Advance Auto Parts
Website:
advanceautoparts.com
Job details:
Job Description
About Advance Auto Parts
Founded in Roanoke, VA in 1932, Advance Auto Parts is a leading automotive aftermarket retail parts provider that serves both professional installer and do-it-yourself Customers. As of July 13, 2019, Advance operated 4,912 stores and 150 Worldpac branches in the United States, Canada, Puerto Rico, and the U.S. Virgin Islands. The Company also serves 1,250 independently owned CARQUEST branded stores across these locations in addition to Mexico, the Bahamas, Turks, and Caicos and the British Virgin Islands. The company has a workforce of over 70,000 knowledgeable and experienced Team Members who are proud to provide outstanding service to their Customers, Communities, and each other every day.
About Advance India Innovation Center (AIIC)
We are continually innovating and seeking to elevate the Customer experience at each of our stores. For an organization of our size and reach, today, it has become more critical than ever, to identify synergies and build shared capabilities. The Advance India Innovation Center (AIIC), located in Hyderabad, is a step in this strategic direction that enables us to access a larger talent pool, unlock operational efficiencies and increase levels of collaboration.
Position Summary
The Director of Cybersecurity Compliance is responsible for leading the enterprise cybersecurity compliance program to ensure the organization meets applicable regulatory, contractual, industry, audit, and internal control requirements. This role leads the enterprise cybersecurity compliance function across regulatory, contractual, audit, and internal policy obligations and establishes a scalable operating model for a large, complex enterprise.
In a Fortune 500 environment, this role operates at enterprise scale and partners closely with Information Security, IT, Legal, Privacy, Enterprise Risk Management, Internal Audit, Compliance, Procurement, Finance, and business leadership. The Director ensures cybersecurity controls are designed, implemented, documented, monitored, and tested effectively; drives audit readiness and disciplined remediation governance; and provides executive visibility into cybersecurity compliance posture, control gaps, regulatory exposure, and program maturity.
This leader must translate complex cybersecurity, regulatory, and control requirements into practical enterprise processes that support business objectives while reducing cyber, regulatory, operational, legal, and reputational risk. The role also partners across the enterprise to embed cybersecurity compliance into technology, business, vendor, and risk management processes.
Key Responsibilities
Cybersecurity Compliance Program Leadership
- Lead the enterprise cybersecurity compliance program, including strategy, roadmap, governance, operating model, procedures, control oversight, compliance monitoring, and reporting.
- Define and maintain cybersecurity compliance requirements aligned to applicable laws, regulations, industry standards, contractual obligations, and internal cybersecurity policies.
- Establish a risk-based approach for evaluating cybersecurity compliance across enterprise systems, business processes, applications, infrastructure, cloud environments, third parties, and critical technology services.
- Drive maturity of cybersecurity compliance processes, including control mapping, evidence management, issue tracking, audit support, reporting, and remediation governance.
- Serve as a senior cybersecurity compliance advisor to executive leadership, technology leaders, business stakeholders, Legal, Privacy, Enterprise Risk, Internal Audit, and Compliance teams.
- Ensure cybersecurity compliance activities are aligned to enterprise cyber strategy, risk appetite, regulatory expectations, and business priorities.
Regulatory, Framework, and Control Alignment
- Oversee alignment of cybersecurity controls and compliance activities to NIST CSF 2.0, NIST SP 800-53, NIST SP 800-171 where applicable, SOC 2 Trust Services Criteria, PCI DSS, SOX IT General Controls, HIPAA/HITECH where applicable, GLBA where applicable, GDPR, CCPA/CPRA, SEC cybersecurity disclosure expectations where applicable, and customer or contractual cybersecurity requirements.
- Maintain a common control framework that rationalizes cybersecurity requirements across multiple regulatory and audit obligations.
- Partner with control owners to ensure cybersecurity controls are clearly defined, assigned, documented, tested, and evidenced.
- Identify control gaps, maturity opportunities, and overlapping requirements to improve efficiency and reduce compliance burden.
- Ensure compliance expectations are embedded into security architecture, identity and access management, vulnerability management, cloud security, incident response, data protection, application security, third-party risk, and business continuity processes.
Audit Readiness and Assurance
- Lead cybersecurity compliance support for internal audits, external audits, regulatory examinations, customer assessments, SOX testing, PCI assessments, SOC reporting, and other assurance activities.
- Coordinate audit planning, evidence collection, walkthroughs, control owner engagement, management responses, remediation commitments, and closure validation.
- Establish repeatable evidence management processes to ensure timely, accurate, and complete responses to audit and compliance requests.
- Review audit findings and control deficiencies to assess root cause, risk impact, compensating controls, and remediation approach.
- Drive reduction of repeat findings through stronger control ownership, accountability, monitoring, and remediation governance.
- Partner with Internal Audit, Enterprise Risk, Legal, Privacy, and Compliance to ensure cybersecurity audit activities are coordinated and aligned to enterprise risk priorities.
Cybersecurity Policy, Standards, and Governance
- Own or support the development, maintenance, and enforcement of cybersecurity policies, standards, procedures, and control requirements.
- Ensure cybersecurity policies and standards reflect current regulatory expectations, threat landscape, enterprise risk appetite, business operations, and technology environment.
- Establish governance processes for policy exceptions, control deviations, compensating controls, and risk acceptances.
- Partner with cybersecurity domain leaders to ensure policies are practical, measurable, enforceable, and aligned to operational capabilities.
- Track policy adherence and report non-compliance trends to appropriate governance forums.
- Support executive and board-level reporting related to cybersecurity governance, compliance posture, audit readiness, and control maturity.
Control Testing, Monitoring, and Remediation
- Establish and oversee a cybersecurity control monitoring and testing program to evaluate the effectiveness of key security controls.
- Define control testing schedules, procedures, evidence requirements, sampling methods, control ownership, and quality standards.
- Monitor compliance with cybersecurity controls across enterprise technology environments, including cloud, infrastructure, applications, identity platforms, endpoints, networks, data repositories, and third-party services.
- Track cybersecurity compliance issues, audit findings, control gaps, policy exceptions, and remediation plans through closure.
- Ensure remediation plans include clear ownership, milestones, due dates, risk prioritization, and validation criteria.
- Escalate overdue, high-risk, or under-resourced remediation activities through appropriate governance channels.
- Validate closure of cybersecurity findings and ensure evidence supports sustainable remediation.
Cyber Risk and Compliance Reporting
- Develop executive-level reporting on cybersecurity compliance posture, control effectiveness, audit findings, remediation status, regulatory obligations, policy exceptions, and program maturity.
- Establish meaningful compliance metrics and key risk indicators, including open audit findings by severity and age, control testing pass/fail rates, remediation aging, policy exception trends, compliance coverage, evidence request cycle time, repeat finding rate, control owner accountability, and regulatory readiness status.
- Translate detailed control and compliance issues into clear business risk narratives for executive leadership.
- Prepare materials for cybersecurity governance forums, enterprise risk committees, audit committees, executive leadership meetings, and board reporting as needed.
- Provide data-driven insight into areas requiring investment, prioritization, process improvement, or executive intervention.
Regulatory Change and Compliance Obligation Management
- Monitor changes in cybersecurity-related laws, regulations, standards, and industry expectations.
- Partner with Legal, Privacy, Compliance, and Enterprise Risk Management to interpret new or changing cybersecurity compliance obligations.
- Assess impacts of regulatory changes on cybersecurity policies, controls, processes, reporting, and technology capabilities.
- Develop implementation plans to address new requirements and ensure accountability across relevant control owners.
- Maintain visibility into customer, contractual, and industry-specific cybersecurity obligations that may impact enterprise compliance expectations.
- Support management responses to regulatory inquiries, customer due diligence requests, cyber insurance requirements, and external compliance attestations.
Cross-Functional Leadership and Stakeholder Engagement
- Build strong working relationships with cybersecurity domain leaders, IT, infrastructure, application teams, cloud teams, identity teams, Legal, Privacy, Compliance, Enterprise Risk, Internal Audit, Finance, Procurement, and business leaders.
