Manager Technology, Security
Listed on 2026-07-06
-
IT/Tech
Cybersecurity, Information Security, Data Security
About the Team
The Security Compliance Team is responsible for Williams-Sonoma, Inc.’s enterprise security compliance, third-party risk, and cybersecurity risk management programs. The team is comprised of subject matter experts who partner with the business to deliver compliance solutions in a dynamic environment.
AboutThe Role
The Manager, Security Compliance leads the team and is responsible for setting strategy, establishing standards, and ensuring effective execution across the Security Compliance function. Reporting to the CISO, this leader manages a team of security compliance professionals and contractors, with accountability for program outcomes, team performance, and enterprise risk visibility. The role partners closely with Technology, Legal, Internal Audit, and business stakeholders to ensure a scalable, risk-aligned control environment.
This position plays a critical role in maintaining audit readiness, strengthening the company’s control framework, and providing clear, actionable insight into compliance posture, risks, and remediation progress to executive leadership and the Board.
- Lead and evolve the Security Compliance function, managing a high-performing team and driving consistent, high-quality execution across all program areas
- Own and govern the enterprise security compliance and control framework, ensuring alignment with regulatory requirements and industry standards (PCI DSS, NIST, GDPR, CPRA, SOX) and driving continuous improvement
- Oversee key compliance programs, including PCI, SOX, and privacy, ensuring audit readiness, effective control operation, and successful assessments
- Lead the Third-Party Risk Management program, establishing scalable, risk-based processes for vendor assessment, monitoring, and governance, and providing clear visibility into third-party risk exposure
- Drive the enterprise cybersecurity risk management program, ensuring risks are identified, prioritized, and remediated with clear accountability and executive visibility
- Partner cross-functionally with Technology, Legal, Internal Audit, and business teams to embed security and compliance into operations and decision-making
- Own audit and regulatory engagement, serving as the primary liaison with Internal Audit and ensuring efficient, well-coordinated audit execution
- Provide clear, actionable reporting to executive leadership and the Board, translating complex risk and compliance topics into meaningful insights
- Shape and mature the security awareness program, measurably improving human risk outcomes and strengthening the company’s overall security posture
- Success in this role is defined by the effectiveness of the control environment, clarity of risk visibility, and the organization’s ability to sustain audit readiness and compliance at scale
- You have minimum of 6 + years of related experiences (information security, risk, or compliance), including people management experience driving results, creating solutions and achieving as one team
- Bachelor's degree in Risk Management, or related fields, or equivalent work experience
- You have deep expertise in SOX, privacy regulations, and third-party risk management, and strong working knowledge of PCI DSS
- You have strong decision-making, conflict resolution skills and experience leading teams and scaling enterprise compliance and risk programs
- You are effective at driving accountability across both direct reports and cross-functional stakeholders
- You are comfortable engaging with executive leadership and board-level audiences
- You can translate complex regulatory requirements into practical, business-aligned control strategies
- You bring a strong risk-based mindset, balancing compliance obligations with operational effectiveness
- Relevant certifications such as CISSP, CISM, CISA, CRISC, or PCI ISA/QSA are preferred
- This role requires being onsite in the Rocklin, CA office, Monday through Thursday and Friday as optional in the office
- You have the following technical competencies:
- Deep understanding of security and compliance frameworks (PCI DSS, NIST, ISO 27001, SOX)
- Experience with third-party risk management methodologies and tools
- Experience with GRC…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).