IT Compliance and Risk Lead

The IT Risk & Compliance Lead will implement a comprehensive risk management framework within the IT organization, addressing both operational and non-operational risks while integrating privacy considerations and ensuring regulatory compliance.

This position collaborates with cross-functional teams to identify, mitigate, and monitor risks, maintain a risk register, and oversee third-party assessments. Key responsibilities include developing executive dashboards for risk monitoring, aligning strategies with industry standards, and safeguarding sensitive data throughout IT processes. This role also requires balancing mitigation efforts with expected ROI and coordinating with stakeholders to foster a culture of compliance and effective risk management.

This position is located in Springfield, MO.

ESSENTIAL JOB FUNCTIONS

• Maintain a comprehensive risk management framework integrating organizational risk management and solutions analysis to address both operational and non-operational risks, leveraging risk scenario modeling for effective control measures.
• Implement risk management plans, processes, and strategies aligned with policy development to ensure continuity, project success, and security.
• Monitor and enforce regulatory controls using organizational risk management and compliance best practices, ensuring personal and sensitive data is handled securely and in line with all requirements
• Integrate regulatory considerations into risk management frameworks, working closely with cross-functional teams under policy development and implementation to uphold data protection standards throughout all IT initiatives.
• Assess privacy risks and compliance obligations by leveraging multiple points of data collection and needs analysis to ensure alignment with required privacy regulations (e.g., CCPA) and organizational policies.
• Collaborate with stakeholders on privacy impact assessments to balance user data needs with risk mitigation and regulatory obligations.
• Collaborate with cross-functional teams for risk mitigation to integrate effective strategies across different departments and stakeholders.
• Balance mitigation efforts with return on investment to optimize resource allocation and value.
• Coordinate the implementation of risk mitigation plans ensuring policies and standards are followed.
• Facilitate communication and alignment on risk objectives to maintain transparent reporting and regular updates for all stakeholders.
• Regularly update and monitor the risk register to organize, categorize, and review identified risks.
• Maintain executive dashboards and KPIs providing clear, actionable insights on risk status and remediation progress.
• Establish a regular cadence for risk reviews by scheduling periodic sessions to ensure timely updates and accountability.
• Coordinate with leadership to develop short and long-term strategies to reduce risk.
• Implement templates, tools, and methodologies for solutions analysis and document preparation, standardizing processes and enhancing overall risk governance.
• Maintain a third-party risk management program to track vendor compliance lifecycles and enforce organizational requirements, data will be used for contract renegotiations based on vendor security posture changes.
• Monitor third-party vendors for contract compliance, leveraging compliance checks to validate alignment with defined risk thresholds.
• Conduct due diligence on new and existing vendors, applying regulatory and compliance management to review compliance documentation (e.g., SOC 2, PCI AOC) and confirm adherence to security frameworks.
• Review security questionnaires and compliance reports to validate vendor controls and align with regulatory requirements.
• Collaborate on risk mitigation strategies for third-party vendors by working with vendors and internal teams to address exposures and implement solutions.
• Ensure alignment with industry standards and frameworks to maintain compliance with SOX, NIST CSF, CIS v8.1, PCI DSS 4.0.1, OWASP Top 10, and privacy regulations.

SKILLS/EDUCATION/EXPERIENCE

Required

• Risk management expertise with an understand of creating and implementing a risk management program focused on an IT context
• An understanding of cybersecurity principles including familiarity with industry standards and frameworks such as NIST CSF, CIS, PCI DSS, SOX, and OWASP
• An understanding of Privacy concepts and associated risks
• Familiarity with Third-Party Risk Management
• Capability to conduct work, unsupervised and with extensive latitude for independent judgement
• Excellent solutions analysis skills with a proven ability to analyze specific problems and issues to find the best solutions
• Excellent organizational skills with a proven ability to manage multiple projects simultaneously
• Excellent oral and written communication skills
• Strong attention to detail
• 6-10+ years of experience in a related field
• Experience of coordinating the work of others

Desired

• Bachelor’s degree in Information Technology, Cybersecurity, Risk Management, Business Administration, or a related field
• Relevant certifications such as but not limited to Certified in Risk and Information Systems Control (CRISC), Certified information Security Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified in Governance of Enterprise IT (CGEIT), Certified Information Privacy Professional (CIPP), FAIR fundamentals, or other similar certifications

O’Reilly Auto Parts has a proven track record of growth and stability. O’Reilly is full of successful career stories and believes in a strong promote-from-within philosophy, encouraging you to grow your career along with the organization. 

Total Compensation Package:

• Competitive Wages & Paid Time Off

• Stock Purchase Plan & 401k with Employer Contributions Starting Day One

• Medical, Dental, & Vision Insurance with Optional Flexible Spending Account (FSA)

• Team Member Health/Wellbeing Programs

• Tuition Educational Assistance Programs

• Opportunities for Career Growth

O’Reilly Auto Parts is an equal opportunity employer. The Company does not discriminate on the basis of race, religion, color, national origin or ancestry (including immigration status or citizenship), sex, sexual orientation, gender identity, pregnancy (including childbirth, lactation, and related medical conditions,) age (40 and over), veteran status, uniformed service member status, physical or mental disability, genetic information (including testing or characteristics) or another protected status as defined by local, state, or federal law, as applicable.

Qualified individuals with a disability may be entitled to reasonable accommodation under the Americans with Disabilities Act. If you require a reasonable accommodation during the application or employment process, please send an email to: rar@oreillyauto.com or call 417-862-2674, ext. 68901, and provide your requested accommodation, and position details.