Job DescriptionRole SummaryThe Cybersecurity Compliance Manager is responsible for designing, operating, and continuously improving the company's cybersecurity compliance program within a large-scale retail environment. This role leads the day-to-day execution of compliance activities using the OneTrust GRC platform, with a strong focus on automation, controls monitoring, and audit-ready evidence generation.
The role ensures enterprise alignment with NIST Cybersecurity Framework (CSF) and regulatory requirements including PCI DSS, HIPAA, and U.S. state privacy regulations (CCPA/CPRA).
This role is hybrid and based in our corporate headquarters in Raleigh, NC. Key ResponsibilitiesCybersecurity Compliance Program Execution- Operate and mature the enterprise cybersecurity compliance program aligned to NIST CSF and applicable regulatory frameworks (PCI DSS, HIPAA, CCPA/CPRA).
- Translate regulatory and framework requirements into clear, monitored internal controls mapped to business systems and processes.
- Serve as a subject matter expert for cybersecurity control compliance across IT, cloud, retail, e-commerce, and corporate environments.
- Lead day-to-day use of the OneTrust GRC compliance modules, including:
- Control libraries and framework mappings
- Automated evidence collection and surveys
- Workflow-driven control testing and remediation tracking
- Compliance reporting and dashboards
- Implement and enhance automation to reduce manual effort and eliminate point-in-time compliance gaps.
- Partner with IT, Audit and Security teams to integrate OneTrust with upstream systems where feasible (e.g., vulnerability management, asset inventories).
Controls Monitoring & Assurance- Establish and operate a continuous controls monitoring (CCM) model in dynamic retail and cloud environments.
- Monitor control performance, SLA adherence, and exception trends across in-scope systems (e.g., PCI environments, customer data platforms).
- Track control effectiveness metrics and produce regular compliance reporting for leadership.
- Coordinate and support internal and external audits and assessments, including:
- PCI DSS attestations
- HIPAA risk and compliance reviews
- Privacy regulatory inquiries and assessments
- Maintain audit-ready evidence within OneTrust and drive timely remediation of findings.
- Partner with IT, Internal Audit, Legal, and Privacy to ensure consistent interpretation and execution of control requirements.
- Work closely with system owners, IT leaders, cybersecurity team, and business partners to ensure controls are properly implemented and operated.
- Assign control ownership, track accountability, and facilitate risk acceptance where appropriate.
- Provide guidance and training to control owners on compliance expectations, evidence requirements, and remediation processes.
Required Qualifications- 6+ years of experience in cybersecurity compliance, GRC, or IT risk management, preferably in a retail or consumer-facing enterprise.
- Strong working knowledge of:
- NIST Cybersecurity Framework (CSF)
- PCI DSS
- HIPAA Security Rule
- CCPA/CPRA and U.S. privacy obligations
- Experience supporting audits and regulatory assessments in complex, distributed environments.
Preferred Qualifications- Hands-on experience with OneTrust GRC (or comparable GRC platforms) including compliance automation and evidence workflows.
- Experience implementing continuous controls monitoring (CCM) or security metrics programs.
- Retail industry experience supporting point-of-sale (POS), e-commerce, or cardholder data environments (CDE).
- Familiarity with third-party risk and vendor compliance monitoring.
- Relevant certifications (preferred, not required):
- CISA, CISSP, CRISC, PCI ISA, or similar.
Key Competencies- Strong analytical and risk-based thinking
- Ability to translate regulatory language into practical, business-aligned controls
- Excellent stakeholder communication and influence skills
- Detail-oriented with a strong audit and evidence mindset
- Comfortable operating in fast-moving, matrixed retail organizations
