Manager, PMT - GRC Compliance (Hybrid - Seattle, WA)

Job Description

As our Technology Compliance Manager, you will be responsible for building and executing our vision for regulatory compliance at Nordstrom. Working with a team of talented program managers, you will coordinate and run our annual PCI, HIPAA, IT SOX, and other regulatory assessments across the Nordstrom environment as well as support continuous compliance against our information security policies and standards. You will mature our program through the implementation of our common control framework, looking for ways to streamline and improve the efficiency and effectiveness of our compliance processes. You will provide guidance and thought leadership on our technical approach to meeting disparate requirements and will use data to direct the focus of continuous compliance efforts. Along the way, you will support and develop a team of compliance professionals, fostering a collaborative and trusting environment that allows each team member to meet their full potential. The ideal candidate will have deep knowledge of regulatory compliance domains along with a balance of technical leadership and people management skills.

This role is hybrid. Candidates must be willing to work in office at the Seattle, WA headquarters a minimum of 3 days/week to be considered for this position.

A day in the life...

• Managing all regulatory security compliance assessments including:
  
  • Execution of multiple PCI Level 1 Merchant assessment annually, across all brands and channels
  • Execution of annual HIPAA audits
  • Execution of annual IT SOX audits
  • Ownership of relationships with regulators and internal/external auditors
• Providing guidance and best practices to Nordstrom engineers and leadership on how to effectively meet regulatory requirements
• Providing input on our security policies and standards to ensure compliance with regulatory requirements
• Developing and delivering metrics and measurements of compliance posture and assessment status for all channels
• Supporting our Common Control Framework within compliance activities to improve efficiency of control testing efforts
• Coordinating with our Internal Audit partners to improve our SOX and SOC audits
• Setting the roadmap and vision for the Compliance team, collaborating with the broader Governance, Risk, and Compliance group
• Improving our control posture, year over year, through measurement, prioritization, communication, and collaboration with partner teams
• Developing and fostering a healthy and collaborative culture for your team that embodies both industry best practices and Nordstrom values
• Growing and developing an incredible team of talented and motivated program managers and engineers with high expectations around individual ownership and impact

You own this if you have...

• Broad and deep understanding of the retail business domain, including experience with online, phone order, and physical store sales channels
• Knowledge of PCI assessment processes and requirements at a Level 1 merchant, including data centers, retail locations, call centers, and cloud computing environments
• Working experience with security risk management frameworks including related regulatory compliance requirements (NIST CSF & 800-53, ISO27001 and ISO27002, SOX, HIPAA, PCI, CCPA, etc.)
• Knowledge of how regulatory requirements can be met across a diverse set of technical environments-from legacy mainframe computers to containers in the cloud
• Excellent written and verbal communications, including presentation skills, are important to be successful in this role. Proven ability to effectively communicate with all levels of the organization, as well as with external parties
• Ability to foster collaborative, open, working relationships with technology and other stakeholders
• Demonstrable ability to establish a vision, define a roadmap, and to execute on it
• Pragmatism. You can prioritize, simplify, and make a path toward results
• Proactive mindset. You seek the best solution for the company and customer and take action without being directed
• Capability to truly listen to our customers and partners, internalize their needs and develop simple and elegant solutions that they can't live without
• A bias towards action guided by evidence-based decision-making mindset
• Current PCI ISA certification for a retail corporation preferred
• 5+ years of experience in retail security compliance preferred
• Internal Audit experience preferred

We've got you covered...

Our employees are our most important asset and that's reflected in our benefits. Nordstrom is proud to offer a variety of benefits to support employees and their families, including:

• Medical/Vision, Dental, Retirement and Paid Time Away
• Life Insurance and Disability
• Merchandise Discount and EAP Resources

A few more important points...

The job posting highlights the most critical responsibilities and requirements of the job. It's not all-inclusive. There may be additional duties, responsibilities and qualifications for this job.

Nordstrom will consider qualified applicants with criminal histories in a manner consistent with all legal requirements.

Applicants with disabilities who require assistance or accommodation should contact the nearest Nordstrom location, which can be identified at

2022 Nordstrom, Inc

Current Nordstrom employees: To apply, log into Workday, click the Careers button and then click Find Jobs.

Pay Range Details

The pay range(s) below are provided in compliance with state specific laws. Pay ranges may be different in other locations.

Washington: $141,000 - $258,000 Annually

This position may be eligible for performance-based incentives/bonuses. Benefits include 401k, medical/vision/dental/life/disability insurance options, PTO accruals, Holidays, and more. Eligibility requirements may apply based on location, job level, classification, and length of employment. Learn more in the Nordstrom Benefits Overview by copying and pasting the following URL into your browser: _Overview_17-19.pdf