logo inner

Sr Mgr, Governance, Risk & Compliance and Privacy

ZoroOnsite

Company Summary:


Zoro is an eCommerce company that’s on a mission to help business owners get everything they need to run their businesses and thrive–from office supplies to power tools. But we’re way more than a website. We’re a team of great people with an award-winning culture. Check us out and see for yourself!

Job Summary:


The Senior Manager, Governance Risk, and Compliance (GRC) and Privacy, will be part of Zoro’s Legal and Compliance team, reporting directly to the General Counsel (GC) and will play a critical role in ensuring the company operates in adherence to all applicable legal, regulatory, and ethical standards.  In partnership with the GC, the Sr. Manager, GRC & Privacy will oversee the continued development and advancement of the company’s GRC framework with ownership of creating, implementing, and complying with Zoro's (and it’s parent company’s) policies, procedures, guidelines and standards to ensure effective risk management, compliance monitoring, and privacy program management across the organization.

Additionally, this person will be responsible for the strategic leadership, successful implementation and maintenance of Zoro programs that address IT risk management, incident response plans, business continuity/disaster recovery, and audit support. The Sr. Manager, GRC and Privacy will play a pivotal role in Zoro's implementation of and compliance with key policies, procedures, and standards.

Duties and Responsibilities:


  • Act as a liaison with external auditors, regulators, and other third parties on matters related to governance, risk, and compliance; providing strategic advice, direction and key updates to the General Counsel and executive team on risk and compliance matters, aligning GRC initiatives with business objectives. Identify, assess, and manage Zoro’s risk program; implementing the risk register and mitigation strategies and key controls to help minimize the company’s exposure.
  • Direct the development, implementation, management, and testing of Zoro's business continuity and disaster recovery program; developing and leading necessary training, awareness activities and tabletop exercises. 
  • Lead the management, implementation, and execution of Zoro's incident response management program (cyber security, technology and life safety), while developing and leading related training awareness activities and table top exercises.
  • Partner with vendor management, procurement and other key stakeholders on compliance and privacy reviews; supporting third party risk management programs and practices, including assisting with vendor reviews, monitoring, reporting and audit assistance, as needed. 
  • Build and maintain strong relationships with key stakeholders across the organization, including Technology, HR, Operations, and Marketing; serving as the primary point of contact for privacy-related inquiries from regulators, customers, and internal stakeholders, in collaboration with the Senior Privacy Analyst; leading Zoro’s privacy program and establishing Segregation of Duties (SOD) to ensure GRC and privacy considerations are integrated as well as the proper dispersion of critical processes to appropriate persons or departments.
  • Establish, implement, and manage Zoro's records management program and IT general controls to ensure the proper development and implementation of applications, as well as the integrity of programs, data files, and computer operations. 
  • Undertake risk reviews in support of Zoro’s implementation of the National Institute of Standards and Technology Cloud Security Framework (NIST CSF); engaging in end-to-end audit and risk remediation planning, resolution, and monitoring activities.
  • Supervise Zoro's compliance with Payment Card Industry Data Security Standard (PCI DSS) requirements by ensuring that Zoro's credit card payment processes are appropriately documented and controlled per the standards defined by the PCI Security Standards Council.

Minimum Qualifications:


  • Bachelor's Degree in information technology, risk management or other related fields. A master’s degree or professional certification (e.g., CISA, CRISC, CIPP, CCEP) is preferred.
  • Understanding of privacy and security standards and regulations (e.g., NIST CSF, CCPA/CPRA, PCI DSS).
  • Ability to develop policies, standards, and guidelines based on best practices and industry standards
  • Proven experience in developing and implementing GRC strategies and frameworks in a fast-paced, dynamic environment..
  • Advanced communication, project management and analytical and problem-solving skills, with the ability to navigate complex regulatory landscapes and make sound decisions under pressure.

Zoro Values and Inclusive Culture:  Zoro is dedicated to fostering an environment where people of all backgrounds and beliefs are represented and valued. We aim to empower all of our employees to learn about, raise awareness of, and promote diversity and inclusion through all of our workplace interactions. Zoro is a place where everyone can learn, grow, and thrive. We are committed to equal employment opportunities regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender, gender identity or expression, or veteran status.

We are proud to be an equal opportunity workplace.

Life at Zoro

Thrive Here & What We Value* Diversity and inclusion in all interactions* Equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender, gender identity or expression, or veteran status* Empowering employees to promote diversity and inclusion* Valuing people from all backgrounds and beliefs* Fostering an inclusive environment for everyone* Commitment to equal opportunity employment* Promoting awareness of diverse perspectives* Encouraging representation across the company* Supporting employees' growth in diversity understanding* Embracing a variety of cultures and identities within the workplace
Your tracker settings

We use cookies and similar methods to recognize visitors and remember their preferences. We also use them to measure ad campaign effectiveness, target ads and analyze site traffic. To learn more about these methods, including how to disable them, view our Cookie Policy or Privacy Policy.

By tapping `Accept`, you consent to the use of these methods by us and third parties. You can always change your tracker preferences by visiting our Cookie Policy.

logo innerThatStartupJob
Discover the best startup and their job positions, all in one place.
Copyright © 2024