Manager of IT Risk and Compliance

REEDS Jewelers

Wilmington, NC

JOB DETAILS
SKILLS
Americans with Disabilities Act (ADA), Artificial Intelligence (AI), Bank Secrecy Act, Banking Services, Business Administration, CISA - Certified Information Systems Auditor, CISM - Certified Information Security Manager, CISSP - Certified Information Systems Security Professional, Computer Science, Computer Security, Consumer Regulations, Corporate Governance, Corporate Policies, Customer Relations, Customer Support/Service, ERP (Enterprise Resource Planning), Enterprise Protection, External Audit, Finance, Financial Fraud, Financial Regulations, Financial Systems, Financial Transactions, Fraud Investigation, IBM AS-400 Server, ISO (International Organization for Standardization), IT Governance, IT Procurement, Identify Issues, Industry Standards, Information Technology & Information Systems, Information Technology/Systems Audit, Information/Data Security (InfoSec), Internal Audit, Internet Security, Leadership, Logistics, Maintain Compliance, Management of Information Systems/Technology (MIS), Money Laundering, Online Marketing, PCI-DSS, Point of Sale (POS) Systems, Privacy Regulations, Procurement Management, Product Lifecycle, Regulatory Compliance, Retail, Retail Channel, Risk, Risk Analysis, Risk Management, Sales, Sarbanes-Oxley Act (SOX), Security Monitoring, Software as a Service (SaaS), Supply Chain, Technical Leadership, U.S. National Institute of Standards and Technology (NIST), Underwriting, Vendor/Supplier Evaluation, eCommerce, eCommerce Sales
LOCATION
Wilmington, NC
POSTED
1 day ago

Luxury. Innovation. Opportunity.

At REEDS Jewelers, we bring together the timeless values with the energy and innovation of a modern luxury retailer. For 80 years, we’ve built a legacy of trust, exceptional customer service, and curated fine jewelry- offering our clients an elevated experience both in-store and online. We believe every milestone deserves to be marked with elegance, and every moment honored with meaning. As one of the nation’s largest family-owned jewelers, we are proud to pair a rich legacy with a modern vision for the future of luxury retail. 

What sets REEDS apart is our unwavering commitment to people and progress. We stay true to our roots while constantly evolving, embracing new technology, premium brands, and forward-thinking practices to lead in the world of luxury retail. Here, you’ll find more than a job, you’ll find a career with purpose, growth, and lasting impact. 

Overview

The Manager of IT Risk and Compliance will design, implement, and oversee the enterprise-wide IT governance, procurement, risk management, and compliance (GRC) framework for REEDS Jewelers. This strategic leader will ensure that our retail stores, corporate infrastructure, and e-commerce platform are secure, resilient, and fully compliant with all applicable regulatory, financial, and industry standards.

Additionally, this role serves as a critical point of escalation for specialized financial intelligence. The Director will independently investigate, troubleshoot, and formally file Suspicious Activity Reports (SARs) to mitigate risks associated with multi-channel point-of-sale fraud, e-commerce identity theft, credit underwriting anomalies, and anti-money laundering (AML) compliance.

Key Responsibilities

1. Financial Intelligence, Fraud Investigation & SAR Filing

  • Incident Investigation: Lead technical forensic investigations into complex corporate fraud including:  e-commerce account takeovers, gift card manipulation, and anomalous transactional behaviors across point-of-sale (POS) and omni-channel credit integrations.
  • SAR Management & Filing: Own the end-to-end process of troubleshooting suspicious patterns, compiling narrative reports, and formally filing Suspicious Activity Reports (SARs) with the Financial Crimes Enforcement Network (FinCEN) in strict compliance with Bank Secrecy Act (BSA) rules for luxury retailers.
  • Executive Briefings: Provide the CIO and executive leadership with confidential intelligence briefs regarding internal or external fraud investigations, exposure assessments, and structural vulnerabilities.

2. Regulatory & Industry Compliance

  • PCI-DSS Management: Own end-to-end compliance for PCI-DSS across all digital checkout touchpoints, POS systems, and multi-channel payment integrations.
  • Financial & Corporate Governance: Manage and test IT General Controls (ITGC) to support Sarbanes-Oxley (SOX) audit readiness, ensuring tight segregation of duties (SoD) across financial and inventory systems (e.g., enterprise ERP and legacy AS400 databases).
  • Data Privacy & AML Regulations: Monitor and enforce compliance with data privacy frameworks (including CCPA/CPRA) and specialized AML regulations impacting loyalty databases, high-value cash/financing transactions, and digital marketing.

3. Risk Management & Third-Party Governance

  • IT Enterprise Risk Register: Maintain and update the IT risk register, translating technical security findings and transaction fraud vectors into quantifiable business risks.
  • Technology Vendor Risk Management (VRM): Architect and execute a robust third-party risk assessment program for SaaS providers, financial partners, supply chain logistics, and AI/analytics vendors.

4. IT Audit Coordination & Policy Lifecycle

  • IT Audit Liaison: Act as the primary point of contact for internal and external IT auditors, coordinating evidence collection and owning the tracking and remediation of all audit findings.
  • IT Policy Enforcement: Develop, update, and manage the lifecycle of corporate information security policies aligned with the NIST Cybersecurity Framework or ISO 27001.

Requirements

Required Qualifications & Experience

  • Experience: 3 to 5 years of progressive experience in IT audit, information security governance, or IT risk management.
  • Industry Background: Proven experience in a multi-channel retail, e-commerce, banking, or consumer-facing environment with heavy transactional volumes.
  • Framework Expertise: Deep working knowledge of American Disabilities Act (ADA), Data Protection Compliance, PCI-DSS, SOX, and consumer privacy laws.
  • Education: Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, Business Administration, or a related field.

Mandated Professional Certifications

Candidates must possess at least two of the following certifications. Given the expanded investigative mandate, a combination of a technical security certification and a fraud/investigative certification is highly preferred:

  • CISA (Certified Information Systems Auditor): Highly valued for leading internal audit readiness and ITGC/SOX evaluations.
  • CISM (Certified Information Security Manager) or CISSP (Certified Information Systems Security Professional): Required to demonstrate elite capability in managing enterprise security governance and risk.
  • CRISC (Certified in Risk and Information Systems Control): Preferred for candidates specializing in designing and executing enterprise-level IT risk registers.

Benefits

REEDS Jewelers offers a comprehensive compensation program, merchandise discounts, 401(k), and paid time off. Full-time team members are also eligible for our benefits program including health/dental/life/LTD insurance, and more!

REEDS Jewelers is an Equal Opportunity Employer. We value the diversity of our team, and employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law. REEDS provides a smoke and drug-free environment.

About the Company

R

REEDS Jewelers