Director IT Risk and Compliance
Listed on 2026-07-08
-
IT/Tech
Cybersecurity, Information Security, IT Project Manager, IT Business Analyst
Reports To
VP, IT Security and Compliance
Team SizeLeads a team of compliance, risk, and security analysts
Position OverviewBJ’s Wholesale Club is a Fortune 500 membership-based wholesale retailer operating over 267 clubs and 205 gas stations across the Eastern United States. As a high-volume retailer processing millions of transactions annually, our IT Risk & Compliance function is mission-critical — safeguarding member data, ensuring regulatory adherence, and enabling the business to innovate with confidence.
We are seeking a Director of IT Risk & Compliance to lead the organization’s information technology risk management and regulatory compliance programs. This is a pivotal leadership role at a moment of transformation: you will lead a tenured, high-performing team and have the mandate to modernize processes — leveraging AI, automation, and purpose-built GRC platforms to shift the function from reactive to predictive.
The ideal candidate brings deep SOX ITGC and PCI DSS expertise, a track record of cross-functional influence at the executive level, and the vision to build a compliance program that is both rigorous and efficient.
Responsibilities Compliance Program Leadership- Own and mature the SOX IT General Controls (ITGC) program end-to-end: scoping, control design, testing coordination, interim and year-end audit support, and remediation tracking.
- Direct PCI DSS assessment activities and annual penetration testing, partnering with QSAs and internal stakeholders to maintain compliance posture.
- Collaborate with the IT leadership team on Governance, Operating Model and SDLC to ensure compliance with internal policy, industry standards and regulatory landscape.
- Serve as the primary liaison to Internal Audit, External Audit and Legal; manage audit findings through to closure.
- Own the annual IT policy review cycle to ensure policies reflect current regulatory requirements, emerging risks, and operational capabilities.
- Lead enterprise IT and cybersecurity risk assessments; maintain the IT risk register and report quarterly to senior leadership and the Risk Management Committee.
- Oversee the Vendor Risk Assessment program and Third-Party Risk Monitoring, including platform management and escalation protocols.
- Partner with Legal and Privacy teams on e-discovery, Legal Hold requests, contract reviews involving technology, and data retention obligations.
- Drive Architecture and Solution reviews in partnership with the enterprise architecture team to embed security and compliance requirements into project delivery.
- Maintain and exercise Incident Response plans; lead or co-lead annual executive and technical tabletop exercises.
- Design and oversee the enterprise security awareness and phishing tests program, ensuring content is role-relevant, engaging, and aligned to the current threat landscape facing large-scale retail environments.
- Champion the use of AI and automation to modernize compliance testing, evidence collection, and risk reporting — reducing manual effort and accelerating cycle times.
- Co-lead the monthly AI Working Group, evaluating emerging AI tools for risk and governance implications and piloting responsible AI use cases within the compliance function.
- Implement and optimize GRC platform capabilities to centralize controls management, automate workflows, and enable real-time compliance dashboards.
- Develop data-driven KPIs and metrics that provide the VP, IT Security and Compliance and ELT with actionable risk intelligence.
- Build and lead a high-performing team of IT risk and compliance professionals; provide coaching, career development, and performance management.
- Foster a culture of accountability and continuous improvement, where compliance is viewed as a business enabler rather than a gating function.
- Present risk and compliance status to the ELT, Audit Committee, and Board-level stakeholders; translate technical risk into business language.
- Collaborate across Technology, Finance, Legal, Internal Audit, and business units to drive cross-functional risk reduction initiatives.
- Interpret evolving legislation and regulatory…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).