IT Compliance Auditor

The IT Compliance Auditor is responsible for supporting IT compliance activities across all Good Food Holdings retail brands to ensure adherence to industry regulations and internal governance requirements, including PCI-DSS, KSOX, and applicable data privacy regulations. This role supports IT audit activities, IT security awareness initiatives, privacy governance, and risk management programs while helping strengthen the organization's overall compliance posture.

The IT Compliance Auditor partners closely with IT, Finance, Legal, Operations, and other business teams to support governance frameworks, monitor compliance activities, assess risk, and promote a culture of security awareness and internal controls across the organization.

Essential Duties and Responsibilities

Includes the following duties (others may be assigned):

Compliance Management

· Monitor and support compliance with PCI-DSS, KSOX, and other relevant regulations, standards, and frameworks

· Assist with annual IT audits, assessments, and compliance reviews

· Review and investigate reported control deficiencies, identify root causes, and coordinate corrective actions with IT and business process owners

· Support ongoing compliance monitoring activities and maintain supporting documentation

IT Security Awareness & Training

· Develop, implement, and maintain IT security awareness and training programs for employees

· Promote awareness of cybersecurity best practices, phishing prevention, and compliance requirements

· Analyze training participation, phishing campaign results, and security trends to identify opportunities for improvement

Privacy Governance & Risk Management

· Support privacy governance initiatives and respond to privacy-related requests in accordance with applicable regulations, including OCPA and CPRA

· Assist in the development and maintenance of privacy governance frameworks and procedures

· Conduct risk assessments and vulnerability analyses related to systems, processes, and new business initiatives

· Collaborate with stakeholders to implement risk mitigation strategies

Policy Development & Documentation

· Assist in the creation, review, and maintenance of IT security policies, standards, and procedures

· Maintain accurate records of compliance activities, training participation, risk assessments, and audit documentation

· Prepare reports and summaries for management and audit purposes

Incident Response & Security Support

· Participate in incident response activities, including analysis of security incidents and recommendations for control improvements

· Support IT General Controls (ITGC) documentation and monitoring efforts

· Assist with identifying opportunities to improve security controls and governance processes

Cross-Functional Collaboration

· Partner with IT Product, Technical Services, IT Security, Finance & Accounting, Data, Legal, and Operations teams to support governance and compliance initiatives

· Coordinate with internal stakeholders and external vendors to ensure compliance and risk management objectives are met

· Support special projects and initiatives related to governance, compliance, and security

Continuous Improvement

· Stay current on industry trends, emerging technologies, cybersecurity risks, and regulatory changes

· Recommend enhancements to governance, compliance, and security awareness programs

· Support ongoing process improvement initiatives across the IT Governance & Compliance function, Work is primarily performed in an office or virtual environment, with occasional visits to stores or operational locations. Store environments may include moderate noise levels, temperature-controlled coolers or freezers, wet or slippery surfaces, and exposure to common food allergens or cleaning chemicals. Travel

Travel up to 10-20% may be required to support audits across Good Food Holdings banners.

Pay: $80,000.00 - $95,000.00 per year

Do you have a Bachelor's degree?, To perform this job successfully, the candidate must satisfactorily perform each essential duty.

The requirements below reflect the knowledge, skill, and ability expected for this role.

Reasonable accommodations may be made to enable individuals with disabilities to perform

the essential functions.

· Bachelor's degree in Information Technology, Cybersecurity, Business, Accounting, or related

· field preferred

· Minimum 2-5 years of experience in IT governance, IT audit, information security, compliance,

· or related fields

· Experience in retail, grocery, or multi-location environments preferred

· Understanding of IT security frameworks and standards such as NIST, ISO 27001, and ITIL

· Familiarity with PCI-DSS, SOX/KSOX, and applicable privacy regulations such as OCPA and CPRA

· Relevant certifications such as CISA, CISSP, CISM, or similar are a plus

Technical Skills

· Strong analytical, organizational, and problem-solving skills

· Ability to communicate complex information clearly and effectively

· Strong interpersonal skills with the ability to collaborate across all levels of the organization

· Ability to work independently while contributing effectively within a team environment

· Experience with Microsoft Office applications and reporting tools

· Familiarity with GRC, audit, or project management software preferred

· Ability to manage multiple priorities and deadlines in a fast-paced environment

Language Skills

Ability to read, analyze, and interpret technical procedures, regulatory guidance, audit documentation, and business correspondence. Ability to communicate effectively with technical and non-technical stakeholders.

Mathematical Skills

Ability to analyze data, metrics, trends, and reporting information related to compliance and security activities.

Reasoning Ability

Ability to apply critical thinking and sound judgment in evaluating risks, interpreting requirements, and resolving compliance and security-related issues.

Physical Demands

The physical demands described here are representative of those required to successfully perform the essential functions of the job. Reasonable accommodation may be made to enable individuals with disabilities to perform these functions.

This position primarily involves sitting and working at a computer, with occasional standing, walking, and light lifting (up to 25 pounds).

Pulled from the full job description

• 401(k)
• Health insurance
• Paid time off
• Employee discount
• Vision insurance
• Dental insurance
• Life insurance, * 401(k)
• Dental insurance
• Employee discount
• Flexible schedule
• Health insurance
• Life insurance
• Paid time off
• Vision insurance