Senior Technology Compliance Manager (Hybrid)

8116 – Midtown Office – 2220 W. Broad Street, Richmond, Virginia, 23220

CarMax, the way your career should be!

Do you want to play a key role in enhancing the Cybersecurity program for a Fortune 200 company and national brand that has also been listed on the Fortune 100 Best Places to Work for the past 17 years in a row? Do you enjoy working in a collaborative environment where your ideas can help shape the direction and development of critical cybersecurity capabilities?

Do you want to work with a team of talented professionals that have in-depth technical knowledge and subject matter expertise in technology compliance?

Then your job search begins and ends here….

Who we are looking for:

Senior Technology Compliance Manager to join the Information Security team with proven management skills, in-depth knowledge of and subject matter expertise in compliance management, information security controls, and IT auditing for compliance. This is a unique opportunity at a Fortune 200 company and national brand to expand your skills and influence in the Cybersecurity Program.

This Senior Manager’s primary responsibility is to manage the day-to-day operations of the team and lead compliance assurance through technology controls across the enterprise. This includes strong collaboration and partnership with peers and business partners, tactical and strategic planning, removing roadblocks to team success, and development of team members. The Compliance Manager will oversee and ensure the delivery of high-quality compliance testing and results, lead best-in-class SOX/ITGC, and IT compliance strategies to accomplish goals.

Working closely with the CISO, this person is responsible for the design and administration of the CarMax Technology Compliance framework and processes, with a significant concentration on Sarbanes-Oxley (SOX) and other regulatory compliance requirements, including oversight of a continuous monitoring program to demonstrate program effectiveness.

The Senior Manager must be comfortable with managing an ever-evolving workload, in a fast-paced environment to ensure that technology delivers business value and enables the achievement of compliance objectives and key results. This position requires strong interpersonal, communication, and organizational skills and is the primary liaison between Internal/External auditors on all compliance-related activities.


Team Management

  • Lead compliance analysts that design, develop and execute controls assurance testing including validation and execution methods
  • Responsible for day-to-day tactical team decisions by effectively prioritizing work
  • Display excellent interpersonal skills to build quality relationships with the team and with internal customers and stakeholders, be goal-driven, and manage the day-to-day activities of the team efficiently
  • Develop related processes and procedures to ensure compliance with company policies and regulatory requirements regarding information security, privacy, and data integrity
  • Manage team consulting efforts on cross functional technology initiatives to evaluate controls, conduct compliance testing (audits), report results, and track remediation.
  • Responsible for developing Associates
  • Required to manage multiple tasks and projects simultaneously, sets team goals and KPIs
  • Accountable for team’s use and adherence to the CarMax® policies and procedures
  • Create/maintain resource plans to include time tracking and capacity planning
  • Build depth in planning, design and execution of compliance testing, controls assessment and documentation across all domains for IT General Controls, (PCI DSS) Payment Card Industry, Data Privacy, Sarbanes-Oxley, HIPAA and other compliance requirements, as appropriate.
  • Partner and facilitate internal and external audits within the technology teams
  • Ensure compliance tools are configured and functioning as designed.

Associate Development

  • Responsible for Associate development to include courageous leadership, motivation to improve team dynamics, mentorship to assist the growth of Associates, and constructive feedback on Associate’s performance
  • Effectively provide Associate feedback by writing and delivering on Monthly/Annual Performance Reviews
  • Working with Associates to collaboratively establish an Individual Development Plan (IDP) that promotes self-development to support continuous growth within role and review them on a timely basis


  • Attract, recruit, and retain a strong bench of skilled and highly engaged associates
  • Creates and promotes an environment of development and continuous learning to develop team and others to reach their full potential
  • Creates a culture of empowerment where the team surfaces solutions and executes independently
  • Serve as trusted advisor on technology key controls; partner to evaluate the design and effectiveness of the control environment; develop trending for remediation efforts and overall compliance with regulatory and operational standards, and build compliance programs including detailed reporting and dashboards
  • Influences and negotiates upwardly and broadly CarMax’s compliance direction to ensure alignment and drive enterprise and departmental goals and standards.
  • As an integral member of the Cybersecurity team, exhibit ownership, follow-through, initiative, awareness and effective communication with peers and management and ability to speak to details of compliance
  • Champion technology compliance with Cybersecurity related regulatory requirements (PCI, SOX, PII, NYDFS, HIPAA, etc)
  • Builds relationships that help overcome obstacles and time constraints and provides mentorship and support professional develop opportunities that promote individual growth and foster organizational maturity
  • Understand level of Compliance and exposure as it relates to systems, services, and networks, and communicate remediation and prevention approaches using leading practices
  • Passionate about and provides continual reassessment of CarMax’s compliance posture
  • Develop and deliver compliance training and awareness activities to achieve business understanding of compliance for system/product owners, engineers, and developers
  • Collaborate with internal Audit, Privacy and Legal teams for assessment improvements

