Sr. Analyst, Technology Compliance

8901 - Corp Office West Crk - 12800 Tuckahoe Creek Parkway, Richmond, Virginia, 23238 Car Max, the way your career should be!

We are looking for a Senior Technology Compliance Analyst who will play a pivotal role in advancing our Compliance Program. This unique opportunity allows you to serve as a subject matter expert, collaborating with Technology management teams to design, evaluate and test internal controls for efficiency and effectiveness. In this role, you will monitor regulatory and technology changes, coordinate with internal and external auditors, and ensure compliance across the organization.

You will lead control reviews for new business areas , technologies, and evolving processes, identify gaps between policy and practice, and recommend remediation strategies.

• Develop and maintain a comprehensive framework for Technology Compliance, including validation, classification, and control testing across IT domains (e.g., PCI DSS, HIPAA, Data Privacy).

• Execute enterprise compliance governance frameworks, balancing risk appetite with business needs and translating findings into actionable steps.

• Lead compliance assessments and pre-implementation reviews to ensure proper controls are designed, implemented, and documented.

• Design, implement, and maintain enterprise-wide General IT Controls (GITCs) and compliance frameworks aligned with regulatory requirements (PCI DSS, SOX, HIPAA, Data Privacy, etc.).

• Develop and enforce processes and procedures to ensure adherence to company policies, laws, and industry standards (e.g., NIST, ITIL).

• Influence compliance strategy and direction within established standards and guidance.

• Act as a trusted advisor and subject matter expert on technology key controls, partnering to evaluate control effectiveness, identify risks, and support remediation efforts.

• Leverage technical experience to assist management in designing appropriate automation and system configurations to support the enforcement and collection of compliance-related evidence.

• Facilitate internal and external audits, and provide clear, timely communication of findings, recommendations, and remediation plans.

• Monitor and validate information security controls, analyze trends in control weaknesses, and recommend enhancements to meet evolving compliance standards.

• Collaborate cross-functionally while demonstrating ownership, initiative, and effective communication on compliance matters.

• Assess compliance exposure and deficiencies across internal and external systems, recommending effective solutions.

• Lead remediation and design review meetings, build consensus on compliance strategies, and influence direction across teams.

• Maintain awareness of emerging technology trends and evolving external regulations to proactively adapt compliance processes.

As a Senior Technology Compliance Analyst, you will play a pivotal role in strengthening our IT control environment by driving innovation, collaboration, and continuous improvement. You will work closely with product, technology, and compliance teams to design controls, assist with control execution, and perform testing and validation. This role is ideal for someone who thrives in a fast-paced environment, is passionate about technology and compliance, and embraces automation and data-driven insights to modernize practices.

Success in this role requires strong communication skills, attention to detail, a proactive mindset, and a commitment to delivering high-impact solutions that enhance operational resilience and ensure regulatory alignment.

• Bachelor's degree (or equivalent experience), with solid IT audit or compliance experience.

• Familiarity with Technology Compliance management industry frameworks and standards: NIST, OWASP, SANS, ISO-27001/2, SANS, and Cobit.

• 5+ years working experience with enterprise technology compliance management programs, or a auditing experience, controls testing, conducting ITGC and PCI assessments.

• Possession of industry certifications required: CISA and/or CISSP. Desired CRISC, CIA, CISM, PCI.

• Strong communication skills with the ability to clearly communicate through tailored messaging, organized presentations, and group facilitation.

• Strong technical skills with the ability to design IT controls and system functions that enforce or collect compliance evidence.

• Demonstrates expertise in mentoring colleagues on compliance principles and leads effective training and awareness programs.

• Demonstrates strong analytical, problem-solving, and organizational skills under pressure, with a commitment to world-class service, flexibility, and continuous improvement.

• Effective organization and time management skills with strong attention to detail.

Work Location and Arrangement:
This role will be based out of the Richmond, VA Technology Innovation Center. Associates based in Richmond work onsite 5 days per week.

Work Authorization:
Applicants must be currently…