×
Register Here to Apply for Jobs or Post Jobs. X

Director IT Risk and Compliance

Job in Marlborough, Middlesex County, Massachusetts, 01752, USA
Listing for: BJ's Wholesale Club
Full Time position
Listed on 2026-07-08
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, IT Project Manager, IT Business Analyst
Salary/Wage Range or Industry Benchmark: 185000 - 225000 USD Yearly USD 185000.00 225000.00 YEAR
Job Description & How to Apply Below

Reports To

VP, IT Security and Compliance

Team Size

Leads a team of compliance, risk, and security analysts

Position Overview

BJ’s Wholesale Club is a Fortune 500 membership-based wholesale retailer operating over 267 clubs and 205 gas stations across the Eastern United States. As a high-volume retailer processing millions of transactions annually, our IT Risk & Compliance function is mission-critical — safeguarding member data, ensuring regulatory adherence, and enabling the business to innovate with confidence.

We are seeking a Director of IT Risk & Compliance to lead the organization’s information technology risk management and regulatory compliance programs. This is a pivotal leadership role at a moment of transformation: you will lead a tenured, high-performing team and have the mandate to modernize processes — leveraging AI, automation, and purpose-built GRC platforms to shift the function from reactive to predictive.

The ideal candidate brings deep SOX ITGC and PCI DSS expertise, a track record of cross-functional influence at the executive level, and the vision to build a compliance program that is both rigorous and efficient.

Responsibilities Compliance Program Leadership
  • Own and mature the SOX IT General Controls (ITGC) program end-to-end: scoping, control design, testing coordination, interim and year-end audit support, and remediation tracking.
  • Direct PCI DSS assessment activities and annual penetration testing, partnering with QSAs and internal stakeholders to maintain compliance posture.
  • Collaborate with the IT leadership team on Governance, Operating Model and SDLC to ensure compliance with internal policy, industry standards and regulatory landscape.
  • Serve as the primary liaison to Internal Audit, External Audit and Legal; manage audit findings through to closure.
  • Own the annual IT policy review cycle to ensure policies reflect current regulatory requirements, emerging risks, and operational capabilities.
  • Lead enterprise IT and cybersecurity risk assessments; maintain the IT risk register and report quarterly to senior leadership and the Risk Management Committee.
  • Oversee the Vendor Risk Assessment program and Third-Party Risk Monitoring, including platform management and escalation protocols.
  • Partner with Legal and Privacy teams on e-discovery, Legal Hold requests, contract reviews involving technology, and data retention obligations.
  • Drive Architecture and Solution reviews in partnership with the enterprise architecture team to embed security and compliance requirements into project delivery.
  • Maintain and exercise Incident Response plans; lead or co-lead annual executive and technical tabletop exercises.
  • Design and oversee the enterprise security awareness and phishing tests program, ensuring content is role-relevant, engaging, and aligned to the current threat landscape facing large-scale retail environments.
AI, Automation & Process Modernization
  • Champion the use of AI and automation to modernize compliance testing, evidence collection, and risk reporting — reducing manual effort and accelerating cycle times.
  • Co-lead the monthly AI Working Group, evaluating emerging AI tools for risk and governance implications and piloting responsible AI use cases within the compliance function.
  • Implement and optimize GRC platform capabilities to centralize controls management, automate workflows, and enable real-time compliance dashboards.
  • Develop data-driven KPIs and metrics that provide the VP, IT Security and Compliance and ELT with actionable risk intelligence.
Stakeholder Engagement & Team Leadership
  • Build and lead a high-performing team of IT risk and compliance professionals; provide coaching, career development, and performance management.
  • Foster a culture of accountability and continuous improvement, where compliance is viewed as a business enabler rather than a gating function.
  • Present risk and compliance status to the ELT, Audit Committee, and Board-level stakeholders; translate technical risk into business language.
  • Collaborate across Technology, Finance, Legal, Internal Audit, and business units to drive cross-functional risk reduction initiatives.
  • Interpret evolving legislation and regulatory…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary