Job DescriptionAbout the TeamThe Security Compliance Team is responsible for Williams-Sonoma, Inc.'s enterprise security compliance, third-party risk, and cybersecurity risk management programs. The team is comprised of subject matter experts who partner with the business to deliver compliance solutions in a dynamic environment.
About the Role The Manager, Security Compliance leads the team and is responsible for setting strategy, establishing standards, and ensuring effective execution across the Security Compliance function.
Reporting to the CISO, this leader manages a team of security compliance professionals and contractors, with accountability for program outcomes, team performance, and enterprise risk visibility. The role partners closely with Technology, Legal, Internal Audit, and business stakeholders to ensure a scalable, risk-aligned control environment.
This position plays a critical role in maintaining audit readiness, strengthening the company's control framework, and providing clear, actionable insight into compliance posture, risks, and remediation progress to executive leadership and the Board.
Responsibilities - Lead and evolve the Security Compliance function, managing a high-performing team and driving consistent, high-quality execution across all program areas
- Own and govern the enterprise security compliance and control framework, ensuring alignment with regulatory requirements and industry standards (PCI DSS, NIST, GDPR, CPRA, SOX) and driving continuous improvement
- Oversee key compliance programs, including PCI, SOX, and privacy, ensuring audit readiness, effective control operation, and successful assessments
- Lead the Third-Party Risk Management program, establishing scalable, risk-based processes for vendor assessment, monitoring, and governance, and providing clear visibility into third-party risk exposure
- Drive the enterprise cybersecurity risk management program, ensuring risks are identified, prioritized, and remediated with clear accountability and executive visibility
- Partner cross-functionally with Technology, Legal, Internal Audit, and business teams to embed security and compliance into operations and decision-making
- Own audit and regulatory engagement, serving as the primary liaison with Internal Audit and ensuring efficient, well-coordinated audit execution
- Provide clear, actionable reporting to executive leadership and the Board, translating complex risk and compliance topics into meaningful insights
- Shape and mature the security awareness program, measurably improving human risk outcomes and strengthening the company's overall security posture
- Success in this role is defined by the effectiveness of the control environment, clarity of risk visibility, and the organization's ability to sustain audit readiness and compliance at scale
Criteria- You have minimum of 6 + years of related experiences (information security, risk, or compliance), including people management experience driving results, creating solutions and achieving as one team
- Bachelor's degree in Risk Management, or related fields, or equivalent work experience
- You have deep expertise in SOX, privacy regulations, and third-party risk management, and strong working knowledge of PCI DSS
- You have strong decision-making, conflict resolution skills and experience leading teams and scaling enterprise compliance and risk programs
- You are effective at driving accountability across both direct reports and cross-functional stakeholders
- You are comfortable engaging with executive leadership and board-level audiences
- You can translate complex regulatory requirements into practical, business-aligned control strategies
- You bring a strong risk-based mindset, balancing compliance obligations with operational effectiveness
- Relevant certifications such as CISSP, CISM, CISA, CRISC, or PCI ISA/QSA are preferred
- This role requires being onsite in the Rocklin, CA office, Monday through Thursday and Friday as optional in the office
- You have the following technical competencies:
- Deep understanding of security and compliance frameworks (PCI DSS, NIST, ISO 27001, SOX)
- Experience with third-party risk management methodologies and tools
- Experience with GRC platforms and compliance automation
- Strong risk assessment and control evaluation knowledge
- Excellent written and verbal communication skills
- Strong program leadership and prioritization capabilities
- Experience working within the retail sector
Our Culture & Values We believe that taking care of our people is vital to our success and we strive to offer equitable and transparent practices for all. We prioritize connection, growth, and wellbeing.
People First Putting People First means investing in overall well-being and opportunities to grow and advance within the organization. Depending on the position and location, here are a few highlights of what benefits may be available:
Benefits
- A generous discount on all WSI brands
- A 401(k) plan and other investment opportunities
- Paid vacations, holidays, and time off to volunteer
- Health benefits, dental and vision insurance, including same-sex domestic partner benefits
- Tax-free commuter benefits
- A wellness program that supports your physical, financial and emotional health
Continued Learning
- In-person and online learning opportunities through WSI University
- Cross-brand and cross-function career opportunities
- Resources for self-development
- Advisor (Mentor) program
- Career development workshops, learning programs, and speaker series
This role is not eligible for relocation assistance.
The expected starting pay range for this position is $148,000 - $176,000. Applicable pay ranges may differ across markets. Actual pay will be determined based on experience and other job-related factors permitted by law. In addition to competitive pay, compensation may include a variety of other components like benefits, paid time off, merit, and bonus opportunities.
#LI-JC1
