Sr. Director, Governance, Risk, and Compliance (GRC)

JOB SUMMARY:

At Nordstrom, trust is foundational—to our customers, our employees, and our partners. The Senior Director of Governance, Risk, and Compliance (GRC) plays a critical role in protecting and enabling that trust by ensuring the company can innovate, grow, and serve customers securely and responsibly. This role is central to safeguarding the Nordstrom brand while supporting exceptional, frictionless customer experiences across an omni‑channel business.

The Senior Director of GRC is a highly visible leader responsible for building and maturing a modern, enterprise‑wide GRC function. This leader ensures governance, risk, and compliance are not barriers to progress, but strategic enablers of secure growth, digital transformation, and operational excellence.

Partnering closely with the CISO and senior leaders across Technology, Legal, Finance, HR, and the business, this role translates complex cybersecurity, regulatory, and enterprise risks into clear, actionable insights that inform executive decision‑making. Success requires strong executive presence, deep GRC expertise, and a service‑oriented mindset—balancing rigor with pragmatism in a customer‑facing environment where brand reputation and trust matter every day.

The role is based in Seattle reporting directly to the Chief Information Security Officer.

A Day in the Life…

• Partner closely with the Chief Information Security Officer (CISO) to shape and execute a modern, enterprise‑wide GRC strategy aligned to business priorities and risk appetite
• Lead governance, risk, and compliance programs that enable secure growth while maintaining regulatory rigor across a complex, customer‑facing organization
• Translate cybersecurity, regulatory, and enterprise risk into clear, actionable insights for executive leadership and senior stakeholders
• Review and guide enterprise risk assessments across cyber, IT, third‑party, and operational domains, ensuring risks are understood, prioritized, and actively managed
• Oversee internal and external audit activities, ensuring strong coordination, timely remediation, and continuous readiness rather than point‑in‑time compliance
• Drive executive‑ and Board‑level risk reporting through dashboards, metrics, and storytelling that inform decision‑making
• Partner daily with Legal, Technology, Finance, HR, and business leaders to embed risk management into strategy, transformation initiatives, and vendor relationships
• Lead and develop a high‑performing GRC organization, setting clear priorities, accountability, and operating rhythms
• Evaluate and optimize GRC tools and platforms, advancing automation and scalable risk and compliance management
• Stay ahead of emerging regulatory requirements, industry trends, and best practices, advising the CISO on implications and recommended actions

You Own This if You Have…

• 10+ years of progressive experience in governance, risk, compliance, information security, or enterprise risk management, including 5+ years in senior leadership roles
• Proven success building, scaling, or transforming enterprise GRC programs in complex, regulated environments
• Strong executive presence with the ability to influence senior leaders and translate risk into business‑relevant outcomes
• Deep expertise across cybersecurity risk, IT risk, enterprise risk, third‑party risk, and regulatory compliance frameworks
• Demonstrated experience partnering closely with a CISO and security leadership to align risk, compliance, and security strategy
• A track record of advancing compliance from point‑in‑time audits to continuous readiness and control optimization
• Experience developing executive‑level dashboards, metrics, and reporting for senior leadership, audit committees, or Boards
• Strong cross‑functional leadership skills, with the ability to align Legal, Technology, Finance, HR, and business teams around shared risk ownership
• Familiarity with leading GRC platforms and automation tools (e.g., ServiceNow GRC, Archer, OneTrust)
• Excellent written and verbal communication skills, with the judgment to operate effectively in high‑impact, ambiguous situations

We’ve got you covered…

Our employees are our most important asset and that’s reflected in our benefits. Nordstrom is proud to offer a variety of benefits to support employees and their families, including:

• Medical/Vision, Dental, Retirement and Paid Time Away

• Life Insurance and Disability

• Merchandise Discount and EAP Resources

A few more important points...

The job posting highlights the most critical responsibilities and requirements of the job. It’s not all-inclusive. There may be additional duties, responsibilities and qualifications for this job.

For Los Angeles or San Francisco applicants: Nordstrom is required to inform you that we conduct background checks after conditional offer and consider qualified applicants with criminal histories in a manner consistent with legal requirements per Los Angeles, Cal. Muni. Code 189.04 and the San Francisco Fair Chance Ordinance. For additional state and location specific notices, please refer to the Legal Notices document within the FAQ section of the Nordstrom Careers site.

Applicants with disabilities who require assistance or accommodation should contact the nearest Nordstrom location, which can be identified at www.nordstrom.com. 

Please be mindful that there may be legal notices and requirements related to this job posting that are specific to your state. Review the Career Site FAQ’s for relevant information and guidelines.

© 2022 Nordstrom, Inc  

Current Nordstrom employees: To apply, log into Workday, click the Careers button and then click Find Jobs.

Nordstrom keeps job postings open for at least one day after the posting date.

Pay Range Details

The pay range(s) below has been provided in compliance with state specific laws. Pay ranges may be different for other locations. 
Pay offers are dependent on the location, as well as job-related knowledge, skills, and experience.