Director, Technology Compliance

8116 - Midtown Office - 2220 W. Broad Street, Richmond, Virginia, 23220

CarMax, the way your career should be! 

Do you want to play a key role in enhancing the Cybersecurity program for a Fortune 100 company and national brand that has also been listed on the Fortune 100 Best Places to Work for the past 20 years in a row. Do you enjoy working in a collaborative environment where your experience and ideas can shape the direction and development of critical cybersecurity compliance capabilities?

Do you want to work with a team of talented professionals that have highly advanced technical knowledge and be the subject matter expert in technology compliance governance and audit compliance?

Then your job search begins and ends here….

Who we are looking for:

We are seeking a strategic and experienced Director of Technology Compliance with proven leadership skills, advanced subject matter expertise in IT compliance management, information security controls and IT auditing to lead our organization's compliance program across all Technology and Cybersecurity operations. This critical leadership role will be responsible for overseeing the development, implementation, and maintenance of compliance strategy, mission, frameworks, and roadmap that align with industry standards and regulatory requirements, ensuring the integrity, security, and reliability of our IT systems and data. This is a unique opportunity to join a Fortune 100 company and national brand to expand your skills and influence in the Cybersecurity Program.

The ideal candidate will possess deep knowledge of technology-related regulations, standards, and best practices, and be versed in negotiations with external assessors and influencing broadly.  Perform highly advanced work, providing direction and guidance to leadership across different business areas throughout CarMax and its strategic partners. This position is responsible for ensuring that all technology initiatives and operations are compliant with applicable laws, regulations, and standards which govern publicly traded companies, retailers and financial institutes.

The IT Compliance Director’s primary responsibility is to provide compliance direction and assurance across the technology controls landscape to peers and senior leadership. This includes removing roadblocks to team success, strong collaboration with peers and business partners at all levels of the organization, strategic planning, and development of team members. Oversee and ensure the delivery of high-quality compliance and audit results, leading best-in-class SOX/ITGC, and IT compliance strategies to accomplish goals.  You will be responsible for setting the direction, the design, and administration of the CarMax Compliance Mission, framework, strategic roadmap and processes, with a high concentration on Sarbanes-Oxley (SOX) and other regulatory compliance requirements including a continuous monitoring program to demonstrate program effectiveness.  You will be overseeing an ever-evolving landscape, collaborating, and aligning regularly with internal and external stakeholders in a fast-paced environment that builds strong partnerships to ensure that technology delivers business value and enables the achievement of compliance objectives and key results.

The Day to Day:

Lead the creation, implementation, and oversight of a strategic compliance program to ensure organizational adherence to legal, regulatory, and internal standards.

Develop and execute a multi-year risk-based IT compliance plan endorsed by the CISO.

Develop and maintain the framework for technology compliance management including validation and classification methods, comprehensive IT compliance policies and procedures for technology to ensure and enforce compliance with all company policies, state and national regulations.

Evaluate the adequacy and effectiveness of the companies' internal financial, administrative, and operational information systems policies and controls. Ascertain the extent to which company assets are accounted for and safeguarded from inappropriate modifications or losses across lines of business.

Align recruiting, mentoring, and developing of the compliance analyst team with business goals, managing support and implementing strategic goals within IT.  Foster strong team collaboration and conflict resolution, aligning efforts with CarMax’s technical and business standards.

Serve as trusted advisor and technology key controls subject matter expert.

Oversee the IT compliance team in the execution of testing, controls assessment and documentation across all domains for IT General Controls, SOX, PCI DSS, Data Privacy, HIPAA among others, to evaluate the effectiveness of existing controls, pinpointing control weaknesses and steering leaders on remediation.   

Oversee and coordinate internal and external audits across the technology teams and lead external business partner compliance assessments.

Prepare and present clear and concise compliance reports to steering committee and senior management.

As an integral member of the team, exhibiting ownership, follow through, initiative, awareness and effective communication with peers and management and ability to speak to details of compliance.

Exemplify leadership in team development and support professional growth.  Foster organizational maturity.

Champions technical compliance with cybersecurity related regulatory requirements (GLBA, CFPB, SOX, PCI, PII, NYDFS, HIPAA, etc) across the company by demonstrating ownership of the design aspects of the compliance lifecycle.

Collaborate broadly with Technology, Audit, Finance and third parties for assessment improvements.

Spearhead IT compliance training and awareness programs on technology compliance across the organization to foster a culture of compliance and ethical technology use with proven results.

Maintain a strong knowledge base and awareness of industry trends and emerging threats while also keeping a keen eye to changing external regulations to adapt core compliance processes accordingly.

Education and/or Experience:

Bachelor’s degree in Technology, Computer Science, Business, or a related field.

Master’s degree or relevant professional certification (e.g., CIA, CIPP, CRISC, CISM, GIAC, CISSP) is preferred. CISA required.

A minimum of 10 years of leadership experience in technology audit, compliance, in a publicly traded company with a concentration on SOX ITGC’s and PCI.

Extensive knowledge of auditing standards, relevant regulations and standards (e.g., GLBA, SOX, CFPB, NIST, COBIT, CIS, ISO 27001/2, HIPAA, CCPA, PCI-DSS) governing technology and data security in retail and financial context.

Excellent analytical, problem-solving, and decision-making skills; high level of accuracy and attention to detail.

Strong leadership and organizational skills; ability to manage multiple projects and teams in a fast-paced environment.

Exceptional interpersonal and communication skills, both written and verbal, with the ability to explain complex compliance issues to stakeholders at all levels.

Demonstrated leadership - ability to gain consensus across teams without direct reporting responsibility.

Strong leadership skills, with the ability to manage and mentor a team of compliance professionals.

Dedication and commitment to top-quality service and to exceeding customer expectations.

Proven ability to influence without authority the compliance direction of others. 

Proven ability to effectively communicate prevention and remediation approaches via leading practices.

Ability to build relationships that help overcome obstacles and time constraints to successfully deliver remediation to completion.

Demonstrated ability to assess alternative technology compliance approaches and methodologies while assessing Compliance both quantitatively and qualitatively to meet the business needs.

Work Location and Arrangement: This role will be based out of the Richmond, VA Technology Innovation Center and have a Hybrid work arrangement. 

Work Authorization:  Applicants must be currently authorized to work in the United States on a full-time basis. 

About CarMax 

CarMax disrupted the auto industry by delivering the honest, transparent and high-integrity experience customers want and deserve. This innovative thinking around the way cars are bought and sold has helped us become the nation’s largest retailer of used cars, with over 200 locations nationwide. 

Our amazing team of more than 25,000 associates work together to deliver iconic customer experiences. Along the way, we help every associate grow their career and achieve their best, at work and in their community.  We are recognized for our commitment to training and diversity and are one of the FORTUNE 100 Best Companies to Work For®. 

Our Commitment to Diversity and Inclusion:  

CarMax is committed to bringing together people from different backgrounds and perspectives, providing employees with a safe, welcoming, and inclusive work environment. 

CarMax is an equal opportunity employer, and all qualified candidates will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity, genetic information, national origin, protected veteran status, disability status, or any other characteristic protected by law. 

Upon an applicant's request, CarMax will consider reasonable accommodation to complete the CarMax Job Application.