Information Technology Manager- GRC

  • Atlanta, Georgia, 30339


This position is responsible for assisting the IT Director – Cybersecurity and CISO in developing and executing the Company’s IT risk management program including third party risk and managing the regulatory compliance day-to-day operational activities for Sarbanes-Oxley (SOX) IT, PCI DSS and data privacy (CCPA/CPRA, etc.). This will involve working closely with the IT department as well as various functional areas that are the key stakeholders in the risk and compliance activities such as Internal Audit, Legal, HR, Finance and Accounting. This position would also act as the liaison for all internal and external audits.  The effective execution of these responsibilities will improve the Company’s control structure and risk posture to help protect Company assets from exposure to loss resulting from inadequate controls, develop meaningful business insights for management related to process improvements and ensure compliance with Company policy and related regulations. A high audit, risk, control, and compliance acumen are essential to this position along with knowledge and experience with automation and data analytics in support of reporting and monitoring GRC activities. This individual should be motivated to learn about the Company and be focused on applying that knowledge to affecting change within the organization.

Minimum Eligibility Requirements:

  • Bachelor’s degree in MIS, Computer Science or equivalent applicable degree
  • 6 to 10 years of experience in IT audit (internal or external), IT GRC or IT Risk Consulting required; Big 4 experience is desirable
  • CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), CISM (Certified Information Systems Manager) or other relevant certifications preferred
  • Advance level proficiency in Microsoft Word, Excel and PowerPoint
  • Familiarity with GRC Tools (preferably OneTrust)
  • Technical knowledge of application, database, operating system layer security design
  • Knowledge of various IT functions and processes such as IAM, BCDR, DLP, SDLC, Asset Management, Patching & Vulnerability Management, Security Operations, etc.
  • Experience with designing, monitoring, testing, assessing and remediating IT General Controls and application controls across various platforms
  • Examples include Azure Cloud, ERP systems, Linux, Windows/AD, Oracle DB, SQLServer DB, AS400, DB2, BI environments, ServiceNow, etc.
  • Expertise in IT SOX compliance and experience with other compliance standards or frameworks such as NIST CSF, PCI DSS, CCPA/CPRA, SSAE18 (SOC 1-2-3 reports), COBIT, and ITIL
  • Experience implementing policies and building and executing an IT Risk Management Program, Third party Risk Management Program, Data Privacy Program, etc.
  • Experience manipulating large data files and development of data queries and strong analytical skills
  • Demonstrate abilities and/or proven record of success in the following areas:
    • Evaluating internal controls design, identifying key risks and controls, developing and/or reviewing audit or compliance programs and recommending control design changes
    • Creating high quality deliverables using appropriate business and technical language
    • Collaborating with stakeholders and identifying and addressing their needs through the building of solid relationships and understanding their departmental challenges
    • Creating or contributing to a positive working environment through building solid relationships with team members by proactively seeking guidance and keeping leadership abreast of work status and any concerns in a timely manner
    • Using available resources and tools to research and expand one’s sphere of knowledge to enhance work product and contribute to business development efforts
    • Driving Cybersecurity assessments including maturity assessments using NIST CSF or other established frameworks as a baseline for overall GRC programs
  • Strong initiative, influence, negotiation, strategic thinking, professional judgment, flexibility, inquisitiveness, insight generation, root cause analysis, organizational savviness, attention to detail and resourcefulness
  • Strong verbal and written communication skills, to effectively present to peers and executive management
  • Excellent work ethic, time management, prioritization, integrity and accountability to be able to multi-task, meet deadlines, and work in a fast-paced environment while working remotely
  • Excellent customer service skills and work well under pressure with minimal supervision
  • Experience working in a publicly traded company and retail business acumen is a plus

Essential Job Functions:

