Senior Director - Technology Governance, Risk, & Compliance (REMOTE)
Remote - US, United States
At DICK’S Sporting Goods, we believe in how positively sports can change lives. On our team, everyone plays a critical role in creating confidence and excitement by personally equipping all athletes to achieve their dreams. We are committed to creating an inclusive and diverse workforce, reflecting the communities we serve.
If you are ready to make a difference as part of the world’s greatest sports team, apply to join our team today!
OVERVIEW:
This position will shape our security strategy, ensuring compliance with regulatory standards and managing risks across Dicks Sporting Goods. The incumbent will work with key executives, management and staff across the organization to minimize the impact of disasters or other business disruptions by proactively identifying and mitigating risks through the establishment and implementation of policies and guidelines. This position is responsible for leading and coordinating all business continuity activities. Additionally, this role will lead the evaluation and selection of vendors to ensure service level agreements meet business continuance and disaster recovery planning requirements.
Security Leadership:
Articulate a clear vision for the transformation of technology governance, risk management, and compliance that aligns with overall strategic goals of the company and Tech organization, ensuring security considerations are integrated into all business processes and initiatives, and with a focus on simplification and automation for scale.
Collaboratively design, implement, and oversee adherence to policies, procedures, technical standards, and required control based on the NIST Cybersecurity Framework (CSF).
Manage new GRC improvement initiatives and projects to include scope, roadmap, budget, staffing, and contracts.
Program Management:
Manage the Compliance program to include assisting teams prepare and respond to internal and external audits, represent the security organization, and explore opportunities to automate control testing and attestation. Compliance regimes include Sarbanes-Oxley (SOX), Payment Card Information / Digital Security Standard (PCI / DSS), various Privacy laws, existing contract obligations, and any new regulations that become applicable to the business.
Manage the Information and technology Risk Management program to include risk assessments, threat modeling, risk reviews, mitigation oversight, documentation in the risk register, and presentation of technical risks to business outcomes to facilitate risk-informed business decisions.
In partnership with key business stakeholder, manage the Business Continuity and Disaster Recovery program to include business continuity plan (BCP) development, testing, and execution across the company. Focus should be on shifting from reactive mechanisms to proactive resiliency mechanisms through automated detection and failover, scaling, and self-healing.
Manage the Vulnerability Management …
This job isn't fresh anymore!
Search Fresh JobsJob Profile
Benefits Competitive total rewards Diverse Team Equity Generous suite of benefits Incentive Inclusive and diverse workforce Inclusive workforce Paid leave Remote work
Tasks- Conduct risk assessments
- Ensure compliance with regulatory standards
- Manage compliance program
- Manage risks
- Shape security strategy
AI Audit Management Automation Benefits Business Continuity Planning Compliance Cybersecurity Disaster Recovery Leadership NIST Cybersecurity Framework Program Management Risk Assessment Risk Management Third-Party Risk Management Threat modeling Vendor Management Vulnerability Management
EducationBachelor's degree Cybersecurity
TimezonesAmerica/Anchorage America/Chicago America/Denver America/Los_Angeles America/New_York Pacific/Honolulu UTC-10 UTC-5 UTC-6 UTC-7 UTC-8 UTC-9