Technology - Director, Cybersecurity Compliance
Apex Systems, Raleigh, NC, United States
Director, Cybersecurity Compliance
Function: Information Security - Governance, Risk & Compliance (GRC)
Reports To: Chief Information Security Officer (CISO)
Position Summary
The Director, Cybersecurity Compliance is responsible for establishing, leading, and overseeing Advance Auto Parts' enterprise wide cybersecurity compliance program. This role ensures the organization consistently meets applicable regulatory, legal, and industry cybersecurity requirements while maintaining a repeatable, auditable, and scalable compliance posture.
Operating within the Information Security GRC function, this position translates cybersecurity strategy into documented, monitored, and measurable compliance execution, supporting audit readiness, risk transparency, and executive decision making.
________________________________________
Key Responsibilities
Cybersecurity Compliance Program Leadership
• Establish and operate an enterprise wide cybersecurity compliance program that reduces risk and strengthens audit readiness.
• Provide strategic direction and oversight for cybersecurity compliance activities across the organization.
• Ensure alignment between cybersecurity compliance efforts, business objectives, and enterprise risk appetite.
Regulatory, Framework & Standards Oversight
• Lead compliance efforts related to regulatory, legal, and industry frameworks, including but not limited to SOX, PCI, HIPAA, and NIST CSF.
• Oversee the selection, maintenance, and mapping of cybersecurity controls to applicable frameworks and requirements.
• Ensure policies, standards, and controls are reviewed and updated in response to regulatory changes and evolving industry expectations.
Audit, Monitoring & Evidence Management
• Oversee continuous compliance monitoring, including control testing, evidence collection, and remediation tracking.
• Support internal and external audits by ensuring availability of accurate, complete, and timely compliance evidence.
• Maintain a sustained audit ready posture through repeatable and scalable compliance processes.
Governance, Accountability & Risk Management
• Define and enforce roles, responsibilities, and accountability for cybersecurity compliance across system owners, IT operations, and business stakeholders.
• Facilitate governance and escalation for compliance gaps, remediation delays, and risk acceptance decisions.
• Partner with Enterprise Risk Management to ensure cybersecurity compliance outcomes are reflected in enterprise risk reporting.
Reporting & Executive Engagement
• Provide regular compliance reporting to executive leadership, including compliance status, remediation progress, and key risk indicators.
• Support leadership and Board level discussions by delivering clear, risk based compliance insights.
• Promote transparency and consistency in compliance measurement and reporting across the organization.
Tooling & Enablement
• Oversee governance and use of OneTrust (or equivalent GRC tooling) for compliance workflows, evidence management, and reporting.
• Drive automation and standardization to improve efficiency, consistency, and reuse of compliance evidence across frameworks.
________________________________________
Required Qualifications
• Bachelor's degree in Information Security, Information Systems, Risk Management, or a related field, or equivalent professional experience.
• 8+ years of experience in cybersecurity, information security governance, risk, or compliance, with demonstrated leadership at the enterprise level.
• Strong knowledge of cybersecurity regulatory and compliance frameworks and how they apply in a large, complex enterprise environment.
• Experience leading compliance programs that support audit readiness and regulatory scrutiny.
• Proven ability to engage executive stakeholders and translate technical compliance requirements into business relevant insights.
________________________________________
Preferred Qualifications
• Experience implementing or operating a cybersecurity compliance program within a retail, consumer, or highly regulated environment.
• Experience leveraging GRC platforms (e.g., OneTrust) for compliance management and reporting.
• Professional certifications such as CISSP, CISM, CRISC, or similar.
EEO Employer
Apex Systems is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at [email protected] or 844-463-6178.
Apex Systems is a world-class IT services company that serves thousands of clients across the globe. When you join Apex, you become part of a team that values innovation, collaboration, and continuous learning. We offer quality career resources, training, certifications, development opportunities, and a comprehensive benefits package. Our commitment to excellence is reflected in many awards, including ClearlyRated's Best of Staffing® in Talent Satisfaction in the United States and Great Place to Work® in the United Kingdom and Mexico. Apex uses a virtual recruiter as part of the application process. Click here for more details.
Apex Benefits Overview:
Apex offers a range of supplemental benefits, including medical, dental, vision, life, disability, and other insurance plans that offer an optional layer of financial protection. We offer an ESPP (employee stock purchase program) and a 401K program which allows you to contribute typically within 30 days of starting, with a company match after 12 months of tenure. Apex also offers a HSA (Health Savings Account on the HDHP plan), a SupportLinc Employee Assistance Program (EAP) with up to 8 free counseling sessions, a corporate discount savings program and other discounts. In terms of professional development, Apex hosts an on-demand training program, provides access to certification prep and a library of technical and leadership courses/books/seminars once you have 6+ months of tenure, and certification discounts and other perks to associations that include CompTIA and IIBA. Apex has a dedicated customer service team for our Consultants that can address questions around benefits and other resources, as well as a certified Career Coach. You can access a full list of our benefits, programs, support teams and resources within our 'Welcome Packet' as well, which an Apex team member can provide.