  • Liaison with the Company’s external and internal audit to provide expertise and consultation for a smooth and effective audit process
  • Provide control guidance for all key projects and implementations in the IT portfolio
  • Provide excellent customer service to internal customers and partner with other functions to improve processes and create value
  • Execute day-to-day compliance activities for IT SOX, PCI DSS and CCPA/CPRA
  • Manage the third-party risk management program which including onboarding and ongoing maintenance of vendors (inherent and residual risk assessments, SOC report reviews, NIST questionnaires, etc.)
  • Formalize a comprehensive, long-term vision, strategy, and program charter that establishes a clear direction for the information security program
  • Refresh the Information Security policy in alignment with industry standards to allow for consistency, alignment and agreement of the policy, standards and procedures across the organization and comprehensive coverage of controls
  • Establish an information security program charter in alignment with business objectives
  • Document information security processes and procedures aligned to overarching cybersecurity policy
  • Establish an Information Security policy exceptions process, risk evaluation criteria, and identify a centralized exceptions repository. Formalize policy exception processes and procedures
  • Enhance the process to regularly inform executive leadership on cyber risks across all cyber domains. Formalize cyber risk-driven metrics and reporting processes and procedures
  • Establish a process to assess cyber threats and map threats to inherent and residual cyber risks
  • Formalize an enterprise cyber risk taxonomy aligned to the cyber risk appetite and report risk metrics to executive leadership on a regular basis
  • Establish a process for ERM to inform cyber risk appetite on an annual basis in alignment with business objectives. Define enterprise-wide cyber risk tolerance thresholds based on risk likelihood and impact, in alignment with the risk appetite statement to determine the acceptable risk level
  • Develop a risk management policy and standard to formalize minimum requirements, including applications impact tiering levels for evaluating criticality and prioritizations and risk acceptance
  • Establish a cyber risk management program charter and standard
  • Formalize a methodology to identify and measure risk exposure to the organization and compare against established risk tolerance thresholds
  • Establish a risk register process for risk ingestion, assessment, and remediation of identified cyber risks. Establish a centralized repository for accepted risks
  • Establish a review and approval process for accepting organizational cyber risk
  • Inventory cyber controls library in alignment with cyber risks and controls defined in the NIST CSF
  • Establish a risk assessment policy, standard, and supporting processes and procedures
  • Establish a process to validate the effectiveness of implemented controls in alignment with established policies and standards
  • Assist in identifying issues and processes which need improvement; develop and propose solutions and conduct related training and provide communications to management
  • Collaborate with other departments to develop and modify company policies as needed


  • Frequent travel required including air and car
  • While performing the duties of this job, the employee may occasionally be exposed to a warehouse environment and moving vehicles.  The noise level in the work environment is typically quiet to moderate.


Sedentary Work – Ability to exert 10 - 20 pounds of force occasionally, and/or negligible amount of force frequently to lift, carry, push, pull or otherwise move objects.  Sedentary work involves sitting most of the time, but may involve walking or standing for brief periods of time.

Note:  Floor & Decor considers all applicants for employment without regard to race, color, religion, sex, gender identity, sexual orientation, national origin, age, disability, medical condition, pregnancy, marital or familial status, veteran status, or based on any other class protected by applicable federal, state, or local law.  Floor & Decor also provides reasonable accommodations to qualified individuals with disabilities in accordance with the Americans with Disabilities Act and applicable state and local law.

This job description does not constitute an employment agreement between the employer and the employee and is subject to change by the employer at its sole discretion.

Benefits & Rewards

  • Bonus opportunities at every level

  • Career advancement opportunities

  • Relocation opportunities across the country

  • 401k with discretionary company match

  • Employee Stock Purchase Plan

  • Referral Bonus Program

  • Corporate Discount Programs

  • Medical, Dental, Vision, Life and other Insurance Plans (subject to eligibility criteria)

Equal Employment Opportunity

Floor & Decor is an equal opportunity employer and is committed to equal opportunity for all associates and applicants.  F&D recruits, hires, trains, promotes, compensates and administers all personnel actions without regard to race, color, religion, sex, sex stereotyping, pregnancy (which includes pregnancy, childbirth and medical conditions related to pregnancy, childbirth or breastfeeding), gender, gender identity, gender expression, national origin, age, mental or physical disability, ancestry, medical condition, marital status, military or veteran status, citizenship status, sexual orientation, genetic information or any other status protected by applicable law.

This policy applies to all areas of employment, including recruitment, testing, screening, hiring, selection for training, upgrading, transfer, demotion, layoff, discipline, termination, compensation, benefits and all other privileges, terms and conditions of employment.  This policy and the law prohibit employment discrimination against any associate or applicant on the basis of any legally protected status outlined above.

Apply Now

Email me about jobs like this

Not You?

Thank you, please complete your application on the following page.

Benefits & Rewards

  • Bonus opportunities at every level
  • Career advancement opportunities
  • Relocation opportunities across the country
  • 401k with company match
  • Employee Stock Purchase Plan
  • Referral Bonus Program
  • Corporate Discount Programs
  • Medical, Dental, Vision, Life and other Insurance Plans (subject to eligibility criteria)

People Also Viewed

There are currently no jobs matching this criteria