Customer Interaction / Business Knowledge

  • Consistently builds positive relationships with internal customers and stakeholders in supported business areas
  • Interacts with the internal customer including understanding business requirements, and recommends control design and implementation approaches
  • Must courageously influence the processes and barriers to effective controls that best represents both compliance and the customers’ needs, seeking a win-win outcome
  • Maintains a strong knowledge base and awareness of industry and technology trends, external regulations for new or changed requirements within technology and identify industry standards for core processes (e.g. NiST, PCI, COBIT, ISO, data privacy etc.)
  • Continuously seeks opportunities to increase internal customer satisfaction and deepen relationships across CarMax Technology


To perform this position successfully, an individual must be able to consistently execute each essential duty & responsibility as well as consistently show proficiency with the following qualifications. The requirements listed below are representative of the knowledge, skill, and/or

ability required. 

  • Strong understanding of key compliance regulations, including Sarbanes-Oxley, GLBA, HIPAA and Payment Card Industry (PCI); experience with IT General Controls across all domains and Operational testing procedures as they pertain to such regulations
  • Experience in design and implementation of an enterprise Compliance Governance framework, including the identification, assessment and mitigation of Compliance exposure while understanding how to balance the companies Compliance and risk appetites and their overall impact
  • Is results-focused and has demonstrated a consistent ability to deliver outcomes on time and with high quality
  • Can effectively address tough issues in a timely manner through courageous conversations
  • Proven project management skills with demonstrated ability to lead medium to large sized matrixed project teams (often multiple projects simultaneously)
  • Demonstrated ability to assess alternative technology Compliance approaches and methodologies while assessing Compliance both quantitatively and qualitatively to meet the business needs
  • Proven ability to effectively identify and communicate risks and influence without direct authority to gather test evidence and translate compliance findings into actions
  • Excellent communication skills and a keen ability to facilitate group discussions with diplomacy and seek diverse opinions
  • Demonstrated leadership skills – apply clear direction and priorities to the team
  • Demonstrated ability to connect compliance vision with the big picture
  • Serves as a role model for others and leads by example
  • Motivates and inspires the team and business partners by creating an environment that promotes positive communication, encourages bonding of team members, and demonstrates flexibility
  • Recommends, designs, and implements new policies and procedures effectively
  • Promotes associate responsibility through work ownership and engagement
  • Possess strong organization and time management skills.

Education and/or Experience:

  • BA/BS Degree in Technology, Computer Science or Business
  • In depth knowledge of information security, Technology Compliance management industry frameworks and standards such as COBIT, NIST, OWASP, SANS, ISO-27001/2, SANS, and ITIL
  • 7+ years working experience of two or more security functions: Compliance, QSA, Security Specialist, IT Auditor, enterprise compliance and risk management programs.
  • 5+ year of previous compliance or IT audit management experience
  • Possession of industry certification: CISA (required), CRISC, CIA, CISM, CISSP, PCI (desired)
  • Dedication and commitment to top-quality service and to exceeding customer expectations
  • Demonstrated leadership – ability to gain consensus across teams without direct reporting responsibility
  • Speed and responsiveness in the resolution of compliance issues/deficiencies
  • Desire to keep current with technology and industry standards while also keeping a keen eye to changing external regulations within technology

About CarMax

CarMax disrupted the auto industry by delivering the honest, transparent and high-integrity experience customers want and deserve. This innovative thinking around the way cars are bought and sold has helped us become the nation’s largest retailer of used cars, with over 200 locations nationwide.

Our amazing team of more than 25,000 associates work together to deliver iconic customer experiences. Along the way, we help every associate grow their career and achieve their best, at work and in their community. We are recognized for our commitment to training and diversity and are one of the FORTUNE 100 Best Companies to Work For®.

CarMax is an equal opportunity employer, and all qualified candidates will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity, genetic information, national origin, protected veteran status, disability status, or any other characteristic protected by law.

Our Commitment to Diversity and Inclusion:

CarMax is committed to bringing together people from different backgrounds and perspectives, providing employees with a safe, welcoming, and inclusive work environment.


CarMax is an equal opportunity employer, and all qualified candidates will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity, gender expression, genetic information, national origin, protected veteran status, disability status, and any other characteristics protected by law.

Work Location and Arrangement: This role will be based out of the Plano, TX or Richmond, VA CarMax Technology Innovation Center and have a Hybrid work arrangement

Upon an applicant’s request, CarMax will consider reasonable accommodation to complete the CarMax Job Application.

Upon an applicant’s request, CarMax will consider reasonable accommodation to complete the CarMax Job Application.

Job ID : JR-087102

More Information

Apply for this job

Leave your thoughts

Share this job