Function: Information Security - Governance, Risk & Compliance (GRC)
Reports To: Chief Information Security Officer (CISO)
Position Summary
The Director, Cybersecurity Compliance is responsible for establishing, leading, and overseeing Advance Auto Parts' enterprise wide cybersecurity compliance program. This role ensures the organization consistently meets applicable regulatory, legal, and industry cybersecurity requirements while maintaining a repeatable, auditable, and scalable compliance posture.
Operating within the Information Security GRC function, this position translates cybersecurity strategy into documented, monitored, and measurable compliance execution, supporting audit readiness, risk transparency, and executive decision making.
________________________________________
Key Responsibilities
Cybersecurity Compliance Program Leadership
• Establish and operate an enterprise wide cybersecurity compliance program that reduces risk and strengthens audit readiness.
• Provide strategic direction and oversight for cybersecurity compliance activities across the organization.
• Ensure alignment between cybersecurity compliance efforts, business objectives, and enterprise risk appetite.
Regulatory, Framework & Standards Oversight
• Lead compliance efforts related to regulatory, legal, and industry frameworks, including but not limited to SOX, PCI, HIPAA, and NIST CSF.
• Oversee the selection, maintenance, and mapping of cybersecurity controls to applicable frameworks and requirements.
• Ensure policies, standards, and controls are reviewed and updated in response to regulatory changes and evolving industry expectations.
Audit, Monitoring & Evidence Management
• Oversee continuous compliance monitoring, including control testing, evidence collection, and remediation tracking.
• Support internal and external audits by ensuring availability of accurate, complete, and timely compliance evidence.
• Maintain a sustained audit ready posture through repeatable and scalable compliance processes.
Governance, Accountability & Risk Management
• Define and enforce roles, responsibilities, and accountability for cybersecurity compliance across system owners, IT operations, and business stakeholders.
• Facilitate governance and escalation for compliance gaps, remediation delays, and risk acceptance decisions.
• Partner with Enterprise Risk Management to ensure cybersecurity compliance outcomes are reflected in enterprise risk reporting.
Reporting & Executive Engagement
• Provide regular compliance reporting to executive leadership, including compliance status, remediation progress, and key risk indicators.
• Support leadership and Board level discussions by delivering clear, risk based compliance insights.
• Promote transparency and consistency in compliance measurement and reporting across the organization.
Tooling & Enablement
• Oversee governance and use of OneTrust (or equivalent GRC tooling) for compliance workflows, evidence management, and reporting.
• Drive automation and standardization to improve efficiency, consistency, and reuse of compliance evidence across frameworks.
________________________________________
Required Qualifications
• Bachelor's degree in Information Security, Information Systems, Risk Management, or a related field, or equivalent professional experience.
• 8+ years of experience in cybersecurity, information security governance, risk, or compliance, with demonstrated leadership at the enterprise level.
• Strong knowledge of cybersecurity regulatory and compliance frameworks and how they apply in a large, complex enterprise environment.
• Experience leading compliance programs that support audit readiness and regulatory scrutiny.
• Proven ability to engage executive stakeholders and translate technical compliance requirements into business relevant insights.
________________________________________
Preferred Qualifications
• Experience implementing or operating a cybersecurity compliance program within a retail, consumer, or highly regulated environment.
• Experience leveraging GRC platforms (e.g., OneTrust) for compliance management and reporting.
• Professional certifications such as CISSP, CISM, CRISC, or similar.
EEO Employer
Apex Systems is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at [email protected] or 844-463-6178.
Apex Systems is a world-class IT services company that serves thousands of clients across the globe. When you join Apex, you become part of a team that values innovation, collaboration, and continuous learning. We offer quality career resources, training, certifications, development opportunities, and a comprehensive benefits package. Our commitment to excellence is reflected in many awards, including ClearlyRated's Best of Staffing® in Talent Satisfaction in the United States and Great Place to Work® in the United Kingdom and Mexico. Apex uses a virtual recruiter as part of the application process. Click here for more details.
Apex Benefits Overview:
Apex offers a range of supplemental benefits, including medical, dental, vision, life, disability, and other insurance plans that offer an optional layer of financial protection. We offer an ESPP (employee stock purchase program) and a 401K program which allows you to contribute typically within 30 days of starting, with a company match after 12 months of tenure. Apex also offers a HSA (Health Savings Account on the HDHP plan), a SupportLinc Employee Assistance Program (EAP) with up to 8 free counseling sessions, a corporate discount savings program and other discounts. In terms of professional development, Apex hosts an on-demand training program, provides access to certification prep and a library of technical and leadership courses/books/seminars once you have 6+ months of tenure, and certification discounts and other perks to associations that include CompTIA and IIBA. Apex has a dedicated customer service team for our Consultants that can address questions around benefits and other resources, as well as a certified Career Coach. You can access a full list of our benefits, programs, support teams and resources within our 'Welcome Packet' as well, which an Apex team member can provide.