Chat to apply now!


The IT Team Lead – Governance, Risk & Compliance (GRC) oversees a team to maintain Darden’s high standard of security compliance in a rapidly changing, fast paced environment. This hands-on role works closely with business units and leadership to develop a risk/security/compliance framework; designing, planning, implementing, testing and auditing compliance requirements to ensure consistent adherence to company regulating entities (SOX, PCI, 3rd Party Risk). This role works cross-functionally at all levels of the enterprise to ensure the security compliance strategy is being implemented effectively and in a timely manner.


-Takes a leading role in the successful completion of 3rd-party audits based on PCI-DSS and SOX; acts as subject matter expert regarding PCI and SOX compliance requirements and works with all relevant teams to coordinate compliance process, documents, evidence and approvals

-Oversee vendor relationships with applicable third party vendors providing service delivery of GRC related functions to include but not limited to vendor management, security awareness and professional services

-Manages relationships with external and internal auditor entities; maintaining awareness of security posture of key vendors, conducting vendor security risk assessments and tracking and reporting on KPIs and metrics

-Collaborates with Legal Services to review customer and vendor contracts to ensure that information security requirements are met

-Mentors and trains team members

-Creates and communicates risk reporting tailored to the relevant audience including educating about the most significant risks to the business units, ensuring appropriate individuals understand the risks that might affect their departments and company

-Reviews Report on Compliance/Assessment and provides actionable steps on remediation, while advising relevant controls and best practices in line with industry compliance trends

-Researches and recommends controls aligned with security policies and legal, regulatory and audit requirements

-Leads the gathering and preparation of documentation to support audits, assessments and data requests from internal and external stakeholders

-Leads the development and maintenance of Cybersecurity policies, standards and procedures

-Leads the vendor risk management program

-Leads the Cybersecurity user awareness program

-Supports the vulnerability management program by providing reports and conducting follow-up activities to ensure awareness and promote compliance

-Leads the Cybersecurity risk management program

-Represents the Cybersecurity GRC team professionally and positively in both formal and informal settings

-Maintains current up-to-date knowledge and understanding of PCI-DSS and Sarbanes Oxley, GDPR, CCPA, HIPAA and associated data security and privacy laws to ensure compliancy in operations and products

-Supports other Cybersecurity functions and teams to ensure holistic implementation of security controls, practices, and programs 


-8+ years' experience working within IT, IT Audit, information security risk, governance, compliance or similar department

-Practical experience standing up and administering a GRC tool with a mindset for automating processes

-Experience leading people and developing and delivering project plans and enterprise initiatives

-One of the following certifications: CISSP, CISA or CISM certification

-Two of the following certification: CRISC, Security+, PCIP, GIAC, CCSP, or equivialant(s)

-Practical experience with NIST CSF, COBIT5, PCI-DSS, Sarbanes Oxley, ISO, SSAE 16 SOC 1, SOC 2 and other frameworks

-Proven success in developing and using metrics/KPIs to assess, report on and improve program performance

-Ability to prepare and present internal and external audit evidence

-Strong understanding of how to secure and maintain compliance with cloud offerings such as Office365, Amazon Web Services (AWS) and Azure, etc.


-Bachelor's degree in Computer Science, Information Technology, or a relevant field

-Equivalent education, training, or experience may be considered


-Ability to establish and maintain strong working relationships with business partners across the enterprise

-Ability to maintain industry relationships and look to all sources available to develop the best technology strategies

-Ability to multi-task in a fast-paced environment

-Experience leading people and developing and delivering project plans and enterprise initiatives

-This is a leadership role that requires an individual with a strong technical background, as well as an ability to manage relationships and build strong rapport with key internal stakeholders

-Demonstrated ability to communicate clearly and succinctly with business units in regard to Darden’s information security posture

-Develop and present comprehensive and accurate reports, trainings and presentations for both technical and executive audiences

-Excellent oral, written, and interpersonal communication skills


-PCIP and PMP certification strongly preferred