Director Security Risk Mgmt & Governance in Huntersville, NC at American Tire Distributors

Date Posted: 12/31/2020

Job Snapshot

  • Employee Type:
  • Job Type:
  • Experience:
    Not Specified
  • Date Posted:

Job Description

We look forward to your application! When applying, please be sure to put your Full Legal First Name and Last Name for legal and processing purposes.

Are you looking for an opportunity to turn your ambition and your people skills into a rewarding career with an industry leader? Join our team at American Tire Distributors! As the nation's premier tire distributor, ATD’s coast-to-coast distribution network provides approximately 80,000 customers across the U.S. and Canada with rapid and frequent delivery of high quality tires, custom wheels and shop supplies. 

Position Description: 

This director level position has overall leadership, development, staffing, and hands-on responsibility for leading the Security Risk Management & Governance organization for American Tire Distributor (ATD).

This position reports to the Chief Information Security Officer and is responsible for developing and leading the security risk management & governance program and services. This position has a wide expanse of key relationships and must demonstrate strong leadership, relation management, and collaboration competencies.

Essential Duties & Responsibilities

  • Lead, positively motivate, and influence staff members, Leadership teams, and business units  
  • Coordinate with key cross company stakeholders in promoting Security best practices and mature the organizational capabilities.
  • Positively collaborate and coordinate with various HR teams (Leadership, Corporate Communications, Learning & Development, Enterprise Change Management etc.), Legal, and Audit on Policy development, publishing, and Security Awareness & Communications.
  • Keep abreast of new security best practices, solutions, software, and emerging / leading technologies and make recommendations for securing and reducing risks.
  • Lead the SOC 2 Type 2, PCI-DSS, and Security Maturity Programs for ATD-NTD and ensure growth and compliance.
  • Participate in disaster recovery testing and the updating/maintenance of disaster recovery scripts and documentation.  Provide guidance and support on IT DR best practices.
  • Assist in developing long-term strategies and capacity planning for meeting future security computing hardware and software needs
  • Design and deliver a security risk management program that identifies, assesses, and reports on security risks – and consults on risk mitigation actions for the following:
    • Key Strategic Projects
    • Third Party Security Risk Assessments (including meeting PCI requirements) and Vendor Selection
    • Customer Requested Security Risk Assessments
    • Mergers and Acquisitions Security Assessments
    • Consult on Security reviews as required
  • Design and measure against a security risk management vision, and framework baselining against security best practices (such as NIST Cyber Security Framework, ISO, CoBiT, etc.).
  • Deliver a security risk management program that support compliance and reporting requirements for SOC 2, PCI, HIPAA, GDPR, SOX, CCPA, and other reporting requirements.
  • Own and deliver Security Policies, Standards, and Governance Program.  Implement a new enterprise program that standardizes processes of how security policies are set for the company.
  • Own and deliver an enterprise-wide multi-facing security awareness & education program (partnering with HR and Corporate Communications).
  • Deliver measurable metrics reporting, Key Risk Indicators (KRI’s) and Key Performance Indicators (KPI’s) that will be used for board of senior managers reporting, Enterprise Risk Management, and continuous improvements for the program.
  • Proactively partner with Security, IT Compliance, IT, HR, Audit Services, Legal, Finance, Compliance, and business stakeholders to identify and communication key security risks and effective mitigation solutions.
  • Develop roadmap with a focus on emerging risks, themes, prioritization, support country & regional laws, and along with industry regulations.
  • Monitor and report progress of regulatory corrective action plans to senior management.
  • Be responsible for establishing strong working relationships with IT, HR, Legal, Compliance, Finance, as well as other Business and Risk Management teams.
  • Analyze latest technology scorecards and prepare executive summary reports for management to highlight emerging security risks/concerns.
  • Perform and report on trend analysis, identifying opportunities for process improvements.

Success Factors/Key Metrics:                                                                                                       

  • Highly effective communicator for multiple disciplines and levels
  • Effective planning, development, and execution capabilities.
  • Effectively deliver key Security Risk Management Reporting, metrics, and other relevant key factors.
  • Accurate schedule estimates for program development, execution, and standard work.
  • Effective coordination process.
  • Effective delivery of services that demonstrate compliance with applicable laws, including but not limited to PCI-DSS, HIPAA, GDPR, and SOX related requirements.

Key Partners (Positions):                                                                                                              

  • IT infrastructure, application development, HR, Legal, Audit, and other development teams
  • ATD Associates and Contractors
  • ATD Customers and Partners
  • Other IT team members
  • Other partners as required by position

Direct Report Position Titles

  • Future
    - Sr. Security Risk Analyst
    - Security Risk Analyst


  • Education:  Minimum bachelor’s degree from four-year college or university preferred.
  • Professional Experience: 
    • Minimum of 8-10 years’ experience – Security Risk Management & Governance Senior manager or above
    • Minimum of 8 years’ total of performing Security Risk Assessments, leading related programs, developing and implementing security policies and best practices.  Experience in leading security training and educational programs for multiple countries and languages. 
    • Hold at least 2 Cyber Security Certifications (current) (CISSP, CRISC, CISA, CISM, or other).
  • Such alternatives to the above qualifications as the Company, in its discretion may find appropriate and acceptable.

Candidate Skills and Competencies

  • Must be able to build and positively promote security solutions in an Agile environment.
  • Exceptional written and verbal communications skills.
  • Strong security consulting background and/or related experience.
  • Expert in establishing and managing an enterprise-wide Security Risk Management Program.
  • Expert in establishing and managing an enterprise-wide Security Governance program.
  • Prior IT auditing experience.
  • Prior IT hands-on experience (e.g., architecture, engineering, application development, operations, business development, help desk, PMO).
  • Advanced presentation skills – able to promote ideas, collaborate across teams and influence. 
  • Able to work across all groups and levels of management and business groups.
  • Expert in creating and tuning metrics to reflect security maturity and measurement of program performance.
  • Results oriented with demonstrated problem solving and decision-making skills.
  • Advanced knowledge of security related compliance requirements (PCI, HIPAA, SOX, and Security best practices).
  • Experience in applying security risk control frameworks (such as NIST Cyber Security Framework, COBiT, and ISO).
  • Highly effective positively and engaging leader, mentor, senior manager, and coach.
  • Knowledge of software development processes in place at American Tire.
  • Think Innovatively:  Identify and act on ideas which further the Company’s strategic goals.
  • Plan and Execute for Success:  Identify and address root causes when solving problems.  Work collaboratively with other departments and functional teams to coordinate effective solutions.
  • Act Collaboratively:  Communicate effectively across teams, functions and departments.
  • Communicate Effectively:  Communicate clearly and concisely and adjust communication style to improve performance
  • Demonstrate Respect:  Handle all business matters ethically and in full compliance with American Tire Distributors “Code of Conduct”
  • Be Accountable for Results:  Assume full responsibility for the consequences of one’s behaviors, decisions and results.

This job description in no way states or implies that these are the only duties to be performed by the employee occupying the position.  Employees will be required to follow any other job-related instructions and to perform any other job-related duties requested by their supervisor, subject to reasonable accommodations.  Nothing in this job description creates a contract of employment in any way for any person.   All employees hired by American Tire Distributors, Inc. are employees at will and the company reserves the right to terminate employees at any time for any reason or no reason at all.

Build a challenging and rewarding career with us!

American Tire Distributors is an Equal Opportunity Employer and Drug Free Workplace

Shift Type:
Job ID: R13783