"Candidates must be authorized to work in the United States without the need for current or future visa sponsorship."

Role Overview

We are seeking a highly motivated and experienced GRC Manager to lead and mature our cybersecurity governance, risk, and compliance program across a complex retail ecosystem supporting60,000+ associates, thousands of brick-and-mortar stores, distribution centers, corporate offices, datacenters, and multi-cloud environments.

This role will play a critical part in supporting our ongoing divestiture and Transition Services Agreement (TSA) journey initially, helping establish independent governance structures while ensuring continued alignment with shared services and transitional operating models.

The GRC Manager will partner closely with internal stakeholders, legacy service providers, and Business Process Outsourcing (BPO) partners to ensure risk visibility, compliance assurance, and control ownership clarity across both transitional and steady-state environments.

The ideal candidate is both strategic and execution-oriented, capable of operating effectively in environments undergoing transformation while building scalable governance frameworks for the future state.

Key Responsibilities

Governance & Program Leadership

• Lead the enterprise cybersecurity governance framework aligned to NIST CSF / NIST 800-53 / ISO 27001.
• Support the design and maturation of governance structures as the organization transitions through TSA toward a standalone operating model.
• Own and maintain the cybersecurity policy, standards, and control framework lifecycle.
• Establish governance forums and reporting cadence with executive leadership.
• Drive maturity roadmap aligned to organizational risk appetite and separation milestones.
• Ensure governance processes are embedded across internal teams, TSA providers, and BPO partners.

Risk Management

• Manage the enterprise cyber risk program including risk identification, assessment, treatment, and reporting.
• Assess risks related to shared services, transitional architectures, and separation activities.
• Facilitate risk assessments across cloud, retail stores, supply chain, datacenters, and enterprise applications.
• Maintain enterprise risk register and track remediation progress across internal teams, TSA providers, and BPO partners.
• Partner with architecture and engineering teams to embed risk-based decision making during separation initiatives.

Compliance & Regulatory Oversight

• Lead compliance efforts across relevant frameworks including:PCI DSS
• SOX ITGC
• Privacy / Data Protection requirements
• State and federal regulatory obligations
• Support compliance activities during TSA including shared control environments and inherited controls.
• Coordinate internal and external audits and manage evidence collection.
• Ensure continuous compliance monitoring across environments including controls operated by TSA and BPO providers.
• Validate adherence to contractual security and compliance obligations.

Third Party & TSA Risk Management

• Oversee vendor risk assessments across SaaS, supply chain, TSA providers, and service partners.
• Serve as the primary GRC liaison for cybersecurity BPO providers and transitional service providers.
• Monitor vendor, TSA, and BPO risk posture, performance metrics, and remediation activities.
• Partner with procurement and legal on risk reviews and contractual security requirements.

BPO Governance & Oversight

• Establish governance cadence with BPO partners including operational reviews and risk forums.
• Define and monitor security KPIs/KRIs and SLAs tied to BPO services.
• Ensure clear accountability and control ownership between internal teams, TSA providers, and BPO.
• Support continuous improvement initiatives with BPO providers to enhance control maturity.

Metrics, Reporting & Executive Communication

• Develop and maintain cyber risk dashboards and KPIs/KRIs aligned to separation milestones.
• Provide regular reporting to executive leadership and governance councils.
• Translate technical risk into business impact for decision making.

Cross Functional Collaboration

• Partner with Security Operations, Engineering, Privacy, Legal, Internal Audit, and IT.
• Support secure transformation initiatives including cloud migration and retail technology modernization.
• Provide governance support for separation programs and new capability buildouts.
• Drive security awareness from a governance and risk perspective.

Required Qualifications

• Bachelor’s degree in Cybersecurity, Information Security, IT, Risk Management, or related field.
• 7–8 years of experience in cybersecurity, risk, compliance, or audit roles.
• Experience operating in a large enterprise environment with distributed infrastructure.
• Experience supporting transformational programs, divestitures, or large-scale operating model changes.
• Experience working with or overseeing BPO / managed service providers in a cybersecurity or IT risk capacity.
• Strong understanding of cybersecurity frameworks (NIST CSF, ISO 27001, COBIT).
• Experience supporting regulatory audits (PCI, SOX, privacy).
• Experience with risk management methodologies and control frameworks.
• Strong stakeholder management and communication skills.

Preferred Qualifications

• Experience in retail, logistics, or highly distributed environments.
• Experience supporting multi-cloud environments (AWS, Azure, GCP).
• Professional certifications such as:CISSP
• CISM
• CRISC
• CISA
• Experience with GRC platforms (Service Now GRC, Archer, One Trust, Auditboard etc.).
• Experience working in TSA or shared services environments.

Leadership Competencies

• Strategic thinker with strong execution discipline
• Ability to operate effectively in ambiguous and evolving environments
• Strong analytical and problem-solving skills
• Executive presence and communication ability
• Collaborative and people-focused leadership style
• Strong vendor and partner management capability

Family Dollar is an equal opportunity employer and committed to recruiting, hiring, training, and promoting qualified people of all backgrounds, and make all employment decisions without regard to any protected status. We are committed to complying with the Americans with Disabilities Act (ADA) and providing reasonable accommodations to qualified individuals with disabilities.

Full time

510 Volvo Parkway,Chesapeake,Virginia 23320

IT Security

Family Dollar