
About Advance Auto Parts
Founded in Roanoke, VA in 1932, Advance Auto Parts is a leading automotive aftermarket retail parts provider that serves both professional installer and do-it-yourself Customers. As of July 13, 2019, Advance operated 4,912 stores and 150 Worldpac branches in the United States, Canada, Puerto Rico, and the U.S. Virgin Islands. The Company also serves 1,250 independently owned CARQUEST branded stores across these locations in addition to Mexico, the Bahamas, Turks, and Caicos and the British Virgin Islands. The company has a workforce of over 70,000 knowledgeable and experienced Team Members who are proud to provide outstanding service to their Customers, Communities, and each other every day.
About Advance India Innovation Center (AIIC):
We are continually innovating and seeking to elevate the Customer experience at each of our stores. For an organization of our size and reach, today, it has become more critical than ever, to identify synergies and build shared capabilities. The Advance India Innovation Center (AIIC), located in Hyderabad, is a step in this strategic direction that enables us to access a larger talent pool, unlock operational efficiencies and increase levels of collaboration.
Position Summary
The Director of Cybersecurity Compliance is responsible for leading the enterprise cybersecurity compliance program to ensure the organization meets applicable regulatory, contractual, industry, audit, and internal control requirements. This role leads the enterprise cybersecurity compliance function across regulatory, contractual, audit, and internal policy obligations and establishes a scalable operating model for a large, complex enterprise.
In a Fortune 500 environment, this role operates at enterprise scale and partners closely with Information Security, IT, Legal, Privacy, Enterprise Risk Management, Internal Audit, Compliance, Procurement, Finance, and business leadership. The Director ensures cybersecurity controls are designed, implemented, documented, monitored, and tested effectively; drives audit readiness and disciplined remediation governance; and provides executive visibility into cybersecurity compliance posture, control gaps, regulatory exposure, and program maturity.
This leader must translate complex cybersecurity, regulatory, and control requirements into practical enterprise processes that support business objectives while reducing cyber, regulatory, operational, legal, and reputational risk. The role also partners across the enterprise to embed cybersecurity compliance into technology, business, vendor, and risk management processes.
Key Responsibilities
Cybersecurity Compliance Program Leadership
Lead the enterprise cybersecurity compliance program, including strategy, roadmap, governance, operating model, procedures, control oversight, compliance monitoring, and reporting.
Define and maintain cybersecurity compliance requirements aligned to applicable laws, regulations, industry standards, contractual obligations, and internal cybersecurity policies.
Establish a risk-based approach for evaluating cybersecurity compliance across enterprise systems, business processes, applications, infrastructure, cloud environments, third parties, and critical technology services.
Drive maturity of cybersecurity compliance processes, including control mapping, evidence management, issue tracking, audit support, reporting, and remediation governance.
Serve as a senior cybersecurity compliance advisor to executive leadership, technology leaders, business stakeholders, Legal, Privacy, Enterprise Risk, Internal Audit, and Compliance teams.
Ensure cybersecurity compliance activities are aligned to enterprise cyber strategy, risk appetite, regulatory expectations, and business priorities.
Regulatory, Framework, and Control Alignment
Oversee alignment of cybersecurity controls and compliance activities to NIST CSF 2.0, NIST SP 800-53, NIST SP 800-171 where applicable, SOC 2 Trust Services Criteria, PCI DSS, SOX IT General Controls, HIPAA/HITECH where applicable, GLBA where applicable, GDPR, CCPA/CPRA, SEC cybersecurity disclosure expectations where applicable, and customer or contractual cybersecurity requirements.
Maintain a common control framework that rationalizes cybersecurity requirements across multiple regulatory and audit obligations.
Partner with control owners to ensure cybersecurity controls are clearly defined, assigned, documented, tested, and evidenced.
Identify control gaps, maturity opportunities, and overlapping requirements to improve efficiency and reduce compliance burden.
Ensure compliance expectations are embedded into security architecture, identity and access management, vulnerability management, cloud security, incident response, data protection, application security, third-party risk, and business continuity processes.
Audit Readiness and Assurance
Lead cybersecurity compliance support for internal audits, external audits, regulatory examinations, customer assessments, SOX testing, PCI assessments, SOC reporting, and other assurance activities.
Coordinate audit planning, evidence collection, walkthroughs, control owner engagement, management responses, remediation commitments, and closure validation.
Establish repeatable evidence management processes to ensure timely, accurate, and complete responses to audit and compliance requests.
Review audit findings and control deficiencies to assess root cause, risk impact, compensating controls, and remediation approach.
Drive reduction of repeat findings through stronger control ownership, accountability, monitoring, and remediation governance.
Partner with Internal Audit, Enterprise Risk, Legal, Privacy, and Compliance to ensure cybersecurity audit activities are coordinated and aligned to enterprise risk priorities.
Cybersecurity Policy, Standards, and Governance
Own or support the development, maintenance, and enforcement of cybersecurity policies, standards, procedures, and control requirements.
Ensure cybersecurity policies and standards reflect current regulatory expectations, threat landscape, enterprise risk appetite, business operations, and technology environment.
Establish governance processes for policy exceptions, control deviations, compensating controls, and risk acceptances.
Partner with cybersecurity domain leaders to ensure policies are practical, measurable, enforceable, and aligned to operational capabilities.
Track policy adherence and report non-compliance trends to appropriate governance forums.
Support executive and board-level reporting related to cybersecurity governance, compliance posture, audit readiness, and control maturity.
Control Testing, Monitoring, and Remediation
Establish and oversee a cybersecurity control monitoring and testing program to evaluate the effectiveness of key security controls.
Define control testing schedules, procedures, evidence requirements, sampling methods, control ownership, and quality standards.
Monitor compliance with cybersecurity controls across enterprise technology environments, including cloud, infrastructure, applications, identity platforms, endpoints, networks, data repositories, and third-party services.
Track cybersecurity compliance issues, audit findings, control gaps, policy exceptions, and remediation plans through closure.
Ensure remediation plans include clear ownership, milestones, due dates, risk prioritization, and validation criteria.
Escalate overdue, high-risk, or under-resourced remediation activities through appropriate governance channels.
Validate closure of cybersecurity findings and ensure evidence supports sustainable remediation.
Cyber Risk and Compliance Reporting
Develop executive-level reporting on cybersecurity compliance posture, control effectiveness, audit findings, remediation status, regulatory obligations, policy exceptions, and program maturity.
Establish meaningful compliance metrics and key risk indicators, including open audit findings by severity and age, control testing pass/fail rates, remediation aging, policy exception trends, compliance coverage, evidence request cycle time, repeat finding rate, control owner accountability, and regulatory readiness status.
Translate detailed control and compliance issues into clear business risk narratives for executive leadership.
Prepare materials for cybersecurity governance forums, enterprise risk committees, audit committees, executive leadership meetings, and board reporting as needed.
Provide >
California Residents click below for Privacy Notice: