Director IT Risk and Compliance

## Director IT Risk and Compliance Apply locations:
BJ's Club Support Center Marlborough, MA #5997posted on:
Posted Todayjob requisition :
R240944
** A World-Class Team
** BJ’s Wholesale Club is powered by more than 30,000 team members who make a real impact every day. Whether you're stocking shelves, solving problems or shaping strategy, your work helps families save on what matters most.

We’re a team built on purpose and opportunity. Join us and be part of something meaningful.
** Why You’ll Love Working at BJ’s
** At BJ’s Wholesale Club, our team members are at the heart of everything we do. That’s why we offer a comprehensive benefits package designed to support your health, well-being and future – both on and off the job. When you grow, we grow.
** Here’s just some of what you can look forward to:**
* ** Weekly Pay:
** Get paid every week so that you can manage your money on your terms.
* ** Free BJ’s Memberships:
** Enjoy a complimentary The Club Card Membership, plus a free Supplemental Membership for someone in your household.
* ** Generous Paid Time Off:
** Take the time you need with vacation, personal, sick days, holidays, bereavement, and jury duty leave.
* ** Flexible and Affordable

Health Benefits:

** Choose from three medical plans, and access optional dental, vision, Health Savings Account (HSA), and flexible spending account options to fit your lifestyle.
* ** 401(k) Retirement Savings Plan:
** Build your financial future with a company match (available to team members 18 and older).
* ** Employee Stock Purchase Plan:
** Accumulate funds through after-tax payroll deductions that can be used to purchase shares of BJ’s common stock at a 15% discount.  Eligibility requirements vary by position.
** Reports To**: VP, IT Security and Compliance                          
** Team Size**:
Leads a team of compliance, risk, and security analysts
** Travel**:
Minimal (≤10%)
*
* Position Overview:

** BJ’s Wholesale Club is a Fortune 500 membership-based wholesale retailer operating over 267 clubs and 205 gas stations across the Eastern United States. As a high-volume retailer processing millions of transactions annually, our IT Risk & Compliance function is mission-critical — safeguarding member data, ensuring regulatory adherence, and enabling the business to innovate with confidence.

We are seeking a Director of IT Risk & Compliance to lead the organization’s information technology risk management and regulatory compliance programs. This is a pivotal leadership role at a moment of transformation: you will lead a tenured, high-performing team and have the mandate to modernize processes — leveraging AI, automation, and purpose-built GRC platforms to shift the function from reactive to predictive.

The ideal candidate brings deep SOX ITGC and PCI DSS expertise, a track record of cross-functional influence at the executive level, and the vision to build a compliance program that is both rigorous and efficient.
** Responsibilities:
** Compliance Program Leadership
* Own and mature the SOX IT General Controls (ITGC) program end-to-end: scoping, control design, testing coordination, interim and year-end audit support, and remediation tracking.
* Direct PCI DSS assessment activities and annual penetration testing, partnering with QSAs and internal stakeholders to maintain compliance posture.
* Collaborate with the IT leadership team on Governance, Operating Model and SDLC to ensure compliance with internal policy, industry standards and regulatory landscape.
* Serve as the primary liaison to Internal Audit, External Audit and Legal; manage audit findings through to closure.
* Own the annual IT policy review cycle to ensure policies reflect current regulatory requirements, emerging risks, and operational capabilities.

IT Risk Management
* Lead enterprise IT and cybersecurity risk assessments; maintain the IT risk register and report quarterly to senior leadership and the Risk Management Committee.
* Oversee the Vendor Risk Assessment program and Third-Party Risk Monitoring, including platform management and escalation protocols.
* Partner with Legal and Privacy teams on e-discovery, Legal Hold requests, contract reviews involving…