Manager, InfoSec Compliance & Governance Job at GAP Inc., San Francisco, CA

TmxJKytoa3Z3U1FQTGVpNHRwSUlxRWVoTVE9PQ==
  • GAP Inc.
  • San Francisco, CA

Job Description

Manager, InfoSec Compliance & Governance About the RoleRole Overview: As a of Mgr InfoSec Governance & Compliance, you will play a critical role in ensuring our organization meets compliance standards and protects sensitive data across our international operations. You will work closely with technical experts, legal counsel, and other global stakeholders, applying analytical and interpersonal skills to bridge operational and technical gaps. You will deliver program activities on-time for successful assessments and audits. What You'll Do Key Responsibilities:

  • Compliance Management: Facilitate audits and assessments to ensure compliance with relevant regulatory standards (e.g., GDPR, CCPA, PCI DSS, SWIFT, SOX). Provide support for compliance activities and ensure compliance program activities are occurring as scheduled and effectively managed.
  • Policy Development: Draft, update, and enforce compliance with IT security policies, procedures, and guidelines in line with global and regional regulations. Collaborate with business units to ensure policies are effectively communicated and implemented.
  • Third Party Risk Management: Evolve and execute vendor security assessment processes. Review vendor security documentation and identify potential risks. Maintain vendor inventory risk ratings. Collaborate with procurement and legal teams on vendor contracts and security requirements.
  • Technical Control Implementation: Work with IT and development teams to validate technical security controls. Evaluate technical solutions for compliance with regulatory requirements. Follow and maintain control testing procedures and schedules.
  • Collaboration: Liaise effectively with both technical teams (e.g., IT operations, cybersecurity), legal (e.g., compliance officers, external counsel) and business teams to align compliance initiatives.
  • Training & Awareness: Develop and deliver training programs to educate employees on security compliance and best practices.
  • Documentation: Maintain accurate and up-to-date records of compliance activities, audits, and risk assessments.
  • Continuous Improvement: Monitor and evaluate the effectiveness of compliance programs and recommend enhancements.
  • Technical Communication: Communicate technical and regulatory specifications and requirements to non-technical personnel in a clear and understandable manner.
Qualifications:
  • Education: Bachelor’s degree or equivalent experience in Computer Science, Information Security, or a related field. Advanced degree preferred.
  • Experience: 4+ years of experience in IT security compliance, preferably in a global retail or eCommerce environment, with a proven track record of creating and reviewing compliance policies.
• Technical Skills:
  • Strong knowledge of compliance standards like GDPR, CCPA, PCI DSS, SOX
  • Familiarity with risk management frameworks such as NIST, ISO 27001.
  • Experience with cloud security platforms (e.g., AWS, Azure, Google Cloud).
  • Proficiency in security tools and technologies (e.g., FW/WAF, SIEM, DLP, IAM).
  • Familiarity with engineering development toolchains and capabilities.
• Soft Skills / Competency:
  • Proactive problem-solver who can identify compliance gaps before they become issues.
  • Exceptional critical thinking and problem-solving abilities to analyze complex compliance issues and propose effective solutions.
  • Strong interpersonal and communication skills to build relationships with diverse stakeholders across technical, legal audiences and business audiences.
  • Adaptability and cultural sensitivity, fostering collaboration in a global environment.
  • Proactive approach to identifying risks and opportunities for improvement.
  • Attention to detail with excellent organizational and time-management skills.
  • Ability to communicate technical specifications and compliance requirements to non-technical personnel in a clear and understandable manner.
Who You Are • Certifications: CISA, CISM, CISSP, or equivalent. • Additional Experience:
  • Experience with Governance, Risk & Compliance (GRC) platforms.
  • Experience with cloud security platforms (e.g., AWS, Azure, Google Cloud).
  • Expertise running IT compliance standard assessments is a plus.
  • Experience with data privacy regulations and frameworks (e.g., CPRA, ISO 27701).
  • Familiarity with DevSecOps practices and tools.

Job Tags

Similar Jobs

West Contra Costa Unified School District

School Secretary I - Stege Elementary 25TP168 Job at West Contra Costa Unified School District

 ...relieving him of clerical detail; and to do related work as required. JOB CHARACTERISTICS: Positions in this class exist at elementary schools and are characterized by the relatively small amount of supervision received, since many of the duties may be performed while the... 

InSync Healthcare Recruiters

Hospitalist or Nocturnist Job at InSync Healthcare Recruiters

 ...Excellent Hospitalist or Nocturnist Opportunity in London, KY. Position Highlights: We relish the challenge of managing complex cases within a semi-open ICU that benefits from intensivist coverage around the clock. Our team is not responsible for procedures or code... 

Clearwater at the Heights

Concierge Job at Clearwater at the Heights

 ...that celebrate our seniors? Clearwater at The Heights is a premier luxury senior living community in Houston and is looking for a Concierge to join the team!Clearwater Living associates enjoy great benefits:* Excellent benefits* 401(k) contributions* Paid... 

Ajax Systems

Remote Technical Sales Manager (North) Job at Ajax Systems

 ...is an international technological company and Europes largest security system manufacturer. In addition, the company offers solutions...  ...local experts best comprehend market specifics. The company has sales representatives worldwide, including Italy, Spain, Germany, France... 

Archdiocese of St. Louis

Middle School Literature Teacher Job at Archdiocese of St. Louis

 ...The Archdiocese of St. Louis Catholic Education and Formation features an expansive coalition of schools that allow our children to develop a sense of purpose and value, receive a higher quality education, join a welcoming community and feel secure in a a dynamic future...