IT Team Lead, Compliance

Information Technology ATLANTA, Georgia


Description

Position at NAPA Auto Parts

About Genuine Parts Company

Imagine going to work every day knowing that you are part of something special; part of something that matters and that makes a real difference. Imagine working for a company whose reputation for excellence paves the way for more success. Imagine being part of a winning team where people don’t just work ‘jobs’, they build long-lasting, highly-satisfying careers.

Genuine Parts Company (GPC) has risen to the top of our industry by understanding the needs of those we serve – our customers and our employees – and then working hard, and smart, to meet those needs.

The true source of that success is the effort, commitment and intelligence of our nearly 40,000 employees. Across all of our business units, in locations worldwide, the people of GPC have diverse backgrounds and talents. But it’s what we share that makes us unique.

Job Description: 

The IT Compliance Team Lead for the Automotive Parts Group (APG) will support the Director, Security and Compliance in the achievement of compliance with regulatory compliance and industry standards within US APG. The successful candidate will demonstrate the ability to blend technical, business and management skills, including strategic thinking, innovative problem solving, simultaneously planning and executing projects and providing leadership to build and mature processes.  The candidate will also have direct leadership responsibilities on projects and as such, must have demonstrated ability to drive projects to completion in a matrixed environment.
 

Responsibilities:

  • Ensure solutions comply with existing and future requirements through a risk-driven approach to implementing new or improved processes and controls.
  • Partner with internal and external stakeholders to ensure activities are performed in accordance with applicable requirements, such as SOX, PCI DSS, ISO 2700x or Genuine Parts Company (GPC) policies.
  • Create/facilitate and maintain IT SOX policies, narratives and controls self-assessment documentation and lead coordination of monthly, quarterly, and annual review activities.
  • Drive the remediation of IT control deficiencies.
  • Create and maintain IT control documentation and knowledge repository.
  • Create an IT compliance risk scorecard and periodically assess and communicate the regulatory, governmental or organizational IT compliance risks.
  • Assist in the promotion of a security and compliance culture that encourages an open-door policy for team members to seek clarification on security and compliance matters.


Minimum Qualifications:

  • Bachelor’s degree in and 5 years of experience in IT Compliance, Security, Audit or other related discipline or an equivalent combination of education and work experience.
  • Working knowledge of information systems security standards and practices (e.g., access control and system hardening, system audit and log file monitoring, security policies, and incident handling).
  • In depth knowledge and experience of SOX, PCI DSS, ISO 2700x, SOC 1 or SOC 2.
  • Ability to clearly communicate IT Compliance and Security matters to executives, auditors, end users, and engineers, using appropriate language, examples, and tone.
  • Strong analytical, technical, and problem-solving skills.
  • Ability to work effectively, independent of assistance or supervision.
  • Innovative, creative, and extremely responsive, with a strong sense of urgency.
  • Willing to share knowledge and assist others in understanding technical and business topics.


Preferred Requirements
:

  • Bachelor’s degree and 8 years of experience or an equivalent combination of education and work experience.
  • Experience conducting, preparing and presenting compliance risk analysis, findings and recommendations.
  • Excellent communication skills.
  • Proficient with Word, Excel, and IT GRC tools.
  • Experience with Supply Chain processes, controls and technologies.
  • Understanding of the NIST / ISO security framework helpful in determining assessment for risks for organization.
  • Working knowledge of laws, regulations and industry requirements related to Information Security (i.e. GLBA, SOX, HIPAA, HITECH, FFIEC, GDPR, CCPA and PCI).

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability status, protected veteran status, or any other characteristic protected by law.