Manager - GRC Security Maturity and Enablement
Apply NowCompany: Costco
Location: Issaquah, WA 98027
Description:
As a member of the IT Management Team, you are responsible for managing, developing, and leading a team of employees. Your role includes leading the specific functional responsibilities of your team, which involves overseeing team performance and deliverables. However, your role as a leader within our organization requires more than the management of resources and day-to-day operations. As a steward of the company, you are charged with the development and execution of your team's strategic vision and plan and ensuring that your team's actions align with the larger goals of the company and the IT Division.
As a key leader within the Security Compliance Management team, this position will develop the strategic vision, and execution for our enterprise governance compliance program. Beyond managing day-to-day operations, you will play a pivotal role in aligning governance initiatives with broader company and IT Division objectives, ensuring regulatory compliance while enabling business growth.
The GRC Manager is essential to the establishment of a robust and scalable governance structure. This role will ensure enterprise-wide security policies and standards are developed and maintained. Additionally, it will drive alignment between regulatory requirements and industry best practices.
As the primary conduit between your employees and upper leadership, your role in communicating and modeling the values and guiding principles of our company culture is of vital importance. All members of IT Management should strive to consciously and consistently foster a culture of engagement, trust, and "open door" communication.
Essential Functions / Job Duties
INTEGRITY: When achieving benchmarks and goals, use methods/strategies that are consistent with the Code of Ethics and the Standard of Ethics for Managers and Supervisors. Always leads by example. Appropriately handles employee concerns and follows through to resolution.
MEMBER SERVICE: Provides and ensures staff provides an exceptional member experience.
ADMINISTRATION: Ensures proper department coverage (writing schedule and break aids if needed). Understands department budget, able to research and explain budget variances.
MANAGING PERFORMANCE: Coaches and mentors employees to provide support and guidance. Has regular open and honest conversations with employees to discuss work performance and career development. Identifies learning opportunities to strengthen employee knowledge, skill and ability.
COMMUNICATION: Regularly shares information with employees via meetings and one-on-one conversations. Successfully navigates difficult conversations with employees, members, and suppliers. Listens, expresses empathy and adapts to get points across. Addresses issues immediately to ensure a timely resolution and to avoid escalating the situation. Consistently demonstrates business knowledge during interactions with senior management.
SELF-MANAGEMENT: Demonstrates sound judgment, taking a partner when necessary. Ability to maintain self-control in the face of hostility or provocation or in intense, hectic situations.
INCLUSION: Encourages different approaches and ideas to work and to accomplish goals. Seeks employee input. Takes the time to get to know or reach out to candidates who show potential that may not come forward on their own.
COMPLIANCE AND SAFETY: Takes measures to ensure employee and member information is kept confidential and adheres to IS security policy.
POLICY AND STANDARDS MANAGEMENT: Develop and maintain enterprise security policies, standards, and guidelines Ensure alignment with business objectives and industry standards such as PCI DSS, HIPAA, NIST CSF, and CIS 18. Partner with stakeholders to embed policies into operational processes and provide governance oversight.
MATURITY & CONTROLS FRAMEWORK: Define and maintain Costco common controls, ensuring alignment with regulatory and industry frameworks. Establish a central maturity measurement approach. Consolidate and manage regulatory requirements across global business units to ensure compliance and reduce redundancy. Develop future-state governance and executive reporting to enable risk-based decision-making.
STRATEGIC GOVERNANCE & RISK-BASED DECISION MAKING: Standardize security governance processes to improve visibility and executive reporting. Ensure strategic alignment between policy enforcement, compliance initiatives, and business objectives. move
PROGRAM MATURITY: Drive continuous improvement of the program by fostering a culture of awareness and operational excellence. Implement scalable solutions to minimize risks that could result in reputational damage or business disruptions.
BUSINESS ENABLEMENT & GLOBAL EXPANSION: Embed compliance into business strategies to eliminate regulatory barriers and enable entry into new markets, supporting the company's growth and innovation objectives.
This is a full-time management/leadership position (45 hours per week).
Regular and reliable workplace attendance at your assigned location.
Ability to operate vehicles, equipment or machinery
Computer, phone, printer, copier, fax
Non-Essential Functions
Assists in other areas of the department as necessary.
Assists in other areas of the company as necessary.
Ability to operate vehicles, equipment or machinery
Same as Essential Functions
Experience, Skills, Education & Licenses/Certifications
Required:
8 years experience in security/compliance risk management, policy management, and compliance within a large enterprise.
3 years experience leading security, compliance, or risk teams in management of supervisory role preferred.
Proven track record in developing, enforcing, and maintaining enterprise security policies and standards.
Experience leading programs in a matrixed organization or environment, and across various technology organizations (both domestic and international), business, and legal.
Experience defining, implementing, and maintaining common security controls and maturity measurement frameworks
Hands on experience in executive reporting and security governance, including developing dashboards and maturity metrics
Experience managing internal/external audits and regulatory assessments
Technical architecture knowledge with the ability to recognize, analyze, and troubleshoot issues, and articulate those to both technical and non-technical audiences.
Superb communication and relationships skills, especially the ability to understand and articulate advanced technical topics and build consensus among partners and leadership.
Able to work well under stress and handle crisis situations professionally.
HIPAA Training and Supervisors Orientation (within 30 days of hire); Leadership Development 101 (within one year); Costco Pay Policies (within 90 days of promotion).
Must be available for travel up to 25% of the time and ability to cross different time zones.
Recommended:
CISSP, CISM, CISA, or other relevant/equivalent experience.
Successful internal candidates will have spent one year or more on their current team.
Communicates effectively with all levels of management.
GRC tooling and automation, hands on experience with Governance, Risk, and Compliance (GRC) platforms for policy and maturity tracking
Experience working with international teams and managing large scale projects that drive international growth.
Experience developing strategies with cross-functional teams across a wide variety of disciplines.
Experience designing global data compliance strategies and leading efforts to comply with local compliance laws.
Experience defining and reporting compliance metrics and risks, facilitating the communication of findings to control owners and stakeholders, and coordinating effective remediation with primary focus in the compliance space.
Ability to manage multiple complex projects concurrently.
Experience creating long and short-term plans, including setting targets for milestones and driving team deadlines and goals.
Proven self-starter with the ability to work under limited supervision.
Business acumen, data analysis, and ability to build business cases.
High level understanding of international compliance and regulatory landscape.
Strong organizational and negotiation skills with attention to detail and quality.
Proficient in Google Workspace applications, including Sheets, Docs, Slides, and Gmail.
Successful internal candidates will have spent one year or more on their current team
Other Conditions
Management will review the Job Analysis for this position prior to a job offer.
Required Documents
Cover Letter
Resume
Last two performance reviews
Attendance records for current year (Do not include absences covered by paid sick/personal time,
FMLA or other protected absences.)
California applicants, please click here to review the Costco Applicant Privacy Notice.
As a key leader within the Security Compliance Management team, this position will develop the strategic vision, and execution for our enterprise governance compliance program. Beyond managing day-to-day operations, you will play a pivotal role in aligning governance initiatives with broader company and IT Division objectives, ensuring regulatory compliance while enabling business growth.
The GRC Manager is essential to the establishment of a robust and scalable governance structure. This role will ensure enterprise-wide security policies and standards are developed and maintained. Additionally, it will drive alignment between regulatory requirements and industry best practices.
As the primary conduit between your employees and upper leadership, your role in communicating and modeling the values and guiding principles of our company culture is of vital importance. All members of IT Management should strive to consciously and consistently foster a culture of engagement, trust, and "open door" communication.
Essential Functions / Job Duties
INTEGRITY: When achieving benchmarks and goals, use methods/strategies that are consistent with the Code of Ethics and the Standard of Ethics for Managers and Supervisors. Always leads by example. Appropriately handles employee concerns and follows through to resolution.
MEMBER SERVICE: Provides and ensures staff provides an exceptional member experience.
ADMINISTRATION: Ensures proper department coverage (writing schedule and break aids if needed). Understands department budget, able to research and explain budget variances.
MANAGING PERFORMANCE: Coaches and mentors employees to provide support and guidance. Has regular open and honest conversations with employees to discuss work performance and career development. Identifies learning opportunities to strengthen employee knowledge, skill and ability.
COMMUNICATION: Regularly shares information with employees via meetings and one-on-one conversations. Successfully navigates difficult conversations with employees, members, and suppliers. Listens, expresses empathy and adapts to get points across. Addresses issues immediately to ensure a timely resolution and to avoid escalating the situation. Consistently demonstrates business knowledge during interactions with senior management.
SELF-MANAGEMENT: Demonstrates sound judgment, taking a partner when necessary. Ability to maintain self-control in the face of hostility or provocation or in intense, hectic situations.
INCLUSION: Encourages different approaches and ideas to work and to accomplish goals. Seeks employee input. Takes the time to get to know or reach out to candidates who show potential that may not come forward on their own.
COMPLIANCE AND SAFETY: Takes measures to ensure employee and member information is kept confidential and adheres to IS security policy.
POLICY AND STANDARDS MANAGEMENT: Develop and maintain enterprise security policies, standards, and guidelines Ensure alignment with business objectives and industry standards such as PCI DSS, HIPAA, NIST CSF, and CIS 18. Partner with stakeholders to embed policies into operational processes and provide governance oversight.
MATURITY & CONTROLS FRAMEWORK: Define and maintain Costco common controls, ensuring alignment with regulatory and industry frameworks. Establish a central maturity measurement approach. Consolidate and manage regulatory requirements across global business units to ensure compliance and reduce redundancy. Develop future-state governance and executive reporting to enable risk-based decision-making.
STRATEGIC GOVERNANCE & RISK-BASED DECISION MAKING: Standardize security governance processes to improve visibility and executive reporting. Ensure strategic alignment between policy enforcement, compliance initiatives, and business objectives. move
PROGRAM MATURITY: Drive continuous improvement of the program by fostering a culture of awareness and operational excellence. Implement scalable solutions to minimize risks that could result in reputational damage or business disruptions.
BUSINESS ENABLEMENT & GLOBAL EXPANSION: Embed compliance into business strategies to eliminate regulatory barriers and enable entry into new markets, supporting the company's growth and innovation objectives.
This is a full-time management/leadership position (45 hours per week).
Regular and reliable workplace attendance at your assigned location.
Ability to operate vehicles, equipment or machinery
Computer, phone, printer, copier, fax
Non-Essential Functions
Assists in other areas of the department as necessary.
Assists in other areas of the company as necessary.
Ability to operate vehicles, equipment or machinery
Same as Essential Functions
Experience, Skills, Education & Licenses/Certifications
Required:
8 years experience in security/compliance risk management, policy management, and compliance within a large enterprise.
3 years experience leading security, compliance, or risk teams in management of supervisory role preferred.
Proven track record in developing, enforcing, and maintaining enterprise security policies and standards.
Experience leading programs in a matrixed organization or environment, and across various technology organizations (both domestic and international), business, and legal.
Experience defining, implementing, and maintaining common security controls and maturity measurement frameworks
Hands on experience in executive reporting and security governance, including developing dashboards and maturity metrics
Experience managing internal/external audits and regulatory assessments
Technical architecture knowledge with the ability to recognize, analyze, and troubleshoot issues, and articulate those to both technical and non-technical audiences.
Superb communication and relationships skills, especially the ability to understand and articulate advanced technical topics and build consensus among partners and leadership.
Able to work well under stress and handle crisis situations professionally.
HIPAA Training and Supervisors Orientation (within 30 days of hire); Leadership Development 101 (within one year); Costco Pay Policies (within 90 days of promotion).
Must be available for travel up to 25% of the time and ability to cross different time zones.
Recommended:
CISSP, CISM, CISA, or other relevant/equivalent experience.
Successful internal candidates will have spent one year or more on their current team.
Communicates effectively with all levels of management.
GRC tooling and automation, hands on experience with Governance, Risk, and Compliance (GRC) platforms for policy and maturity tracking
Experience working with international teams and managing large scale projects that drive international growth.
Experience developing strategies with cross-functional teams across a wide variety of disciplines.
Experience designing global data compliance strategies and leading efforts to comply with local compliance laws.
Experience defining and reporting compliance metrics and risks, facilitating the communication of findings to control owners and stakeholders, and coordinating effective remediation with primary focus in the compliance space.
Ability to manage multiple complex projects concurrently.
Experience creating long and short-term plans, including setting targets for milestones and driving team deadlines and goals.
Proven self-starter with the ability to work under limited supervision.
Business acumen, data analysis, and ability to build business cases.
High level understanding of international compliance and regulatory landscape.
Strong organizational and negotiation skills with attention to detail and quality.
Proficient in Google Workspace applications, including Sheets, Docs, Slides, and Gmail.
Successful internal candidates will have spent one year or more on their current team
Other Conditions
Management will review the Job Analysis for this position prior to a job offer.
Required Documents
Cover Letter
Resume
Last two performance reviews
Attendance records for current year (Do not include absences covered by paid sick/personal time,
FMLA or other protected absences.)
California applicants, please click here to review the Costco Applicant Privacy Notice.