Manager Technology, Security

About The Position

Requirements

• Minimum of 6 + years of related experiences (information security, risk, or compliance), including people management experience driving results, creating solutions and achieving as one team
• Bachelor's degree in Risk Management, or related fields, or equivalent work experience
• Deep expertise in SOX, privacy regulations, and third-party risk management, and strong working knowledge of PCI DSS
• Strong decision-making, conflict resolution skills and experience leading teams and scaling enterprise compliance and risk programs
• Effective at driving accountability across both direct reports and cross-functional stakeholders
• Comfortable engaging with executive leadership and board-level audiences
• Ability to translate complex regulatory requirements into practical, business-aligned control strategies
• Strong risk-based mindset, balancing compliance obligations with operational effectiveness
• Deep understanding of security and compliance frameworks (PCI DSS, NIST, ISO 27001, SOX)
• Experience with third-party risk management methodologies and tools
• Experience with GRC platforms and compliance automation
• Strong risk assessment and control evaluation knowledge
• Excellent written and verbal communication skills
• Strong program leadership and prioritization capabilities
• Experience working within the retail sector

Nice To Haves

• Relevant certifications such as CISSP, CISM, CISA, CRISC, or PCI ISA/QSA are preferred

Responsibilities

• Lead and evolve the Security Compliance function, managing a high-performing team and driving consistent, high-quality execution across all program areas
• Own and govern the enterprise security compliance and control framework, ensuring alignment with regulatory requirements and industry standards (PCI DSS, NIST, GDPR, CPRA, SOX) and driving continuous improvement
• Oversee key compliance programs, including PCI, SOX, and privacy, ensuring audit readiness, effective control operation, and successful assessments
• Lead the Third-Party Risk Management program, establishing scalable, risk-based processes for vendor assessment, monitoring, and governance, and providing clear visibility into third-party risk exposure
• Drive the enterprise cybersecurity risk management program, ensuring risks are identified, prioritized, and remediated with clear accountability and executive visibility
• Partner cross-functionally with Technology, Legal, Internal Audit, and business teams to embed security and compliance into operations and decision-making
• Own audit and regulatory engagement, serving as the primary liaison with Internal Audit and ensuring efficient, well-coordinated audit execution
• Provide clear, actionable reporting to executive leadership and the Board, translating complex risk and compliance topics into meaningful insights
• Shape and mature the security awareness program, measurably improving human risk outcomes and strengthening the company’s overall security posture

Benefits

• A generous discount on all WSI brands
• A 401(k) plan and other investment opportunities
• Paid vacations, holidays, and time off to volunteer
• Health benefits, dental and vision insurance, including same-sex domestic partner benefits
• Tax-free commuter benefits
• A wellness program that supports your physical, financial and emotional health
• In-person and online learning opportunities through WSI University
• Cross-brand and cross-function career opportunities
• Resources for self-development
• Advisor (Mentor) program
• Career development workshops, learning programs, and speaker series