IT Compliance Manager

About The Position

Requirements

• Four-year degree or equivalent experience in a related field (e.g., Information Technology, Computer Science, Management Information Systems, or equivalent industry experience).
• 5+ years of experience in IT compliance, IT audit, or information security, with at least 1-2 years in a supervisory or lead capacity.
• Demonstrated working knowledge of PCI DSS, NIST CSF, and SOX requirements.
• Hands-on experience with SOX ITGC testing, evidence coordination, and deficiency management.
• Experience developing and maintaining IT policies and procedures.
• Strong understanding of risk assessment methodologies and mitigation planning.
• Experience with change management processes and CAB governance.
• Demonstrated ability to work independently, make confident decisions, and drive improvements without constant direction.

Nice To Haves

• Relevant certifications such as CISA or CRISC.
• Experience in the retail or grocery industry.
• Experience with ServiceNow and KnowBe4.
• Experience managing security awareness and phishing simulation platforms.
• Familiarity with GRC (Governance, Risk, and Compliance) platforms.
• Experience working with Big 4 or external audit firms, including coordinating walkthroughs and evidence requests.

Responsibilities

• May lead/mentor compliance analysts.
• Assign and prioritize workload across compliance initiatives, audits, and remediation efforts.
• Conduct performance evaluations and support professional growth and certification goals.
• Accountable for prioritization of compliance activities and delivery of audit milestones.
• Own and continuously refine SOX IT control design, documentation, and operating cadence, including control narratives, evidence expectations, and control owner alignment.
• Coordinate SOX audit evidence collection, perform quality review, and provide gap analysis and status reporting to stakeholders.
• Drive deficiency and remediation management, including action plan tracking, validation of corrective actions, and audit readiness.
• Proactively identify and resolve process inefficiencies in evidence collection and audit workflows.
• Deliver SOX evidence packages on time with minimal rework.
• Coordinate PCI-DSS compliance activities including audit preparedness, evidence management, and cross-functional alignment to maintain PCI-DSS posture.
• Maintain PCI-DSS program documentation (policies, standards, and procedures as applicable) and track compliance requirements across IT and security control owners.
• Drive PCI-DSS audit readiness and coordinate annual assessments with external QSAs and internal stakeholders.
• Own the information security policy lifecycle (draft, review, approval, publish, attestation, and exception handling) and ensure policies are maintained, communicated, and measurable.
• Coordinate policy enforcement mechanisms with technical owners (standards, baselines, procedural controls, and compliance reporting) and maintain audit-ready documentation.
• Own enterprise security awareness program strategy, annual plan, and compliance tracking, including completion rates, effectiveness measurement, targeted campaigns, and culture alignment.
• Own the phishing simulation and testing program, including scenario design cadence, targeting strategy, results reporting, and continuous improvement actions.
• Coordinate internal and external audits and assessments (SOX, PCI-DSS, NIST-aligned assessments, penetration tests, and targeted control audits), including evidence management and stakeholder coordination.
• Build and maintain compliance reporting (dashboards, metrics, KRIs/KPIs, issue tracking) to provide transparency into compliance status, risks, and remediation progress.
• Provide gap analysis between security policies, standards, regulations, and actual practices, processes, and solutions. Recommend actions to management and track remediation.
• Partner with IT and business partners to prioritize and drive process improvements that remediate or mitigate control gaps and compliance findings.
• Coordinate weekly CAB meetings and drive Change Control processes to ensure SOX and security control requirements are met, including documentation, evidence, and audit alignment with existing change control policy.
• Support incident response by advising on compliance and control impact, evidence retention, and audit trail requirements, in partnership with Security Operations.

Benefits

• In addition to a rewarding career, Sprouts offers a comprehensive program to help support you and your family. These programs include:
• Competitive pay
• Sick time plan that you can use to support you or your immediate families health
• Vacation accrual plan
• Opportunities for career growth
• 15% discount for you and one other family member in your household on all purchases made at Sprouts
• Flexible schedules
• Employee Assistance Program (EAP)
• 401(K) Retirement savings plan with a generous company match
• Company paid life insurance
• Contests and appreciation events throughout the year full of prizes, food and fun!
• Bonus based on company and/or individual performance
• Affordable benefit coverage, including medical, dental and vision
• Health Savings Account with company match
• Pre-tax Flexible Spending Accounts for healthcare and dependent care
• Company paid short-term disability coverage
• Paid parental leave for both mothers and fathers
• Paid holidays
• Get Paid Every Day!
• Sprouts Farmers Market offers DailyPay - if you’re hired as an eligible employee, you’ll be able to transfer the money you’ve already earned at no extra cost, and get it the next business day, for free. We offer DailyPay so you don’t have to wait for payday to access the money you’ve already worked for. With DailyPay, you can see how much you’ve made every day and you can transfer your money any time before payday.
• You can learn more by visiting https://www.dailypay.com/partners/sprouts-farmers-market/.