Manager, Governance, Risk & Compliance

Cracker Barrel is looking to add to the Cyber Security team. This person will manage and provide leadership and direction for the company's Information Security Governance Risk & Compliance (GRC) program. This manager will be responsilble for enhancing and maintaining Cracker Barrel’s existing GRC program, as well as for developing and managing an enterprise-wide information security risk program.

• Establish and maintain a strategy for managing security-related audits, compliance checks and external assessment processes for auditors, including but not limited to, Health Information Portability and Accountability Act (HIPAA), Sarbanes-Oxley (SOX), California Consumer Privacy Act (CCPA) and Payment Card Industry Data Security Standard (PCI), other applicable industry standards.
• Liaison with auditors, both internal and external, to maintain and implement controls for compliance and privacy laws.
• Maintain a high degree of knowledge with current and proposed security changes impacting regulatory, privacy and security industry best practice guidance.
• Rebuild and maintain company policies, controls, and standards.
• Create mechanisms and reports to ensure the Cybersecurity program has ample oversight.
• Develop and maintain a Vendor Risk Management program, ensuring all business units follow and uphold process rigor.
• Influence and validate metrics used in assessment of security program success and report them regularly to security and business leadership.
• Drive ongoing security maturation program, where areas of strength are amplified and areas needing improvement are documented.

• Demonstrated leadership experience and thorough understanding of various regulatory requirements and laws such as, but not limited to PCI, SOX, HIPAA, and CCPA.
• Proven understanding of business focus and processes, and ability to inject cybersecurity into the business through teamwork and influence.
• Strong team and organizational management skills, and track record of delivering GRC projects under tight deadlines.
• Demonstrated project management, multitasking and organizational skills.

Education & Certifications

• 10+ years’ experience in cybersecurity in one or more roles, including security analyst, compliance and regulations, risk management or audit.
• At least 2 years of management experience in Security
• Preferred certification in CISSP, CISM, CISA, CRISC, GSLC, or other system security certification

NOTE:  Racism, either overt or perpetuated through unconscious bias, has no place at Cracker Barrel Old Country Store, and both our Mission and People Promise are firmly rooted in the principle of valuing what everyone brings to the table. Our employees work hard to ensure that our brand, which is grounded in genuine hospitality and nostalgia, represents only what is good about those things. While our décor and food may harken back to earlier times, our inclusive culture and beliefs about equality and diversity do not.