Manager Security and Compliance Hybrid

Manager of Security and Compliance

We are seeking a highly experienced and proactive Manager of Security and Compliance to lead our cybersecurity, data protection, and regulatory compliance efforts. In this role, you will be responsible for developing, implementing, and managing security programs that protect our digital and physical retail environments including monitoring and control of servers, databases, networks, corporate mobile devices, information security, and applications. This role owns the audit and compliance functions and is the primary security officer of the company.  You will play a critical role in ensuring the company meets industry standards and regulatory requirements (e.g., PCI-DSS, CCPA), while supporting a secure customer and employee experience.

Essential Functions:

• Lead the design, implementation, and maintenance of the company’s cybersecurity and compliance programs.
• Oversee PCI-DSS compliance across online and in-store payment systems, working closely with IT, Store Ops, and Finance.
• Develop and manage security policies, standards, and procedures aligned with industry best practices.
• Monitor and respond to security incidents and data breaches, ensuring timely reporting and remediation.
• Conduct regular risk assessments, vulnerability scans, and penetration testing.
• Collaborate with internal stakeholders (Legal, HR, Finance, E-commerce) to ensure compliance with evolving privacy regulations.
• Manage security awareness training programs to educate employees on safe practices.
• Partner with third-party vendors, auditors, and service providers to manage security posture and ensure contractual compliance.
• Lead internal audits and coordinate external audits as needed.
• Track, analyze, and report security metrics to executive leadership.

• Accountable for the yearly audit of PCI and other compliance requirements.
• Partners closely with one or more application leaders and architects to understand and internalize the architecture/design of solutions and ensures proper controls are in place for ongoing operations. 

Qualifications:

• Bachelor’s degree in Computer Science, Information Security, or related field (Master’s preferred).
• 8+ years of progressive experience in information security, compliance, or IT risk management.
• 3+ years in a leadership or managerial capacity, preferably within a retail or consumer-facing environment.
• In-depth knowledge of security standards and frameworks (e.g., NIST, ISO 27001, CIS).
• Hands-on experience with PCI-DSS compliance and retail security challenges.
• Strong understanding of cloud security, endpoint protection, identity management, and network security.
• Relevant certifications such as CISSP, CISA, CISM, or PCI ISA/QSA are highly desirable.
• Excellent communication, leadership, and project management skills.

Preferred Experience:

• Working knowledge of compliance requirements related to data privacy laws (e.g., CCPA, GDPR).
• Experience securing eCommerce platforms (Shopify, Magento, Salesforce Commerce, etc.).
• Familiarity with modern cloud environments (AWS, GCP, Azure) and associated security tools