- Influence control owners and business stakeholders to prioritize cybersecurity compliance obligations and remediation commitments.
- Serve as a trusted advisor on cybersecurity compliance implications for enterprise initiatives, technology modernization, cloud adoption, mergers and acquisitions, outsourcing, digital transformation, and new business capabilities.
- Promote a culture of accountability, transparency, and continuous improvement across cybersecurity compliance activities.
- Represent the cybersecurity organization in cross-functional governance forums, audit discussions, risk reviews, and executive updates.
Team Leadership and Operating Excellence
- Lead, coach, and develop a team of cybersecurity compliance professionals, control analysts, GRC specialists, or assurance resources.
- Set team objectives, priorities, performance expectations, service levels, and quality standards.
- Build scalable processes, playbooks, templates, and workflows to support consistent execution across compliance activities.
- Drive automation and tooling improvements for evidence management, control monitoring, issue tracking, reporting, and regulatory obligation management.
- Ensure the team operates with strong documentation discipline, professional judgment, stakeholder responsiveness, and business partnership.
- Manage workload across audits, assessments, control testing, regulatory requests, reporting cycles, and remediation activities.
Required Qualifications
- Bachelor’s degree in Cybersecurity, Information Technology, Information Systems, Risk Management, Business, Accounting, Compliance, or a related field, or equivalent professional experience.
- 10+ years of experience in cybersecurity, technology risk, IT compliance, IT audit, governance/risk/compliance, regulatory compliance, control assurance, or related disciplines.
- 5+ years of leadership experience managing teams, programs, or enterprise-wide risk/compliance initiatives.
- Demonstrated experience leading cybersecurity compliance activities in a large enterprise, publicly traded, highly regulated, or Fortune 500 environment.
- Strong knowledge of cybersecurity control frameworks, regulatory expectations, audit practices, and risk management principles.
- Experience with NIST CSF, NIST 800-53, SOC 2, SOX ITGC, PCI DSS, privacy/security regulations, and common cybersecurity control requirements.
- Experience leading audit readiness, evidence collection, control testing, issue remediation, risk acceptance, and executive reporting.
- Ability to interpret regulatory and control requirements and translate them into practical cybersecurity processes and measurable control expectations.
- Strong understanding of enterprise cybersecurity domains, including identity and access management, vulnerability management, cloud security, data protection, incident response, application security, endpoint security, network security, logging/monitoring, third-party risk, and business continuity.
- Proven ability to communicate complex cybersecurity compliance matters clearly to technical teams, business leaders, auditors, legal partners, regulators, and executives.
- Strong executive presence, judgment, prioritization, stakeholder influence, program management, and decision-making skills.
Preferred Qualifications
- Experience building, transforming, or scaling a cybersecurity compliance or GRC program in a Fortune 500 or publicly traded company.
- Experience supporting board, audit committee, enterprise risk committee, or executive-level cybersecurity reporting.
- Experience with GRC and compliance platforms such as ServiceNow GRC/IRM, Archer, OneTrust, MetricStream, AuditBoard, Workiva, LogicGate, or similar tools.
- Experience with SOX, PCI DSS, SOC 2, ISO 27001 certification, regulatory examinations, customer audits, or cyber insurance assessments.
- Experience implementing or managing a common control framework across multiple compliance obligations.
- Experience with automated control monitoring, continuous compliance, cloud compliance, or evidence automation.
- Professional certification such as CISSP, CISM, CRISC, CISA, CGEIT, CDPSE, ISO 27001 Lead Auditor/Implementer, PCI ISA/QSA where applicable, CPA, or CIA.
- Experience working in retail, financial services, healthcare, manufacturing, technology, logistics, or another large-scale regulated industry.
- Certifications: CRISC, CISSP, CISM or relevant experience
California Residents Click Below For Privacy Notice
https://jobs.advanceautoparts.com/us/en/disclosures
We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age national origin, religion, sexual orientation, gender identity, status as a veteran and basis of disability or any other federal, state or local protected class.
Click on Apply to know more.