Dir, IT GRC (BCP/DR)
Apply NowCompany: Tractor Supply Company
Location: Brentwood, TN 37027
Description:
Overall Job Summary
The Director, IT Governance, Risk, and Compliance (GRC), Privacy, and Business Continuity Planning/Disaster Recovery (BCP/DR) is responsible for developing, implementing, and maturing IT GRC programs to align with business objectives and regulatory requirements. This leader will drive enhancements to existing policies, standards, and frameworks while overseeing IT risk management, third-party risk management, privacy, and business continuity/disaster recovery (BCP/DR) programs.
This role requires a strategic thinker with deep expertise in IT governance, risk assessment methodologies, and compliance frameworks. The Director will collaborate with cross-functional stakeholders to build a strong risk-aware culture and ensure operational resilience in an evolving threat and regulatory landscape.
Essential Duties and Responsibilities (Min 5%)
Governance, Policy, and Compliance:
IT Risk and Third-Party Risk Management:
Privacy Program Management:
Business Continuity and Disaster Recovery (BCP/DR):
Leadership and Collaboration:
Required Qualifications
Experience: 10+ years of progressive cybersecurity, IT risk, and compliance experience. Relevant experience in retail, Big4 or enterprise IT audit, and security consulting is preferred. Deep knowledge and practical experience in enterprise IT risk management programs using NIST, FAIR, ISO, and other relevant IT control frameworks. Deep knowledge and practical experience with PCI, SOX, IT General Controls, and third-party risk management.
Education: Bachelor's degree in Computer Science, Cybersecurity, Information Security or related technical field from an accredited college or university. Advanced degree in Cybersecurity or Risk Management is a plus. Any suitable combination of education and experience will be considered.
Professional Certifications: CISSP, CISM, CRISC, CIPM, CISA, CBCP (Certified Business Continuity Professional) or another relevant security or governance certification(s) desired.
High Demand IT specialized skills: GRC Tools knowledge preferred
Platform knowledge (UNIX, Linus, Windows): AWS, Azure, or GCP preferred
Preferred knowledge, skills or abilities
Working Conditions
Physical Requirements
Disclaimer
This job description represents an overview of the responsibilities for the above referenced position. It is not intended to represent a comprehensive list of responsibilities. A team member should perform all duties as assigned by his/ her supervisor.
Company Info
At Tractor Supply and Petsense by Tractor Supply, our Team Members are the heart of our success. Their dedication, passion, and hard work drive everything we do, and we are committed to supporting them with a comprehensive and accessible total reward package. We understand the evolving needs of our Team Members and their families, and we strive to offer meaningful, competitive, and sustainable benefits that support their well-being today and in the future.
Our benefits extend beyond medical, dental, and vision coverage, including company-paid life and disability insurance, paid parental leave, tuition reimbursement, and family planning resources such as adoption and surrogacy assistance, for eligible Team Members. While all Team Members have access to a broad range of rewards, eligibility and specific offerings may vary depending on the role, individual plan requirements and eligibility criteria.
ALREADY A TEAM MEMBER?
You must apply or refer a friend through our internal portal
Click here
CONNECTION
Our Mission and Values are more than just words on the wall - they're the one constant in an ever-changing environment and the bedrock on which we build our culture. They're the core of who we are and the foundation of every decision we make. It's not just what we do that sets us apart, but how we do it.
Learn More
EMPOWERMENT
We believe in managing your time for business and personal success, which is why we empower our Team Members to lead balanced lives through our benefits total rewards offerings. fot full-time and eligible part-time TSC and Petsense Team Members. We care about what you care about!
Learn More
OPPORTUNITY
A lot of care goes into providing legendary service at Tractor Supply Company, which is why our Team Members are our top priority. Want a career with a clear path for growth? Your Opportunity is Out Here at Tractor Supply and Petsense.
Learn More
Join Our Talent Community
The Director, IT Governance, Risk, and Compliance (GRC), Privacy, and Business Continuity Planning/Disaster Recovery (BCP/DR) is responsible for developing, implementing, and maturing IT GRC programs to align with business objectives and regulatory requirements. This leader will drive enhancements to existing policies, standards, and frameworks while overseeing IT risk management, third-party risk management, privacy, and business continuity/disaster recovery (BCP/DR) programs.
This role requires a strategic thinker with deep expertise in IT governance, risk assessment methodologies, and compliance frameworks. The Director will collaborate with cross-functional stakeholders to build a strong risk-aware culture and ensure operational resilience in an evolving threat and regulatory landscape.
Essential Duties and Responsibilities (Min 5%)
Governance, Policy, and Compliance:
- Lead the development and continuous improvement of IT governance policies, standards, and controls to align with industry best practices (e.g., NIST, ISO 27001).
- Establish and maintain IT compliance programs to ensure adherence to regulatory requirements such as SOX, PCI DSS, CCPA and emerging privacy laws.
- Partner with internal audit, legal, and enterprise risk management teams to address compliance gaps and remediation plans.
- Provide regular reporting and metrics on IT GRC performance to executive leadership and governance committees.
IT Risk and Third-Party Risk Management:
- Mature the existing IT risk management program, ensuring a risk-based approach to security and compliance.
- Develop and maintain the enterprise IT risk register, conducting regular risk report outs, assessments, and mitigation planning.
- Lead and enhance the third-party risk management (TPRM) program, including vendor risk assessments, contract reviews, and ongoing monitoring of third-party security and compliance risks.
- Collaborate with procurement, legal, and business units to enforce security and privacy requirements in third-party agreements.
Privacy Program Management:
- Oversee the IT privacy program, ensuring alignment with legal and regulatory obligations such as CCPA, ColoPA, CTDPA, and other domestic data privacy laws.
- Work closely with legal and data governance teams to manage data protection impact assessments (DPIAs) and privacy compliance initiatives.
- Develop privacy risk assessments and ensure controls are in place for data protection, access management, and breach response.
- Provide guidance on privacy by design principles for IT systems and projects.
Business Continuity and Disaster Recovery (BCP/DR):
- Lead the development and maturation of the Business Continuity and Disaster Recovery (BCP/DR) program to ensure IT resilience.
- Collaborate with IT and business stakeholders to conduct business impact analyses (BIA) and develop contingency plans.
- Oversee testing and continuous improvement of disaster recovery procedures, ensuring minimal disruption in the event of incidents.
- Align BCP/DR strategies with enterprise risk management and operational resilience objectives.
Leadership and Collaboration:
- Lead and develop a team of IT GRC professionals, fostering a culture of accountability and continuous improvement.
- Work closely with IT, security, legal, compliance, and business leaders to integrate GRC initiatives across the enterprise.
- Serve as a subject matter expert and trusted advisor to senior leadership on IT risk, compliance, and privacy matters.
Required Qualifications
Experience: 10+ years of progressive cybersecurity, IT risk, and compliance experience. Relevant experience in retail, Big4 or enterprise IT audit, and security consulting is preferred. Deep knowledge and practical experience in enterprise IT risk management programs using NIST, FAIR, ISO, and other relevant IT control frameworks. Deep knowledge and practical experience with PCI, SOX, IT General Controls, and third-party risk management.
Education: Bachelor's degree in Computer Science, Cybersecurity, Information Security or related technical field from an accredited college or university. Advanced degree in Cybersecurity or Risk Management is a plus. Any suitable combination of education and experience will be considered.
Professional Certifications: CISSP, CISM, CRISC, CIPM, CISA, CBCP (Certified Business Continuity Professional) or another relevant security or governance certification(s) desired.
High Demand IT specialized skills: GRC Tools knowledge preferred
Platform knowledge (UNIX, Linus, Windows): AWS, Azure, or GCP preferred
Preferred knowledge, skills or abilities
- Experience with GRC tools (e.g., Archer, OneTrust, ServiceNow GRC, Onspring).
- Knowledge of cloud governance and compliance considerations (AWS, Azure, GCP).
- Strong analytical and problem-solving skills with a focus on risk-based decision-making.
- Understanding of AI governance and risk management, including ethical AI principles, AI/ML security risks, and regulatory considerations around AI deployment.
- Familiarity with emerging AI compliance frameworks, such as the EU AI Act, NIST AI RMF, and industry best practices for responsible AI use.
- Technical writing and documentation expertise, with ability to translate complex technical concepts for varied audiences.
- Demonstrated experience leading organizational transformation while maintaining operational excellence.
- Strong analytical and problem-solving capabilities with focus on continuous improvement.
Working Conditions
- Normal office working conditions
Physical Requirements
- Sitting
- Standing (not walking)
- Walking
- Kneeling/Stooping/Bending
- Lifting up to 10 pounds
Disclaimer
This job description represents an overview of the responsibilities for the above referenced position. It is not intended to represent a comprehensive list of responsibilities. A team member should perform all duties as assigned by his/ her supervisor.
Company Info
At Tractor Supply and Petsense by Tractor Supply, our Team Members are the heart of our success. Their dedication, passion, and hard work drive everything we do, and we are committed to supporting them with a comprehensive and accessible total reward package. We understand the evolving needs of our Team Members and their families, and we strive to offer meaningful, competitive, and sustainable benefits that support their well-being today and in the future.
Our benefits extend beyond medical, dental, and vision coverage, including company-paid life and disability insurance, paid parental leave, tuition reimbursement, and family planning resources such as adoption and surrogacy assistance, for eligible Team Members. While all Team Members have access to a broad range of rewards, eligibility and specific offerings may vary depending on the role, individual plan requirements and eligibility criteria.
ALREADY A TEAM MEMBER?
You must apply or refer a friend through our internal portal
Click here
CONNECTION
Our Mission and Values are more than just words on the wall - they're the one constant in an ever-changing environment and the bedrock on which we build our culture. They're the core of who we are and the foundation of every decision we make. It's not just what we do that sets us apart, but how we do it.
Learn More
EMPOWERMENT
We believe in managing your time for business and personal success, which is why we empower our Team Members to lead balanced lives through our benefits total rewards offerings. fot full-time and eligible part-time TSC and Petsense Team Members. We care about what you care about!
Learn More
OPPORTUNITY
A lot of care goes into providing legendary service at Tractor Supply Company, which is why our Team Members are our top priority. Want a career with a clear path for growth? Your Opportunity is Out Here at Tractor Supply and Petsense.
Learn More
Join Our Talent Community