Dir, IT GRC Job Details | Tractor Supply Company

Overall Job Summary

The Director, IT Governance, Risk, and Compliance (GRC), Privacy, and Business Continuity Planning/Disaster Recovery (BCP/DR) is responsible for developing, implementing, and maturing IT GRC programs to align with business objectives and regulatory requirements. This leader will drive enhancements to existing policies, standards, and frameworks while overseeing IT risk management, third-party risk management, privacy, and business continuity/disaster recovery (BCP/DR) programs.
This role requires a strategic thinker with deep expertise in IT governance, risk assessment methodologies, and compliance frameworks.  The Director will collaborate with cross-functional stakeholders to build a strong risk-aware culture and ensure operational resilience in an evolving threat and regulatory landscape.

Essential Duties and Responsibilities (Min 5%)

Governance, Policy, and Compliance:

• Lead the development and continuous improvement of IT governance policies, standards, and controls to align with industry best practices (e.g., NIST, ISO 27001).
• Establish and maintain IT compliance programs to ensure adherence to regulatory requirements such as SOX, PCI DSS, CCPA and emerging privacy laws.
• Partner with internal audit, legal, and enterprise risk management teams to address compliance gaps and remediation plans.
• Provide regular reporting and metrics on IT GRC performance to executive leadership and governance committees.

IT Risk and Third-Party Risk Management:

• Mature the existing IT risk management program, ensuring a risk-based approach to security and compliance.
• Develop and maintain the enterprise IT risk register, conducting regular risk report outs, assessments, and mitigation planning.
• Lead and enhance the third-party risk management (TPRM) program, including vendor risk assessments, contract reviews, and ongoing monitoring of third-party security and compliance risks.
• Collaborate with procurement, legal, and business units to enforce security and privacy requirements in third-party agreements.

Privacy Program Management:

• Oversee the IT privacy program, ensuring alignment with legal and regulatory obligations such as CCPA, ColoPA, CTDPA, and other domestic data privacy laws.
• Work closely with legal and data governance teams to manage data protection impact assessments (DPIAs) and privacy compliance initiatives.
• Develop privacy risk assessments and ensure controls are in place for data protection, access management, and breach response.
• Provide guidance on privacy by design principles for IT systems and projects.

Business Continuity and Disaster Recovery (BCP/DR):

• Lead the development and maturation of the Business Continuity and Disaster Recovery (BCP/DR) program to ensure IT resilience.
• Collaborate with IT and business stakeholders to conduct business impact analyses (BIA) and develop contingency plans.
• Oversee testing and continuous improvement of disaster recovery procedures, ensuring minimal disruption in the event of incidents.
• Align BCP/DR strategies with enterprise risk management and operational resilience objectives.

Leadership and Collaboration:

• Lead and develop a team of IT GRC professionals, fostering a culture of accountability and continuous improvement.
• Work closely with IT, security, legal, compliance, and business leaders to integrate GRC initiatives across the enterprise.
• Serve as a subject matter expert and trusted advisor to senior leadership on IT risk, compliance, and privacy matters.

Required Qualifications

Experience: 10 years of progressive cybersecurity, IT risk, and compliance experience. Relevant experience in retail, Big4 or enterprise IT audit, and security consulting is preferred.  Deep knowledge and practical experience in enterprise IT risk management programs using NIST, FAIR, ISO, and other relevant IT control frameworks.  Deep knowledge and practical experience with PCI, SOX, IT General Controls, and third-party risk management.

Education: Bachelor's degree in Computer Science, Cybersecurity, Information Security or related technical field from an accredited college or university.  Advanced degree in Cybersecurity or Risk Management is a plus.  Any suitable combination of education and experience will be considered.

Professional Certifications: CISSP, CISM, CRISC, CIPM, CISA, CBCP (Certified Business Continuity Professional) or another relevant security or governance certification(s) desired.

High Demand IT specialized skills: GRC Tools knowledge preferred

Platform knowledge (UNIX, Linus, Windows): AWS, Azure, or GCP preferred

Preferred knowledge, skills or abilities

• Experience with GRC tools (e.g., Archer, OneTrust, ServiceNow GRC, Onspring).
• Knowledge of cloud governance and compliance considerations (AWS, Azure, GCP).
• Strong analytical and problem-solving skills with a focus on risk-based decision-making.
• Understanding of AI governance and risk management, including ethical AI principles, AI/ML security risks, and regulatory considerations around AI deployment.
• Familiarity with emerging AI compliance frameworks, such as the EU AI Act, NIST AI RMF, and industry best practices for responsible AI use.
• Technical writing and documentation expertise, with ability to translate complex technical concepts for varied audiences.
• Demonstrated experience leading organizational transformation while maintaining operational excellence.
• Strong analytical and problem-solving capabilities with focus on continuous improvement.

Working Conditions

Physical Requirements

Disclaimer

This job description represents an overview of the responsibilities for the above referenced position.  It is not intended to represent a comprehensive list of responsibilities.  A team member should perform all duties as assigned by his/ her supervisor.

Company Info

At Tractor Supply and Petsense by Tractor Supply, our Team Members are the heart of our success. Their dedication, passion, and hard work drive everything we do, and we are committed to supporting them with a comprehensive and accessible total reward package. We understand the evolving needs of our Team Members and their families, and we strive to offer meaningful, competitive, and sustainable benefits that support their well-being today and in the future.
Our benefits extend beyond medical, dental, and vision coverage, including company-paid life and disability insurance, paid parental leave, tuition reimbursement, and family planning resources such as adoption and surrogacy assistance, for eligible Team Members. While all Team Members have access to a broad range of rewards, eligibility and specific offerings may vary depending on the role, individual plan requirements and eligibility criteria.