Description

SUMMARY:
The Director of IT Governance, Risk & Compliance works closely with key constituents
across various Motion IT departments, Internal Audit, Genuine Parts Company (GPC)
Enterprise Cybersecurity Team, and 3rd party audit firms to orchestrate consistent and
well-documented processes, standards and solutions in support of Motion’s IT
governance program. This role oversees the Sarbanes-Oxley Act (SOX) and the
Department of Defense (DoD) Cybersecurity Maturity Model Certification (CMMC)
programs, and works closely with the enterprise cybersecurity team to address payment
card industry (PCI) and California Consumer Privacy Act (CCPA) compliance
requirements. This position has overall responsibility for change/release management and
DevOps tools/systems administration.

JOB DUTIES

• Supports regulatory compliance related to IT SOX and PCI requirements with emphasis
on change management, internal controls, quality assurance (QA) and business
continuance. Manages and coordinates activities associated with IT SOX testing. Defines
and manages the self testing process and deliverables for manager approval. Oversees
testing with a focus on core IT SOX and PCI requirements.
• Administers all Motion IT compliance policies, systems, and processes, and makes
recommendations of tools to support policies and procedures.
• Participates in risk management for major initiatives, identifying risks and recommending
actions to minimize risks.
• Provides oversight of CMMC program for Motion, including management of 3rd party
vendor supporting Motion’s Government Community Cloud (GCC) High environment in
O365.
• Manages an effective process to ensure changes are reliable, results are accurate and
comply with coding standards, and approved application requirements are satisfied.
• Ensures all changes to the IT infrastructure follow approved change management
policies and procedures, and are logged and communicated.
• Oversees change management process/program/staffing, and supports related policies
and procedures.
• Oversees modern DevOps systems and change management process for Motion.
Oversees ISPW system for Motion legacy applications. Manages DevOps and change
management team of engineers. Oversees BMC’s Automated Mainframe Intelligence
(AMI) solution for self-testing.
• Conducts job responsibilities with customer service being the primary focus and IT being
secondary.
• Ensures compliance with GPC and Motion HR policies, completes performance reviews
for direct reports, and provides employees with appropriate training to maintain their
knowledge, skills and abilities. Sets priorities and assists with workload planning, and
communicates relevant business information with staff.
• Oversees and manages department budget, including budget planning and development
for individual department. Receives, reviews and codes applicable invoices for approval,
recommends cost savings opportunities where appropriate and participates in the annual
budget process.
Interacts with GPC Enterprise Security Team for security initiatives & projects, external
auditors for SOX and PCI compliance, 3rd Party support of CMMC and with IT managers
and Help Desk for change management and service impacting issues.
• Ensures all staff members are informed, and supports company safety and health
programs.
• Performs other duties as assigned.

EDUCATION & EXPERIENCE

Typically requires a bachelor's degree in Computer Science, Information Systems,
Engineering, Business or a related field and ten (10) or more years of related experience or
an equivalent combination.

KNOWLEDGE, SKILLS, ABILITIES

• Ability to communicate effectively and build strong client relationships across the
organization and foster collaboration with key IT leaders.
• Direct participation and experience across common industry security policy areas,
including, but not limited to ISO, NIST, COBIT, PCI and SOX.
• Experience in implementation and support of SOX, PCI, CMMC and CCPA program
requirements.
• Experience in DevOps tools, including GitHub, Azure DevOps, Liquibase and ISPW a
plus.
• Project planning and execution, including managing multiple large-scale, complex, multidisciplined, cross-functional compliance and security projects simultaneously.
• Strong management experience and deep understanding of Information Systems.

GPC conducts its business without regard to sex, race, creed, color, religion, marital status, national origin, citizenship status, age, pregnancy, sexual orientation, gender identity or expression, genetic information, disability, military status, status as a veteran, or any other protected characteristic. GPC's policy is to recruit, hire, train, promote, assign, transfer and terminate employees based on their own ability, achievement, experience and conduct and other legitimate business reasons.