleigh, NC and part of a Hybrid work arrangement, requiring four days/week in office.

ESSENTIAL DUTIES AND RESPONSIBILITIES include the following: other duties may be assigned:

• Develop a short term and long term comprehensive GRC Strategy

• Develop, communicate, and implement enterprise-wide security policies, standards, procedures, and guidelines.

• Provide strategic guidance to the CISO for representing risks to the Board, Audit Committee, and ERM

• Lead and develop a team of high-performing cyber risk specialists

• Lead the identification, evaluation, and prioritization of cyber risks across the organization

• Oversee production, reporting and evolution of cyber risk metrics, including Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs)

• Conduct cyber risk assessments and provide reporting to a range of senior stakeholders

• Conduct cyber maturity assessments and provide reporting to a range of senior stakeholders

• Conduct risk analysis, providing insights on issues and direction on risk mitigation strategies

• Drive automation, analytics, and continuous improvement of processes

• Engage with a range of senior stakeholders across Lines of Defense to ensure appropriate oversight and reporting of cybersecurity risks

• Collaborate with cross-functional teams on cyber risk assessment and remediation activities

• Ensure regulatory compliance with frameworks in NIST, SOC 1/2, PCI, SOX, CCPA

• Oversee security audits / Partner with Internal Audit

• Represent cybersecurity in the Enterprise Risk Management committee

• Create a comprehensive security awareness program.

• Report on and ensure compliance to our security policies and standards through a robust compliance program.

QUALIFICATIONS:

• Extensive knowledge of cyber risk management frameworks and methodologies

• Proven experience in leadership roles, managing teams, and influencing executive stakeholders

• Experience in establishing and managing regulatory compliance in NIST, PCI-DSS, SOX, SOC 1/2, CCPA, HIPAA

• Strategic thinker with a strong understanding of cyber threats, vulnerabilities, and risk mitigation options

• Innovative thinker and adaptable to change

• Exceptional communication and presentation skills, capable of translating technical risk into business terms

• Excellent analytical, problem-solving, and decision-making skills

EDUCATION AND EXPERIENCE REQUIREMENTS:

• Bachelor’s degree in Information Security, Computer Science, or a related field; Master’s degree preferred

• Minimum of 10 years of experience in cybersecurity, with a focus on risk management

• Relevant certifications such as CISSP, CISM, CRISC or similar

California Residents click below for Privacy Notice: