Position Detail

Senior Manager, Governance, Risk, and Compliance

Apply Location: Northbrook, Illinois

We inspire purpose-filled living that brings joy to the modern home. With a team of more than 8,000 associates spanning 130 store and distribution locations across the U.S. and Canada, we achieve together, drive results and innovate to inspire. Drawn together by a shared passion for our customers and a spirit of fun, we deliver high-quality home furnishings that are expertly designed, responsibly sourced and bring beauty and function to people’s homes. From the day we opened our first store in Chicago in 1962 to the digital innovations that engage millions of customers today, our iconic brand is nearly 60 years in the making—and our story is still unfolding.

We’re here for it. We think you should be too. We’re looking for a driven professional with an inclusive mindset to join our team as a Senior Manager, Governance, Risk, and Compliance...

The Senior Manager of GRC, is a member of the IT Leadership Team and is responsible for leading the development and implementation of the IT Governance, Risk and Compliance programs for the Enterprise. The GRC Manager will build and manage five core Security Programs: 1) IT Governance - leveraging the organizations security standards and applicable compliance regulations, 2) IT Risk management, including third party vendor risk, 3) IT Compliance with applicable IT standards, laws, and regulations (including PCI), 4) Security Awareness Training and Education (including Phishing exercises), and 5) Security and Compliance Metrics.

What You'll Do...

  • Define IT Governance, Risk and Compliance programs and strategies for the enterprise, including program services, tools and processes.
  • Stay informed of regulatory changes affecting the Retail industry at the state, national and international level, and communicate to key stakeholders around these topics.
  • Develop an IT Governance Program:
    • Manage development, implementation, and ongoing governance and reporting to ensure that IT compliance requirements and responsibilities are managed by the IT organization
    • Lead the development and implementation of effective and reasonable policies and practices to secure sensitive data and ensure
    • information security and compliance with relevant legislation and legal interpretation
  • Develop an IT Risk Management Program:
    • Develop the Vendor & Third Party Risk Management Program
    • Perform Risk Assessments on solutions, products, services or processes and communicate/document the risks involved for Leadership
    • Develop a Risk Exception and Dispensation process
    • Review and negotiate third party contract DPA’s (Data Protection Agreements) for security, compliance, risk, and data protection purposes
  • Develop an IT Compliance Program:
    • Develop a strategy for managing and facilitating internal and external audits, and compliance assessments within the IT Organization
    • Standardize internal and external IT Audit/Assessment processes, define SLA’s to improve efficiencies of audit requests within the IT Organization
    • Lead and drive Audit and Compliance findings remediation efforts and projects across the IT Organization
      PCI SME that will drive credit card security and PCI Compliance on new projects and existing infrastructure and business processes
    • Manage monthly, quarterly and annual PCI compliance activities and retain all required documentation and evidence for external audit
  • Develop a robust Security Awareness Training and Education Program to meet PCI compliance requirements as well as an employee
  • Phishing Exercise program.
  • Develop a standard set of Security and Compliance monthly metrics to be used for tracking progress, operational efficiencies, and Executive Leadership
  • Additional Responsibilities include but not limited to:
    • Provide SME and solution advisory services to the business and enterprise projects around data protection issues, risk management and PCI compliance
    • Develop strategy, enhance and manage the enterprise Security Awareness Program, while developing innovative ways to provide awareness of key security concerns to the enterprise including employee Phishing exercises
    • Develop key governance, risk and compliance reporting metrics to ensure progress on these programs is managed and understood by leadership
    • Manage a team of compliance analysts
    • Implement projects, tools and processes to support the IT GRC function
    • Performance of other duties and responsibilities as assigned

What You'll Bring...

  • Bachelor’s Degree or equivalent work experience, or Security certifications
  • A minimum of 8 years of experience within Governance, Risk, Compliance
  • A minimum of 8 years of PCI Compliance experience
  • Prior experience with NIST, ISO, Privacy, Security standards and Frameworks
  • Expertise in internal project consulting, new products and vendor assessments/evaluations and providing compliance requirements and recommendations
  • Ability to explain technical concepts to technical and non-technical business personnel
  • Expertise in internal project consulting and providing compliance requirements
  • Experience with identity and access management and cloud environments
  • Excellent analytical and problem-solving skills
  • Must be able to work independently with minimal supervision
  • Ability to work a flexible schedule based on department and company needs
  • Excellent written and verbal communication skills (English)



Job ID 2022-14328 Date posted 09/03/2022 Position Type Full-Time

Our commitment to our associates is of the utmost importance. One of the reasons the company attracts such a dynamic group of associates is that we offer a full menu of benefits that are relevant to their lives, both on and off the job. Many of these benefits begin on day one, and extend to eligible dependents. To learn more about available benefits please click https://jobs.crateandbarrel.com/benefits.

Euromarket Designs, Inc., which does business as Crate and Barrel and CB2, will be referred to as “the Company”. The Company is deeply committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation for any part of the application process, or in order to perform the essential functions of a position, please contact the location you are applying to here and ask to speak with a manager regarding the nature of your request.

The Company is an equal opportunity employer; applicants are considered for all positions without regard to race, color, religious creed, sex, national origin, citizenship status, age, physical or mental disability, sexual orientation, gender identity, marital, parental, veteran or military status, unfavorable military discharge, or any other status protected by applicable federal, state or local law.

The Company participates in E-Verify and will provide the federal government with your Form I-9 information to confirm that you are authorized to work in the US.

State / City Compliance: The Company will consider for employment qualified applicants with criminal history, including arrest and conviction records, in accordance with the Los Angeles Fair Chance Initiative for Hiring and the San Francisco Fair Chance Ordinance.


Get To Know Our Team.

Get to know us and find out why you should become part of our team.

Woman sitting and smiling

Match Your Skills.

Search jobs based on the skills and experience in your LinkedIn profile.

Start Matching Skills