Sr Manager- Governance, Risk and Compliance (GRC) @ Five Below

Position Summary:

The Senior Manager of Information Security, GRC will lead the organization's efforts to manage IT Security risks, ensure compliance with regulatory requirements, and oversee the company’s IT Security policy. This role entails serving as the primary IT liaison for Internal Audit, providing management oversight into the Third Party Risk Management process, serving as the PCI Program Manager and accountability for the delivery and progress reporting to Senior Leadership of any risk and remediation to risks associated with IT Security, regulatory compliance and IT General Controls (ITGCs).

Key Responsibilities:

1. Lead a team of analysts supporting various aspects of the GRC function, including control verification testing, oversight over control execution, and facilitating quarterly access reviews.
2. Provide senior-level expertise for compliance with the NIST framework, SOX, PCI, and IT Security.
3. Ensure IT Security policies are current; facilitate review and approval of any changes.
4. Support the development and maintenance of the risk register.
5. Identify and assess technology risks; evaluate the effectiveness of IT infrastructure, applications, security, and internal controls.
6. Record and report IT Security risks, findings, and control deficiencies to stakeholders including Internal Audit and Senior Leadership.
7. Monitor and manage the remediation of IT Security risks, findings, or control deficiencies.
8. Oversee third-party risk management, including SOC reporting assessments and reviews.
9. Serve as the primary IT liaison to Internal Audit.
10. Oversee the PCI Program and collaborate with external QSA to achieve compliance.
11. Participate in the Change Advisory Board and coordinate with cross-functional teams on project implementations to address risk and compliance requirements.

Qualifications:

1. Undergraduate degree or equivalent experience, preferably in Information Technology and/or auditing.
2. Minimum of 8 years of experience in IT Security, Risk Management, and Internal Audit.
3. Experience with a Big 4 or leading risk advisory/public accounting firm is preferred.
4. Certifications such as CISA, CRISC, CISSP, or CISM are highly desirable.
5. Deep knowledge of standards and frameworks like NIST, PCI DSS, and SOX; ability to assess SOC reporting and maintain control effectiveness.
6. Proven leadership and team management skills.
7. Excellent communication skills and ability to work with diverse teams.
8. Strong analytical and problem-solving skills.
9. Experience with compliance tools like AuditBoard is a plus.

Explore our benefits at benefits.fivebelow.com/public/welcome and learn about our inclusive culture and opportunities. Five Below is an Equal Opportunity Employer and is committed to providing reasonable accommodations for individuals with disabilities. For inquiries, visit crewservices.zendesk.com/hc/en-us/requests/new. Beware of fraudulent postings; verify recruiter email addresses and do not share financial information during the hiring process. For more roles, visit fivebelow.com/info/careers.