Sr Manager- Governance, Risk and Compliance (GRC)

At Five Below our growth is a result of the people who embrace our purpose: We know life is way better when you are free to Let Go & Have Fun in an amazing experience, filled with unlimited possibilities, priced so low, you can always say yes to the newest, coolest stuff! Just ask any of our over 20,000 associates who work at Five Below and they’ll tell you there’s no other place like it. It all starts with our purpose and then, The Five Below Way, which is our values and behaviors that each and every associate believes in.

It’s all about culture at Five Below, making this a place that can inspire you as much as you inspire us with big ideas, super energy, passion, and the ability to make the workplace a WOWplace!

Position Summary:

The Senior Manager of Information Security, GRC will lead the organization's efforts to manage IT Security risks, ensure compliance with regulatory requirements, and oversee the company’s IT Security policy. This role entails serving as the primary IT liaison for Internal Audit, providing management oversight into the Third Party Risk Management process, serving as the PCI Program Manager and accountability for the delivery and progress reporting to Senior Leadership of any risk and remediation to risks associated with IT Security, regulatory compliance and IT General Controls (ITGCs).

Key Responsibilities:

• Lead a team of analysts that support various aspects of the GRC function including control verification testing, oversight over control execution including the facilitation and completeness of quarterly access reviews.

• Provide senior level expertise for compliance with the NIST framework, SOX, PCI and IT Security.

• Ensure IT Security policies remain current and facilitate the review and approval of any changes.

• Provide oversight in the development and ongoing support of the risk register.

• Identify and assess technology risks, evaluate the efficiency and effectiveness of areas such as information technology infrastructure, applications, security, and internal controls.

• Ensures IT Security risks, findings and control deficiencies are properly recorded and reported to various stakeholders including Internal Audit and Senior Leadership.

• Monitor and manage the delivery and progress reporting of any remediation related to IT Security risks, findings or control deficiencies.

• Provide management and oversight into the third-party risk management process including the assessment and ongoing review of SOC reporting.

• Serve as the primary IT Liaison to Internal Audit.

• Oversee the PCI Program and work with the external QSA to achieve a Report on Compliance.

• Actively participate in the Change Advisory Board and work with cross-functional teams on project implementations to ensure risk and compliance requirements are effectively addressed.

Qualifications:

• Undergraduate degree or equivalent experience is required with emphasis in Information Technology and/or auditing preferred.

• Minimum of 8 years of experience in a mix of IT Security, Risk Management and Internal Audit.

• Experience with a Big 4 or leading risk advisory/public accounting firm is preferred.

• Professional certifications such as CISA, CRISC, CISSP, or CISM are highly desirable.

• In-depth knowledge required of regulatory standards and frameworks like NIST, PCI DSS and SOX as well as ability to assess SOC reporting and implement the necessary requirements to maintain control effectiveness.

• Proven ability to manage and lead a team.

• Excellent communication skills and the ability to work effectively with diverse teams.

• Strong analytical and problem-solving skills.

• Strong project management skills.

• Experience with compliance tools such as AuditBoard is a plus.

Explore our benefits site to discover all the perks and support we offer! From health coverage to financial and personal wellness, we've got you covered—check it out today! benefits.fivebelow.com/public/welcome

Five Below is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, age, national origin, disability, protected veteran status, gender identity or any other factor protected by applicable federal, state, or local laws.

Five Below is committed to working with and providing reasonable accommodations for individuals with disabilities. If you need a reasonable accommodation because of a disability for any part of the employment process, please submit a request and let us know the nature of your request and your contact information. crewservices.zendesk.com/hc/en-us/requests/new

BE AWARE OF FRAUD! Please be aware of potentially fraudulent job postings or suspicious recruiter activity by persons that are posing as a Five Below recruiters. Please confirm that the person you are working with has an @fivebelow.com email address. Additionally, Five Below does NOT request financial information or payments from candidates at any point during the hiring process. If you suspect fraudulent activity, please visit Five Below's Career Site to verify the posting. fivebelow.com/info/careers