Sr Manager, InfoSec Compliance & Governance

About the Role

Role As an Sr Mgr Infosec Compliance Governance, you will play a critical role in ensuring our organization meets compliance standards and protects sensitive data across our international operations. You will work closely with technical experts, legal counsel, and other global stakeholders, applying analytical and interpersonal skills to bridge operational and technical gaps. You will deliver program activities on-time for successful assessments and audits.

•Compliance Management: Drive implementation and maintenance of our compliance programs across relevant regulatory standards (e.g., GDPR, CCPA, PCI DSS, SOX). Conduct audits and assessments to ensure compliance with both internal and external controls. Provide support for compliance activities and ensure compliance program activities are occurring as scheduled and effectively managed.
•Policy Development: Draft, update, and enforce IT security policies, procedures, and guidelines in line with global and regional regulations. Collaborate with business units to ensure policies are effectively communicated and implemented.
•Technical Control Implementation: Work with IT and development teams to implement and validate technical security controls. Evaluate technical solutions for compliance with regulatory requirements. Develop and maintain control testing procedures and schedules.
•Risk Management: Identify, assess, and mitigate IT security risks for infrastructure and systems.
•Third Party Risk Management: Develop and drive vendor security assessment processes. Review vendor security documentation and identify potential risks. Collaborate with procurement and legal teams on vendor contracts and security requirements.
•Collaboration: Liaise effectively with both technical teams (e.g., IT operations, cybersecurity), legal (e.g., compliance officers, external counsel) and business teams to align compliance initiatives. Direct contractors, personnel, leaders, executives to streamline program activities in alignment with their own goals.
•Training & Awareness: Develop and deliver training programs to educate employees on security compliance and best practices.
•Documentation: Maintain accurate and up-to-date records of compliance activities, audits, and risk assessments.
•Continuous Improvement: Monitor and evaluate the effectiveness of compliance programs and recommend enhancements. Ensure findings or other corrective actions are closed within expectations.
•Technical Communication: Communicate technical and regulatory specifications and requirements to non-technical personnel in a clear and understandable manner.
What You'll Do

• Experience: 6+ years of experience in IT security compliance, preferably in a global retail or eCommerce environment, with a proven track record of creating and reviewing compliance policies.
• Technical Skills:
  • Strong knowledge of compliance standards like GDPR, CCPA, PCI DSS, SWIFT, SOX.
  • Familiarity with risk management frameworks such as NIST, ISO 27001.
  • Experience with cloud security platforms (e.g., AWS, Azure, Google Cloud).
  • Proficiency in security tools and technologies (e.g., FW/WAF, SIEM, DLP, IAM).
  • Familiarity with engineering development toolchains and capabilities.
  • Experience with GRC platforms and processes
• Soft Skills:
  • Proactive problem-solver who can identify compliance gaps before they become issues.
  • Can navigate matrix organizations fluently
  • Exceptional critical thinking and problem-solving abilities to analyze complex compliance issues and propose effective solutions.
  • Strong interpersonal and communication skills to build relationships with diverse stakeholders across technical, legal, and business audiences.
  • Ability to build relationships across departments and drive consensus
  • Adaptability and cultural sensitivity, fostering collaboration in a global environment.
  • Proactive approach to identifying risks and opportunities for improvement.
  • Attention to detail with excellent organizational and time-management skills.
  • Ability to communicate technical specifications and compliance requirements to non-technical personnel in a clear and understandable manner.

Who You Are

• Certifications: CISA, CISM, CISSP, or equivalent.
• Additional Experience:
  • Experience with cloud security platforms (e.g., AWS, Azure, Google Cloud).
  • Knowledge of Japanese IT compliance standards is a plus.
  • Experience with data privacy regulations and frameworks (e.g., CCPA, GDPR, ISO 27701).
  • Familiarity with DevSecOps practices and tools.

Benefits at Gap Inc.

• Merchandise discount for our brands: 50% off regular-priced merchandise at Old Navy, Gap, Banana Republic and Athleta, and 30% off at Outlet for all employees.
• One of the most competitive Paid Time Off plans in the industry.
• Employees can take up to five "on the clock" hours each month to volunteer at a charity of their choice.
• Extensive 401(k) plan with company matching for contributions up to four percent of an employee's base pay.
• Employee stock purchase plan.
• Medical, dental, vision and life insurance.
• See more of the benefits we offer.

For eligible employees

Gap Inc. is an equal-opportunity employer and is committed to providing a workplace free from harassment and discrimination. We are committed to recruiting, hiring, training and promoting qualified people of all backgrounds, and make all employment decisions without regard to any protected status. We have received numerous awards for our long-held commitment to equality and will continue to foster a diverse and inclusive environment of belonging. In 2022, we were recognized by Forbes as one of the World's Best Employers and one of the Best Employers for Diversity.

Salary Range: $174,400 - $231,200 USD
Employee pay will vary based on factors such as qualifications, experience, skill level, competencies and work location. We will meet minimum wage or minimum of the pay range (whichever is higher) based on city, county and state requirements.

Client-provided location(s): San Francisco, CA

Job ID: gap-R188597-SFF

Employment Type: FULL_TIME

Posted: 2025-05-02T20:56:16