IT Compliance Team Lead

Information Technology ATLANTA, Georgia


Description

Position at NAPA Auto Parts

Job Description:

 The IT Compliance Team Lead for the Automotive Parts Group (APG) will support the Director, Security and Compliance in the achievement of compliance with regulatory compliance and industry standards within US APG. The successful candidate will demonstrate the ability to blend technical, business and management skills, including strategic thinking, innovative problem solving, simultaneously planning and executing projects and providing leadership to build and mature processes.  The candidate will also have direct leadership responsibilities on projects and as such, must have demonstrated ability to drive projects to completion in a matrixed environment.

 Responsibilities:

  • Ensure solutions comply with existing and future requirements through a risk-driven approach to implementing new or improved processes and controls.
  • Partner with internal and external stakeholders to ensure activities are performed in accordance with applicable requirements, such as SOX, PCI DSS, ISO 2700x or Genuine Parts Company (GPC) policies.
  • Create/facilitate and maintain IT SOX policies, narratives and controls self-assessment documentation and lead coordination of monthly, quarterly, and annual review activities.
  • Drive the remediation of IT control deficiencies.
  • Create and maintain IT control documentation and knowledge repository.
  • Create an IT compliance risk scorecard and periodically assess and communicate the regulatory, governmental or organizational IT compliance risks.
  • Assist in the promotion of a security and compliance culture that encourages an open-door policy for team members to seek clarification on security and compliance matters.

 Minimum Qualifications:

  • Bachelor’s degree in and 5 years of experience in IT Compliance, Security, Audit or other related discipline or an equivalent combination of education and work experience.
  • Working knowledge of information systems security standards and practices (e.g., access control and system hardening, system audit and log file monitoring, security policies, and incident handling).
  • In depth knowledge and experience of SOX, PCI DSS, ISO 2700x, SOC 1 or SOC 2.
  • Ability to clearly communicate IT Compliance and Security matters to executives, auditors, end users, and engineers, using appropriate language, examples, and tone.
  • Strong analytical, technical, and problem-solving skills.
  • Ability to work effectively, independent of assistance or supervision.
  • Innovative, creative, and extremely responsive, with a strong sense of urgency.
  • Willing to share knowledge and assist others in understanding technical and business topics.

 Preferred Requirements:

  • Bachelor’s degree and 8 years of experience or an equivalent combination of education and work experience.
  • Experience conducting, preparing and presenting compliance risk analysis, findings and recommendations.
  • Excellent communication skills.
  • Proficient with Word, Excel, and IT GRC tools.
  • Experience with Supply Chain processes, controls and technologies.
  • Understanding of the NIST / ISO security framework helpful in determining assessment for risks for organization.
  • Working knowledge of laws, regulations and industry requirements related to Information Security (i.e. GLBA, SOX, HIPAA, HITECH, FFIEC, GDPR, CCPA and PCI).

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability status, protected veteran status, or any other characteristic protected by law.