Senior Staff IT Risk & Compliance Analyst - Remote available

TJX Companies

At TJX Companies, every day brings new opportunities for growth, exploration, and achievement. You’ll be part of our vibrant team that embraces diversity, fosters collaboration, and prioritizes your development. Whether you’re working in our four global Home Offices, Distribution Centers or Retail Stores—TJ Maxx, Marshalls, Homegoods, Homesense, Sierra, Winners, and TK Maxx, you’ll find abundant opportunities to learn, thrive, and make an impact. Come join our TJX family—a Fortune 100 company and the world’s leading off-price retailer.

Job Description:

What you’ll do

We are seeking a Senior Staff IT Risk & Compliance Analyst to enhance our growing IT Risk Management team. As a subject matter expert and a leader, you will play a crucial role in our Information Technology Risk Management Team and lead IT Risk capability, with knowledge of all capabilities supported by the team or function. The primary goal is to deliver services that reduce operational risk and continually improve efficiency. You will continue to expand your expertise and experience in cross-functional skills and areas/domains. TJX IT is evolving from a compliance-driven organization to one that proactively focuses on risk management. This is a global role based in the US, and some travel requirements may be negotiable.

Successful candidates will demonstrate:

• Lead IT Risk team to identify, assess, and communicate risks effectively.

• Ability to manage multiple projects or initiatives and ensure quality results.

• Overseeing complex risk and compliance reviews and assessments, developing and communicating new workflows and processes to ensure alignment with IT standards and policies.

• Managing complex challenges across projects or programs, supporting process improvements, and effectively communicating challenges to leadership.

• Driving individual and team development through feedback, education, and awareness initiatives, fostering a culture of continuous improvement.

• Building strong relationships with stakeholders, including senior leaders, to influence strategic direction and ensure process results meet organizational needs.

• Leading the development of reports and presentations, ensuring high-quality standards and delivering compelling presentations on various topics.

• Managing large-scale processes and program changes, coaching team members in process improvement, and implementing new programs.

• Strong critical thinking skills and implementing solutions with guidance.

• Identifying and leading improvements in processes.

What you’ll need

Our team is looking for people who put our internal customers first, are passionate about delivering value without compromising associate experiences, are not afraid to try new things in order to seek improvements, and are 100% outcome-focused. Our teams span multiple time zones and cultures, so inclusivity is a must. Working within and developing a team with varied strengths through inclusive behaviors is encouraged.

Successful candidates will have:

• Extensive experience and expertise in IT Governance, Risk, and Compliance Management, with at least 7+ years of progressive leadership in the areas of IT risk strategies/ cybersecurity/ business resiliency, principles, processes and deliverables.

• A bachelor’s degree in Computer Science, Cybersecurity, or a related field, or equivalent experience.

• Experience in developing and communicating new workflows and processes.

• Experience in performing IT risk profiling, IT risk assessment, treatment, monitoring, and reporting with an understanding of the legal implications of risk and compliance.

• Experience in developing and managing GRC services and products to drive efficiency IT Risk Management program.

• Excellent understanding of modern IT Risk & Compliance concepts and methodologies.

• Excellent understanding of IT & Cyber principles, Cyber technology, project management, program strategy, and software development lifecycle.

• Strong knowledge of IT policies, laws, standards, and frameworks (e.g., ISO31000, ISO27000, PCI DSS, COSO, NIST).

• Knowledge of IT industry trends and emerging technologies.

• Ability to build strong relationships with senior leaders and influence strategic direction.

Preferred:

• Certified Information Systems Security Professional (CISSP), or Certified in Risk and Information Systems Control (CRISC), or other certifications preferred

• Familiarity will GRC technology platforms (e.g., ServiceNow, Archer, etc.)

Address:

Location: