Nordstrom
Senior Director of Governance, Risk, and Compliance (GRC)
This is a Seattle based opportunity. We are seeking an experienced and strategic Senior Director of Governance, Risk, and Compliance (GRC) to lead and mature our enterprise GRC function. This role will be responsible for developing and implementing an integrated framework that aligns security, privacy, regulatory, and risk management initiatives across the organization. The ideal candidate is a collaborative leader with deep domain expertise in information security, regulatory compliance, risk governance, and cross-functional stakeholder engagement. Key Responsibilities
Governance
Develop and maintain a comprehensive GRC strategy and roadmap aligned with business objectives and risk appetite. Lead the creation and enforcement of policies, standards, and frameworks for information security, privacy, and compliance. Serve as a key advisor to executive leadership on governance best practices, regulatory developments, and risk posture. Risk Management
Oversee the IT and Cyber risk management process, including identification, assessment, mitigation, and monitoring of risks. Develop and operationalize risk reporting metrics and dashboards to support data-driven decision-making at the executive and board levels. Integrate risk management into strategic planning, business operations, and third-party engagements. Compliance
Ensure ongoing compliance with regulatory and industry frameworks (e.g., SOX, HIPAA, GDPR, CCPA, PCI-DSS, ISO 27001, NIST CSF). Lead internal and external audit activities, including coordination, evidence gathering, and remediation tracking. Maintain compliance readiness through continuous control monitoring and process improvements. Leadership & Collaboration
Build, mentor, and lead a high-performing GRC team across disciplines (e.g., compliance, risk, audit, third-party risk). Partner with Legal, IT, Finance, HR, and business units to align GRC efforts and ensure integrated risk management. Manage GRC-related tools, vendors, and platforms (e.g., Archer, ServiceNow GRC, OneTrust). Qualifications Required
Bachelor's degree in Information Security, Risk Management, Business, Law, or a related field; Master's degree or MBA preferred. 10+ years of progressive experience in GRC, information security, enterprise risk, or compliance, including 5+ years in a leadership role. Strong knowledge of regulatory frameworks, audit processes, risk methodologies, and control design. Proven success in building or transforming a GRC program in a complex, global environment. Exceptional leadership, strategic thinking, and communication skills. Preferred
Relevant industry certifications (e.g., CISA, CRISC, CISSP, CISM, CGEIT, CPA). Experience working in regulated industries such as financial services, healthcare, or technology. Familiarity with GRC platforms and automation tools. Experience presenting to executive leadership, audit committees, or boards of directors. We've got you covered Our employees are our most important asset and that's reflected in our benefits. Nordstrom is proud to offer a variety of benefits to support employees and their families, including: Medical/Vision, Dental, Retirement and Paid Time Away Life Insurance and Disability Merchandise Discount and EAP Resources A few more important points... The job posting highlights the most critical responsibilities and requirements of the job. It's not all-inclusive. There may be additional duties, responsibilities, and qualifications for this job. Nordstrom conducts background checks and considers qualified applicants with criminal histories in a manner consistent with all legal requirements. Applicants with disabilities who require assistance or accommodation should contact the nearest Nordstrom location. Please be mindful that there may be legal notices and requirements related to this job posting that are specific to your state. Review the Career Site FAQ's for relevant information and guidelines. 2022 Nordstrom, Inc Current Nordstrom employees: To apply, log into Workday, click the Careers button and then click Find Jobs. Pay Range Details The pay range(s) below has been provided in compliance with state specific laws. Pay ranges may be different for other locations. Pay offers are dependent on the location, as well as job-related knowledge, skills, and experience. $221,000.00 - $365,000.00 Annual This position may be eligible for performance-based incentives/bonuses. Benefits include 401k, medical/vision/dental/life/disability insurance options, PTO accruals, Holidays, and more. Eligibility requirements may apply based on location, job level, classification, and length of employment. Learn more in the Nordstrom Benefits Overview by copying and pasting the following URL into your browser: https://careers.nordstrom.com/pdfs/Ben_Overview_20-21.pdf
