This site uses cookies. To find out more, see our Cookies Policy


Sr. Manager of Security Risk Management & Governance in Huntersville, NC at American Tire Distributors

Date Posted: 4/1/2019

Job Snapshot

  • Employee Type:
  • Job Type:
  • Experience:
    Not Specified
  • Date Posted:

Job Description

We look forward to your application! When applying, please be sure to put your Full Legal First Name and Last Name for legal and processing purposes.

Are you looking for an opportunity to turn your ambition and your people skills into a rewarding career with an industry leader? Join our team at American Tire Distributors! As the nation's premier tire distributor, ATD’s coast-to-coast distribution network provides approximately 80,000 customers across the U.S. and Canada with rapid and frequent delivery of high quality tires, custom wheels and shop supplies. 

Position Description: 

This senior senior manager level position has overall leadership, development, staffing, and hands on responsibility for leading the Security Risk Management & Governance organization for American Tire Distributor (ATD).

This position reports to the Chief Information Security Officer and is responsible for developing and leading the security risk management & governance program and services. This position has a wide expanse of key relationships and must demonstrate strong leadership, relation management, and collaboration competencies.

Essential Duties & Responsibilities


  • Design and deliver a security risk management program that identifies, assesses, and reports on security risks – and consults on risk mitigation actions for the following:
    • Key Strategic Projects
    • Third Party Security Risk Assessments (including meeting PCI requirements) and Vendor Selection
    • Customer Requested Security Risk Assessments
    • Mergers and Acquisitions Security Assessments
    • Consult on Security reviews as required
  • Design and measure against a security risk management vision, and framework baselining against security best practices (such as NIST, ISO, CoBiT, etc.).
  • Deliver a security risk management program that support compliance and reporting requirements for PCI, HIPAA, GDPR, SOX, and other reporting requirements.
  • Own and deliver Security Policies, Standards, and Governance Program.  Implement a new enterprise program that standardizes processes of how security policies are set for the company.
  • Own and deliver an enterprise-wide multi-facing security awareness & education program (partnering with HR and Corporate Communications).
  • Deliver measurable metrics reporting, Key Risk Indicators (KRI’s) and Key Performance Indicators (KPI’s) that will be used for board of senior managers reporting, Enterprise Risk Management, and continuous improvements for the program.
  • Proactively manage partnerships with security, IT, HR, Audit Services, Legal, Finance, Compliance, and business stakeholders to identify and communication key security risks and effective mitigation solutions.
  • Develop roadmap with a focus on emerging risks, themes, prioritization; support country & regional laws, and along with industry regulations.
  • Monitor and report progress of regulatory corrective action plans to senior management.
  • Be responsible for establishing strong working relationships with IT, HR, Legal, Compliance, Finance, as well as other Business and Risk Management teams.
  • Analyze latest technology scorecards and prepare executive summary reports for management to highlight emerging security risks/concerns.
  • Perform and report on trend analysis, identifying opportunities for process improvements.

Direct Report Position Titles

  • Manager
  • Sr. Security Risk Analyst
  • Security Risk Analyst


Success Factors/Key Metrics:                                                                                                       

  • Effective planning, development, and execution capabilities.
  • Highly effective communicator for multiple disciplines.
  • Effective delivery of key metrics, and reporting.
  • Accurate schedule estimates for program development, execution, and standard work.
  • Effective coordination process.
  • Effective delivery of services that demonstrate compliance with applicable laws, including but not limited to PCI-DSS, HIPAA, GDPR, and SOX related requirements.

Key Partners (Positions):                                                                                                              

  • IT  infrastructure, application development, business analysts and development teams
  • ATD employees
  • ATD Customers and Partners
  • Other IT team members
  • Other partners as required by position

Experience(s) that Best Prepares You:                                                                                        

  • Education:  Minimum bachelor’s degree from four-year college or university preferred.
  • Professional Experience: 
    • Minimum of 5 years’ experience – Security Risk Management & Governance Senior manager or above
    • Minimum of 7 years’ total of performing Security Risk Assessments, leading related programs, developing and implementing security policies and best practices.  Experience in leading security training and educational programs for multiple countries and languages. 
    • Hold at least 2 Cyber Security Certifications (current) (CISSP, CRISC, CISA, CISM, or other).
  • Such alternatives to the above qualifications as the Company, in its discretion may find appropriate and acceptable.

Candidate Skills & Competencies

  • Exceptional written and verbal communications skills.
  • Strong security consulting background and/or related experience.
  • Expert in establishing and managing an enterprise-wide Security Risk Management Program.
  • Expert in establishing and managing an enterprise-wide Security Governance program.
  • Prior IT auditing experience.
  • Prior IT hands-on experience (e.g., architecture, engineering, application development, operations, business development, help desk, PMO).
  • Advanced presentation skills – able to promote ideas, collaborate across teams and influence. 
  • Able to work across all groups and levels of management and business groups.
  • Expert in creating and tuning metrics to reflect security maturity and measurement of program performance.
  • Results oriented with demonstrated problem solving and decision making skills.
  • Advanced knowledge of security related compliance requirements (PCI, HIPAA, SOX, and Security best practices).
  • Experience in applying security risk control frameworks (such as NIST Cyber Security Framework, COBiT, and ISO).
  • Highly effective leader, mentor, senior manager, and coach.
  • Knowledge of software development processes in place at American Tire.
  • Think Innovatively:  Identify and act on ideas which further the Company’s strategic goals.
  • Plan and Execute for Success:  Identify and address root causes when solving problems.  Work collaboratively with other departments and functional teams to coordinate effective solutions.
  • Act Collaboratively:  Communicate effectively across teams, functions and departments.
  • Communicate Effectively:  Communicate clearly and concisely and adjust communication style to improve performance
  • Demonstrate Respect:  Handle all business matters ethically and in full compliance with American Tire Distributors “Code of Conduct”
  • Be Accountable for Results:  Assume full responsibility for the consequences of one’s behaviors, decisions and results.
  • Knowledge of current materials, methods, technology and practices of the Company.

Physical Demands/Work Environment/Travel Requirements:

  • Physical demands:  While performing the duties of this job, the employee is occasionally required to stand; walk; sit; use hands to finger, handle or feel objects, tools or controls; reach with hands and arms; climb stairs; balance, stoop, kneel, crouch or crawl; talk, hear, taste and/or smell; the employee must occasionally lift and/or move up to 50 pounds.  Specific vision abilities required by the job include close vision, distance vision, color vision, peripheral vision, depth perception and the ability to adjust focus.
  • Work environment:  While performing the duties of this job, the employee is exposed to weather conditions prevalent at the time.  The noise level in the work environment is usually moderate.
  • Travel required:  as required up to 20%

Additional Details (work environment, specializations, etc.)


This job description in no way states or implies that these are the only duties to be performed by the employee occupying the position.  Employees will be required to follow any other job-related instructions and to perform any other job-related duties requested by their supervisor, subject to reasonable accommodations.  Nothing in this job description creates a contract of employment in any way for any person.   All employees hired by American Tire Distributors, Inc. are employees at will and the Company reserves the right to terminate employees at any time for any reason or no reason at all.

Build a challenging and rewarding career with us!

American Tire Distributors is an Equal Opportunity Employer and Drug Free Workplace

Shift Type:
Job ID: R08493