IT Compliance Manager

Overview Please note this position is based in our Phoenix, AZ Support Office. The IT Compliance Manager is responsible for ensuring Sprouts’ IT systems, policies, and processes adhere to applicable legal, regulatory, and industry standards. This role owns IT compliance frameworks including PCI DSS, NIST CSF, and SOX, regulatory adherence, and continuous improvement across the organization.

The ideal candidate is self-directed, takes initiative to identify and resolve inefficiencies, and operates with confidence and accountability. This role serves as a cybersecurity culture champion, helping cultivate an empowered security culture where security awareness is integrated into the fabric of the organization and each team member is equipped to protect information assets. Overview of Responsibilities Team Leadership May lead/mentor compliance analysts.

Assign and prioritize workload across compliance initiatives, audits, and remediation efforts. Conduct performance evaluations and support professional growth and certification goals. Accountable for prioritization of compliance activities and delivery of audit milestones.

SOX Compliance (ITGC / IT-Dependent Controls) Own and continuously refine SOX IT control design, documentation, and operating cadence, including control narratives, evidence expectations, and control owner alignment. Coordinate SOX audit evidence collection, perform quality review, and provide gap analysis and status reporting to stakeholders. Drive deficiency and remediation management, including action plan tracking, validation of corrective actions, and audit readiness.

Proactively identify and resolve process inefficiencies in evidence collection and audit workflows. Deliver SOX evidence packages on time with minimal rework. PCI-DSS Compliance Coordinate PCI-DSS compliance activities including audit preparedness, evidence management, and cross-functional alignment to maintain PCI-DSS posture.

Maintain PCI-DSS program documentation (policies, standards, and procedures as applicable) and track compliance requirements across IT and security control owners. Drive PCI-DSS audit readiness and coordinate annual assessments with external QSAs and internal stakeholders. Policy Maintenance, Lifecycle, and Enforcement Own the information security policy lifecycle (draft, review, approval, publish, attestation, and exception handling) and ensure policies are maintained, communicated, and measurable.

Coordinate policy enforcement mechanisms with technical owners (standards, baselines, procedural controls, and compliance reporting) and maintain audit-ready documentation. Security Awareness and Phishing Simulation Program Ownership Own enterprise security awareness program strategy, annual plan, and compliance tracking, including completion rates, effectiveness measurement, targeted campaigns, and culture alignment. Own the phishing simulation and testing program, including scenario design cadence, targeting strategy, results reporting, and continuous improvement actions.

Audit and Compliance Program Operations Coordinate internal and external audits and assessments (SOX, PCI-DSS, NIST-aligned assessments, penetration tests, and targeted control audits), including evidence management and stakeholder coordination. Build and maintain compliance reporting (dashboards, metrics, KRIs/KPIs, issue tracking) to provide transparency into compliance status, risks, and remediation progress. Provide gap analysis between security policies, standards, regulations, and actual practices, processes, and solutions.

Recommend actions to management and track remediation. Partner with IT and business partners to prioritize and drive process improvements that remediate or mitigate control gaps and compliance findings. Change Governance / CAB Coordinate weekly CAB meetings and drive Change Control processes to ensure SOX and security control requirements are met, including documentation, evidence, and audit alignment with existing change control policy.

Incident Response Support Support incident response by advising on compliance and control impact, evidence retention, and audit trail requirements, in partnership with Security Operations. Qualifications Four-year degree or equivalent experience in a related field (e.g., Information Technology, Computer Science, Management Information Systems, or equivalent industry experience). 5+ years of experience in IT compliance, IT audit, or information security, with at least 1-2 years in a supervisory or lead capacity. Demonstrated working knowledge of PCI DSS, NIST CSF, and SOX requirements.

Hands-on experience with SOX ITGC testing, evidence coordination, and deficiency management. Experience developing and maintaining IT policies and procedures. Strong understanding of risk assessment methodologies and mitigation planning.

Experience with change management processes and CAB governance. Demonstrated ability to work independently, make confident decisions, and drive improvements without constant direction. Preferred Relevant certifications such as CISA or CRISC.

Experience in the retail or grocery industry. Experience with ServiceNow and KnowBe4. Experience managing security awareness and phishing simulation platforms.

Familiarity with GRC (Governance, Risk, and Compliance) platforms. Experience working with Big 4 or external audit firms, including coordinating walkthroughs and evidence requests. Competencies Communication: Convey information, ideas, and feedback clearly and concisely in an engaging manner that helps others understand and retain the message; listening actively to others.

Customer Focus: Place a high priority on the customer’s perspective when making decisions and taking action; implementing service practices that meet the customers'’ and own organization’s needs. Driving for Results: Set SMART goals and measure progress; tenaciously working to meet or exceed goals and making continuous improvement. Seeking innovative ways to solve problems that result in unique and differentiated solutions.

Positive Approach: Demonstrate a positive attitude in the face of difficult or challenging situations; provide an uplifting (yet realistic) outlook on what the future holds and the opportunities it might present. Coaching and Developing Others: Engaging team members and teams in developing and committing to individual development plans that target specific behaviors, skills, or knowledge needed to ensure performance improvement or prepare for success in new responsibilities; planning and supporting the development of individual skills and abilities. Benefits In addition to a rewarding career, Sprouts offers a comprehensive program to help support you and your family.

These programs include: Competitive pay Sick time plan that you can use to support you or your immediate families health Vacation accrual plan Opportunities for career growth 15% discount for you and one other family member in your household on all purchases made at Sprouts Flexible schedules Employee Assistance Program (EAP) (K) Retirement savings plan with a generous company match Company paid life insurance Contests and appreciation events throughout the year full of prizes, food and fun! Eligibility requirements may apply for the following benefits: Bonus based on company and/or individual performance Affordable benefit coverage, including medical, dental and vision Health Savings Account with company match Pre-tax Flexible Spending Accounts for healthcare and dependent care Company paid short-term disability coverage Paid parental leave for both mothers and fathers Paid holidays #J-18808-Ljbffr