This is a Seattle based opportunity. We are seeking an experienced and strategic Senior Director of Governance, Risk, and Compliance (GRC) to lead and mature our enterprise GRC function. This role will be responsible for developing and implementing an integrated framework that aligns security, privacy, regulatory, and risk management initiatives across the organization. The ideal candidate is a collaborative leader with deep domain expertise in information security, regulatory compliance, risk governance, and cross-functional stakeholder engagement. Key Responsibilities
Governance
Develop and maintain a comprehensive GRC strategy and roadmap aligned with business objectives and risk appetite. Lead the creation and enforcement of policies, standards, and frameworks for information security, privacy, and compliance. Serve as a key advisor to executive leadership on governance best practices, regulatory developments, and risk posture. Risk Management
Oversee the IT and Cyber risk management process, including identification, assessment, mitigation, and monitoring of risks. Develop and operationalize risk reporting metrics and dashboards to support data-driven decision-making at the executive and board levels. Integrate risk management into strategic planning, business operations, and third-party engagements. Compliance
Ensure ongoing compliance with regulatory and industry frameworks (e.g., SOX, HIPAA, GDPR, CCPA, PCI-DSS, ISO 27001, NIST CSF). Lead internal and external audit activities, including coordination, evidence gathering, and remediation tracking. Maintain compliance readiness through continuous control monitoring and process improvements. Leadership & Collaboration
Build, mentor, and lead a high-performing GRC team across disciplines (e.g., compliance, risk, audit, third-party risk). Partner with Legal, IT, Finance, HR, and business units to align GRC efforts and ensure integrated risk management. Manage GRC-related tools, vendors, and platforms (e.g., Archer, ServiceNow GRC, OneTrust). Qualifications Required
Bachelor's degree in Information Security, Risk Management, Business, Law, or a related field; Master's degree or MBA preferred. 10+ years of progressive experience in GRC, information security, enterprise risk, or compliance, including 5+ years in a leadership role. Strong knowledge of regulatory frameworks, audit processes, risk methodologies, and control design. Proven success in building or transforming a GRC program in a complex, global environment. Exceptional leadership, strategic thinking, and communication skills. Preferred
Relevant industry certifications (e.g., CISA, CRISC, CISSP, CISM, CGEIT, CPA). Experience working in regulated industries such as financial services, healthcare, or technology. Familiarity with GRC platforms and automation tools. Experience presenting to executive leadership, audit committees, or boards of directors. We've got you covered Our employees are our most important asset and that's reflected in our benefits. Nordstrom is proud to offer a variety of benefits to support employees and their families, including: Medical/Vision, Dental, Retirement and Paid Time Away Life Insurance and Disability Merchandise Discount and EAP Resources A few more important points... The job posting highlights the most critical responsibilities and requirements of the job. It's not all-inclusive. There may be additional duties, responsibilities, and qualifications for this job. Nordstrom conducts background checks and considers qualified applicants with criminal histories in a manner consistent with all legal requirements. Applicants with disabilities who require assistance or accommodation should contact the nearest Nordstrom location. Please be mindful that there may be legal notices and requirements related to this job posting that are specific to your state. Review the Career Site FAQ's for relevant information and guidelines. 2022 Nordstrom, Inc Current Nordstrom employees: To apply, log into Workday, click the Careers button and then click Find Jobs. Pay Range Details The pay range(s) below has been provided in compliance with state specific laws. Pay ranges may be different for other locations. Pay offers are dependent on the location, as well as job-related knowledge, skills, and experience. $221,000.00 - $365,000.00 Annual This position may be eligible for performance-based incentives/bonuses. Benefits include 401k, medical/vision/dental/life/disability insurance options, PTO accruals, Holidays, and more. Eligibility requirements may apply based on location, job level, classification, and length of employment. Learn more in the Nordstrom Benefits Overview by copying and pasting the following URL into your browser: https://careers.nordstrom.com/pdfs/Ben_Overview_20-21.pdf