Manager, PMT - GRC Compliance (Hybrid - Seattle, WA)
Seattle WA
Full Time Mid-level / Intermediate USD 141K - 258K
Nordstrom
Job Description
As our Technology Compliance Manager, you will be responsible for building and executing our vision for regulatory compliance at Nordstrom. Working with a team of talented program managers, you will coordinate and run our annual PCI, HIPAA, IT SOX, and other regulatory assessments across the Nordstrom environment as well as support continuous compliance against our information security policies and standards. You will mature our program through the implementation of our common control framework, looking for ways to streamline and improve the efficiency and effectiveness of our compliance processes. You will provide guidance and thought leadership on our technical approach to meeting disparate requirements and will use data to direct the focus of continuous compliance efforts. Along the way, you will support and develop a team of compliance professionals, fostering a collaborative and trusting environment that allows each team member to meet their full potential. The ideal candidate will have deep knowledge of regulatory compliance domains along with a balance of technical leadership and people management skills.
This role is hybrid. Candidates must be willing to work in office at the Seattle, WA headquarters a minimum of 3 days/week to be considered for this position.
A day in the life...
Managing all regulatory security compliance assessments including:
Execution of multiple PCI Level 1 Merchant assessment annually, across all brands and channels
Execution of annual HIPAA audits
Execution of annual IT SOX audits
Ownership of relationships with regulators and internal/external auditors
Providing guidance and best practices to Nordstrom engineers and leadership on how to effectively meet regulatory requirements
Providing input on our security policies and standards to ensure compliance with regulatory requirements
Developing and delivering metrics and measurements of compliance posture and assessment status for all channels
Supporting our Common Control Framework within compliance activities to improve efficiency of control testing efforts
Coordinating with our Internal Audit partners to improve our SOX and SOC audits
Setting the roadmap and vision for the Compliance team, collaborating with the broader Governance, Risk, and Compliance group
Improving our control posture, year over year, through measurement, prioritization, communication, and collaboration with partner teams
Developing and fostering a healthy and collaborative culture for your team that embodies both industry best practices and Nordstrom values
Growing and developing an incredible team of talented and motivated program managers and engineers with high expectations around individual ownership and impact
You own this if you have...
Broad and deep understanding of the retail business domain, including experience with online, phone order, and physical store sales channels
Knowledge of PCI assessment processes and requirements at a Level 1 merchant, including data centers, retail locations, call centers, and cloud computing environments
Working experience with security risk management frameworks including related regulatory compliance requirements (NIST CSF & 800-53, ISO27001 and ISO27002, SOX, HIPAA, PCI, CCPA, etc.)
Knowledge of how regulatory requirements can be met across a diverse set of technical environments—from legacy mainframe computers to containers in the cloud
Excellent written and verbal communications, including presentation skills, are important to be successful in this role. Proven ability to effectively communicate with all levels of the organization, as well as with external parties
Ability to foster collaborative, open, working relationships with technology and other stakeholders
Demonstrable ability to establish a vision, define a roadmap, and to execute on it
Pragmatism. You can prioritize, simplify, and make a path toward results
Proactive mindset. You seek the best solution for the company and customer and take action without being directed
Capability to truly listen to our customers and partners, internalize their needs and develop simple and elegant solutions that they can’t live without
A bias towards action guided by evidence-based decision-making mindset
Current PCI ISA certification for a retail corporation preferred
5+ years of experience in retail security compliance preferred
Internal Audit experience preferred
We’ve got you covered…
Our employees are our most important asset and that’s reflected in our benefits. Nordstrom is proud to offer a variety of benefits to support employees and their families, including:
- Medical/Vision, Dental, Retirement and Paid Time Away
- Life Insurance and Disability
- Merchandise Discount and EAP Resources
A few more important points...
The job posting highlights the most critical responsibilities and requirements of the job. It’s not all-inclusive. There may be additional duties, responsibilities and qualifications for this job.
Nordstrom will consider qualified applicants with criminal histories in a manner consistent with all legal requirements.
Applicants with disabilities who require assistance or accommodation should contact the nearest Nordstrom location, which can be identified at www.nordstrom.com.
© 2022 Nordstrom, Inc
Current Nordstrom employees: To apply, log into Workday, click the Careers button and then click Find Jobs.
Pay Range Details
The pay range(s) below are provided in compliance with state specific laws. Pay ranges may be different in other locations.
Washington: $141,000 - $258,000 AnnuallyThis position may be eligible for performance-based incentives/bonuses. Benefits include 401k, medical/vision/dental/life/disability insurance options, PTO accruals, Holidays, and more. Eligibility requirements may apply based on location, job level, classification, and length of employment. Learn more in the Nordstrom Benefits Overview by copying and pasting the following URL into your browser: https://careers.nordstrom.com/pdfs/Ben_Overview_17-19.pdfTags: Audits CCPA Cloud Compliance Governance HIPAA ISO 27001 ISO 27002 Mainframe NIST NIST 800-53 Risk management SOC SOX
Perks/benefits: Health care Insurance Salary bonus Team events
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.