As a Senior Program Manager Tech within Nordstrom's Governance, Risk, and Compliance (GRC) team, you will be a key member of our Compliance Assessment (CA) Team. We build scalable compliance programs to enhance Nordstrom’s security posture, reduce risk, and ensure audit success across complex regulatory frameworks.
In this role, you will lead compliance assessments working directly with external assessors, partnering with internal stakeholders in both business and technical roles to create specifications and resolve issues with an eye toward continuous improvement. You will work across department and functional lines on a variety of programs that range in scope, risk, and complexity.
Are you a skilled program manager who enjoys managing security assessments? Do you have a passion for protecting companies from the latest security threats? Do you think about ways to foster continuous improvement in security controls using AI and automation? Join our team and be part of a company that is on the cutting edge of retail technology geared at getting consumers the products they love in a safe and secure environment.
A day in life…
Provide guidance and best practices to Nordstrom engineers and leadership on how to effectively meet regulatory requirements Serve as a PCI subject matter expert and mange the annual merchant assessmentSupport various regulatory and security assessments and applies both qualitative and quantitative assessment techniques and develops test approaches for compliance validationManage the full lifecycle of applicable risk/compliance remediation plans, including the development of detailed treatment plans, their documentation, rigorous tracking, and validation of efforts from internal stakeholders.Drive the standardization and enhancement of assessment programs and improve the Common Control Framework to increase control testing efficiencyProvide input and guidance on our security policies and standards to ensure compliance with regulatory requirements Identify and implement process improvements to enhance operational efficiency.Contribute to the strategic vision and roadmap for the Compliance Assessment Team, supporting the development of reusable, scalable solutions to enhance program efficiency and support organizational growthDefine KPIs and KRIs and continuously measure and report on the effectiveness of our control posture, driving year-over-year improvement and sustained audit success.Mentor and support the growth of other program managers within the team, fostering a culture that values individual ownership and impact.You own this if you have...
Bachelor’s or Master’s degree in a relevant field of study, or equivalent work experience5+ years of demonstrated successful program management and delivery experience5+ years of experience managing technically complex PCI assessments end to end with external assessors and a deep knowledge of PCI assessment processes and requirements at a Level 1 merchant, including data centers, retail locations, call centers, and cloud computing environments Demonstrated proficiency with security and regulatory frameworks (CIS, NIST, SOX, HIPAA, PCI DSS, CCPA, etc.) Broad and deep understanding of the retail business domain, including experience with online, phone order, and physical store sales channels Knowledge of how regulatory requirements can be met across a diverse set of technical environments—from legacy mainframe computers to containers in the cloud Experience building or maintaining a Common Control FrameworkStrong bias for results and can operate with autonomy to address bottlenecks, provide escalation management, anticipate and make trade-offs, and encourage behavior to maximize business benefitHighly collaborative skillsets and can build and leverage relationships with internal and external stakeholderExcellent written and verbal communications, including presentation skills, and proven ability to effectively communicate with all levels of the organization, as well as with external parties.Preferred Qualifications:
Experience with assessment automationTechnical background and demonstrated proficiency in security toolingExperience with Onspring or Archer GRC platformsCPA, CIA, CISA, CISM, CISSP, or similar certifications preferredWe’ve got you covered…
Our employees are our most important asset and that’s reflected in our benefits. Nordstrom is proud to offer a variety of benefits to support employees and their families, including:
Medical/Vision, Dental, Retirement and Paid Time AwayLife Insurance and DisabilityMerchandise Discount and EAP ResourcesA few more important points...
The job posting highlights the most critical responsibilities and requirements of the job. It’s not all-inclusive. There may be additional duties, responsibilities and qualifications for this job.
Nordstrom conducts background checks and considers qualified applicants with criminal histories in a manner consistent with all legal requirements.
Applicants with disabilities who require assistance or accommodation should contact the nearest Nordstrom location, which can be identified at www.nordstrom.com.
Please be mindful that there may be legal notices and requirements related to this job posting that are specific to your state. Review the Career Site FAQ’s for relevant information and guidelines.
© 2022 Nordstrom, Inc
Current Nordstrom employees: To apply, log into Workday, click the Careers button and then click Find Jobs.
Pay Range Details
The pay range(s) below has been provided in compliance with state specific laws. Pay ranges may be different for other locations.
Pay offers are dependent on the location, as well as job-related knowledge, skills, and experience.