This is a Seattle based opportunity .

We are seeking an experienced and strategic Senior Director of Governance, Risk, and Compliance (GRC) to lead and mature our enterprise GRC function. This role will be responsible for developing and implementing an integrated framework that aligns security, privacy, regulatory, and risk management initiatives across the organization. The ideal candidate is a collaborative leader with deep domain expertise in information security, regulatory compliance, risk governance, and cross-functional stakeholder engagement.

• Develop and maintain a comprehensive GRC strategy and roadmap aligned with business objectives and risk appetite.
• Lead the creation and enforcement of policies, standards, and frameworks for information security, privacy, and compliance.
• Serve as a key advisor to executive leadership on governance best practices, regulatory developments, and risk posture.

• Oversee the IT and Cyber risk management process, including identification, assessment, mitigation, and monitoring of risks.
• Develop and operationalize risk reporting metrics and dashboards to support data-driven decision-making at the executive and board levels.
• Integrate risk management into strategic planning, business operations, and third-party engagements.

• Ensure ongoing compliance with regulatory and industry frameworks (e.g., SOX, HIPAA, GDPR, CCPA, PCI-DSS, ISO 27001, NIST CSF).
• Lead internal and external audit activities, including coordination, evidence gathering, and remediation tracking.
• Maintain compliance readiness through continuous control monitoring and process improvements.

• Build, mentor, and lead a high-performing GRC team across disciplines (e.g., compliance, risk, audit, third-party risk).
• Partner with Legal, IT, Finance, HR, and business units to align GRC efforts and ensure integrated risk management.
• Manage GRC-related tools, vendors, and platforms (e.g., Archer, ServiceNow GRC, OneTrust).

Qualifications

• Bachelors degree in Information Security, Risk Management, Business, Law, or a related field; Masters degree or MBA preferred.
• 10+ years of progressive experience in GRC, information security, enterprise risk, or compliance, including 5+ years in a leadership role.
• Strong knowledge of regulatory frameworks, audit processes, risk methodologies, and control design.
• Proven success in building or transforming a GRC program in a complex, global environment.
• Exceptional leadership, strategic thinking, and communication skills.

• Relevant industry certifications (e.g., CISA, CRISC, CISSP, CISM, CGEIT, CPA).
• Experience working in regulated industries such as financial services, healthcare, or technology.
• Familiarity with GRC platforms and automation tools.
• Experience presenting to executive leadership, audit committees, or boards of directors.

Weve got you covered

Our employees are our most important asset and thats reflected in our benefits.Nordstrom is proud to offer a variety of benefits to support employees and their families, including:

• Medical/Vision, Dental, Retirement and Paid Time Away
• Life Insurance and Disability
• Merchandise Discount and EAP Resources

A few more important points...

The job posting highlights the most critical responsibilities and requirements of the job. Its not all-inclusive. There may be additional duties, responsibilities and qualifications for this job.

Nordstrom conducts background checks and considers qualified applicants with criminal histories in a manner consistent with all legal requirements.

Applicants with disabilities who require assistance or accommodation should contact the nearest Nordstrom location, which can be identified at .

Please be mindful that there may be legal notices and requirements related to this job posting that are specific to your state. Review the Career Site FAQs for relevant information and guidelines.

2022Nordstrom, Inc

Current Nordstrom employees: To apply, log into Workday, click the Careers button and then click Find Jobs.

Pay Range Details

The pay range(s) below has been provided in compliance with state specific laws. Pay ranges may be different for other locations.
Pay offers are dependent on the location, as well as job-related knowledge, skills, and experience.