Manager of IT Risk and Compliance

REEDS JewelersWilmington, NC

About The Position

The Manager of IT Risk and Compliance will design, implement, and oversee the enterprise-wide IT governance, procurement, risk management, and compliance (GRC) framework for REEDS Jewelers. This strategic leader will ensure that our retail stores, corporate infrastructure, and e-commerce platform are secure, resilient, and fully compliant with all applicable regulatory, financial, and industry standards. Additionally, this role serves as a critical point of escalation for specialized financial intelligence. The Director will independently investigate, troubleshoot, and formally file Suspicious Activity Reports (SARs) to mitigate risks associated with multi-channel point-of-sale fraud, e-commerce identity theft, credit underwriting anomalies, and anti-money laundering (AML) compliance.

Requirements

  • 3 to 5 years of progressive experience in IT audit, information security governance, or IT risk management.
  • Proven experience in a multi-channel retail, e-commerce, banking, or consumer-facing environment with heavy transactional volumes.
  • Deep working knowledge of American Disabilities Act (ADA), Data Protection Compliance, PCI-DSS, SOX, and consumer privacy laws.
  • Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, Business Administration, or a related field.
  • Candidates must possess at least two of the following certifications. Given the expanded investigative mandate, a combination of a technical security certification and a fraud/investigative certification is highly preferred: CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager) or CISSP (Certified Information Systems Security Professional), CRISC (Certified in Risk and Information Systems Control).

Nice To Haves

  • CISA (Certified Information Systems Auditor): Highly valued for leading internal audit readiness and ITGC/SOX evaluations.
  • CISM (Certified Information Security Manager) or CISSP (Certified Information Systems Security Professional): Required to demonstrate elite capability in managing enterprise security governance and risk.
  • CRISC (Certified in Risk and Information Systems Control): Preferred for candidates specializing in designing and executing enterprise-level IT risk registers.

Responsibilities

  • Lead technical forensic investigations into complex corporate fraud including: e-commerce account takeovers, gift card manipulation, and anomalous transactional behaviors across point-of-sale (POS) and omni-channel credit integrations.
  • Own the end-to-end process of troubleshooting suspicious patterns, compiling narrative reports, and formally filing Suspicious Activity Reports (SARs) with the Financial Crimes Enforcement Network (FinCEN) in strict compliance with Bank Secrecy Act (BSA) rules for luxury retailers.
  • Provide the CIO and executive leadership with confidential intelligence briefs regarding internal or external fraud investigations, exposure assessments, and structural vulnerabilities.
  • Own end-to-end compliance for PCI-DSS across all digital checkout touchpoints, POS systems, and multi-channel payment integrations.
  • Manage and test IT General Controls (ITGC) to support Sarbanes-Oxley (SOX) audit readiness, ensuring tight segregation of duties (SoD) across financial and inventory systems (e.g., enterprise ERP and legacy AS400 databases).
  • Monitor and enforce compliance with data privacy frameworks (including CCPA/CPRA) and specialized AML regulations impacting loyalty databases, high-value cash/financing transactions, and digital marketing.
  • Maintain and update the IT risk register, translating technical security findings and transaction fraud vectors into quantifiable business risks.
  • Architect and execute a robust third-party risk assessment program for SaaS providers, financial partners, supply chain logistics, and AI/analytics vendors.
  • Act as the primary point of contact for internal and external IT auditors, coordinating evidence collection and owning the tracking and remediation of all audit findings.
  • Develop, update, and manage the lifecycle of corporate information security policies aligned with the NIST Cybersecurity Framework or ISO 27001.

Benefits

  • merchandise discounts
  • 401(k)
  • paid time off
  • health/dental/life/LTD insurance
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service