Senior Director - Technology Governance, Risk, & Compliance (REMOTE)

At DICK’S Sporting Goods, we believe in how positively sports can change lives. On our team, everyone plays a critical role in creating confidence and excitement by personally equipping all athletes to achieve their dreams.  We are committed to creating an inclusive and diverse workforce, reflecting the communities we serve.

If you are ready to make a difference as part of the world’s greatest sports team, apply to join our team today!

OVERVIEW:

This position will shape our security strategy, ensuring compliance with regulatory standards and managing risks across Dicks Sporting Goods. The incumbent will work with key executives, management and staff across the organization to minimize the impact of disasters or other business disruptions by proactively identifying and mitigating risks through the establishment and implementation of policies and guidelines. This position is responsible for leading and coordinating all business continuity activities. Additionally, this role will lead the evaluation and selection of vendors to ensure service level agreements meet business continuance and disaster recovery planning requirements.

Security Leadership:

• Articulate a clear vision for the transformation of technology governance, risk management, and compliance that aligns with overall strategic goals of the company and Tech organization, ensuring security considerations are integrated into all business processes and initiatives, and with a focus on simplification and automation for scale.

• Collaboratively design, implement, and oversee adherence to policies, procedures, technical standards, and required control based on the NIST Cybersecurity Framework (CSF).

• Manage new GRC improvement initiatives and projects to include scope, roadmap, budget, staffing, and contracts.

Program Management:

• Manage the Compliance program to include assisting teams prepare and respond to internal and external audits, represent the security organization, and explore opportunities to automate control testing and attestation. Compliance regimes include Sarbanes-Oxley (SOX), Payment Card Information / Digital Security Standard (PCI / DSS), various Privacy laws, existing contract obligations, and any new regulations that become applicable to the business.

• Manage the Information and technology Risk Management program to include risk assessments, threat modeling, risk reviews, mitigation oversight, documentation in the risk register, and presentation of technical risks to business outcomes to facilitate risk-informed business decisions.

• In partnership with key business stakeholder, manage the Business Continuity and Disaster Recovery program to include business continuity plan (BCP) development, testing, and execution across the company. Focus should be on shifting from reactive mechanisms to proactive resiliency mechanisms through automated detection and failover, scaling, and self-healing.

• Manage the Vulnerability Management program to include system, network, and application scanning, notification and tracking of remediation efforts, and with a focus on risk (criticality, exploitability, and organizational architecture context) through automated patching and remediation where feasible.         

• In partnership with Procurement, manage the Third-Party Risk Management (TPRM) program as part of the evaluation and selection of vendor products and services that meet business service level agreements and organizational standards. This includes risk and compliance assessment through standardized questionnaires, compliance attestations, audit reports, and interviews. Provide this contextualized risk assessment with recommendations to remediate unacceptable risks for the business, track vendor improvements, and connect to business processes.

• In partnership with Legal, manage the company’s Privacy and AI/Data security program to ensure process and technical compliance with applicable privacy laws and regulations, with a focus on implementing a flexible framework that will allow the company to meet the high bar of expectations and quickly adapt to new requirements.

• Assists in the response and recovery activities during times of crisis, disasters and/or other emergencies.                                                                 

• Participation in other related projects and assignments as required

Personnel and Teamwork:

• Lead and mentor a diverse team of security professionals, fostering a culture of continuous improvement.

• Lead through empathy to foster strong partnerships with other departments such as Technology, legal, stores, etc to ensure a holistic approach to risk management and compliance.

QUALIFICATIONS:

• Bachelor's Degree

• 10-15 years

• Experience using ISO27001, BSI, and/or BS25999 standards, frameworks and methodologies in retail preferred.

• DRII (Disaster Recovery Institute International) certification

• BCI (Business Continuity Institute) certification

• Lean Six Sigma

• CMMI or other Quality Management Systems

• SharePoint

• Comfort around top management

• Ability to prioritize and manage multiple assignments simultaneously to meet deadlines

• Discreetly manage sensitive and confidential information

#LI-SR1

Targeted Pay Range: $153,700.00 - $285,300.00. This is part of a competitive total rewards package that could include other components such as: incentive, equity and benefits. Individual pay is determined by a number of factors including experience, location, internal pay equity, and other relevant business considerations. We review all teammate pay regularly to ensure competitive and equitable pay.DICK'S Sporting Goods complies with all state paid leave requirements. We also offer a generous suite of benefits. To learn more, visit www.benefityourliferesources.com.