Sr Mgr, Governance, Risk & Compliance and Privacy

Posted 4 Days Ago
Chicago, IL
Senior level
eCommerce • Information Technology • Retail • Industrial
The Role
The Sr. Manager of Governance, Risk & Compliance and Privacy will oversee Zoro's GRC framework, ensuring adherence to legal standards, managing risk programs, and facilitating compliance monitoring. Responsibilities include developing business continuity plans, leading incident response management, supporting vendor compliance reviews, and collaborating with stakeholders to enhance the privacy program.
Summary Generated by Built In

Company Summary:

Zoro is an eCommerce company that’s on a mission to help business owners get everything they need to run their businesses and thrive–from office supplies to power tools. But we’re way more than a website. We’re a team of great people with an award-winning culture. Check us out and see for yourself!

Job Summary:

The Senior Manager, Governance Risk, and Compliance (GRC) and Privacy, will be part of Zoro’s Legal and Compliance team, reporting directly to the General Counsel (GC) and will play a critical role in ensuring the company operates in adherence to all applicable legal, regulatory, and ethical standards.  

In partnership with the GC, the Sr. Manager, GRC & Privacy will oversee the continued development and advancement of the company’s GRC framework with ownership of creating, implementing, and complying with Zoro's (and it’s parent company’s) policies, procedures, guidelines and standards to ensure effective risk management, compliance monitoring, and privacy program management across the organization. Additionally, this person will be responsible for the strategic leadership, successful implementation and maintenance of Zoro programs that address IT risk management, incident response plans, business continuity/disaster recovery, and audit support. The Sr. Manager, GRC and Privacy will play a pivotal role in Zoro's implementation of and compliance with key policies, procedures, and standards.

Duties and Responsibilities:

  • Act as a liaison with external auditors, regulators, and other third parties on matters related to governance, risk, and compliance; providing strategic advice, direction and key updates to the General Counsel and executive team on risk and compliance matters, aligning GRC initiatives with business objectives. Identify, assess, and manage Zoro’s risk program; implementing the risk register and mitigation strategies and key controls to help minimize the company’s exposure.
  • Direct the development, implementation, management, and testing of Zoro's business continuity and disaster recovery program; developing and leading necessary training, awareness activities and tabletop exercises. 
  • Lead the management, implementation, and execution of Zoro's incident response management program (cyber security, technology and life safety), while developing and leading related training awareness activities and table top exercises.
  • Partner with vendor management, procurement and other key stakeholders on compliance and privacy reviews; supporting third party risk management programs and practices, including assisting with vendor reviews, monitoring, reporting and audit assistance, as needed. 
  • Build and maintain strong relationships with key stakeholders across the organization, including Technology, HR, Operations, and Marketing; serving as the primary point of contact for privacy-related inquiries from regulators, customers, and internal stakeholders, in collaboration with the Senior Privacy Analyst; leading Zoro’s privacy program and establishing Segregation of Duties (SOD) to ensure GRC and privacy considerations are integrated as well as the proper dispersion of critical processes to appropriate persons or departments.
  • Establish, implement, and manage Zoro's records management program and IT general controls to ensure the proper development and implementation of applications, as well as the integrity of programs, data files, and computer operations. 
  • Undertake risk reviews in support of Zoro’s implementation of the National Institute of Standards and Technology Cloud Security Framework (NIST CSF); engaging in end-to-end audit and risk remediation planning, resolution, and monitoring activities.
  • Supervise Zoro's compliance with Payment Card Industry Data Security Standard (PCI DSS) requirements by ensuring that Zoro's credit card payment processes are appropriately documented and controlled per the standards defined by the PCI Security Standards Council.

Minimum Qualifications:

  • Bachelor's Degree in information technology, risk management or other related fields. A master’s degree or professional certification (e.g., CISA, CRISC, CIPP, CCEP) is preferred.
  • Understanding of privacy and security standards and regulations (e.g., NIST CSF, CCPA/CPRA, PCI DSS).
  • Ability to develop policies, standards, and guidelines based on best practices and industry standards
  • Proven experience in developing and implementing GRC strategies and frameworks in a fast-paced, dynamic environment..
  • Advanced communication, project management and analytical and problem-solving skills, with the ability to navigate complex regulatory landscapes and make sound decisions under pressure.

Zoro Values and Inclusive Culture:  

Zoro is dedicated to fostering an environment where people of all backgrounds and beliefs are represented and valued. We aim to empower all of our employees to learn about, raise awareness of, and promote diversity and inclusion through all of our workplace interactions. Zoro is a place where everyone can learn, grow, and thrive. 

We are committed to equal employment opportunities regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender, gender identity or expression, or veteran status. We are proud to be an equal opportunity workplace.


Top Skills

Nist Csf

What the Team is Saying

Anupama
Geremy
Margaret
The Company
HQ: Chicago, IL
620 Employees
Hybrid Workplace
Year Founded: 2011

What We Do

Our e-commerce website has everything businesses and consumers need to make their business go, at prices that make sense. We have over 10 million products on our website (and counting) to help your business run that are shipped fast and often free. Throw in our award-winning workplace culture and you’ll find Zoro an amazing place to work and grow!

Why Work With Us

We've worked hard to foster a unique company culture built on transparency, collaboration, and innovation. We've also won a number of awards for our company culture along the way. Of course, it's not the awards that matter—it's the people. We pride ourselves on building a culture that allows our team members to bring their authentic selves to work!

Gallery

Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery

Zoro Offices

Hybrid Workspace

Employees engage in a combination of remote and on-site work.

Our headquarters are conveniently located in Downtown Chicago, above the Ogilvie Transportation Center. Zoro employees can choose to work on-site, remotely or hybrid to experience the best of both worlds!

Typical time on-site: Flexible
HQChicago, IL
Our headquarters are conveniently located in Downtown Chicago, above the Ogilvie Transportation Center. Zoro employees can choose to work on-site, remotely or hybrid to experience the best of both worlds!

Similar Jobs

Zoro Logo Zoro

Continuous Improvement Manager

eCommerce • Information Technology • Retail • Industrial
Chicago, IL, USA
620 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account