HD Supply · 8 hours ago
Sr Mgr, Information Security
Atlanta, GA
Full-time
Onsite
Senior Level, Lead/Staff
8+ years expHD Supply is seeking a Senior Manager – Information Security Risk & Compliance who will be responsible for executing and operating the organization’s information security risk and compliance programs. This role involves performing risk assessments, managing compliance efforts, and leading a team while ensuring effective security controls and policies are in place.
ConstructionHardwareHome ImprovementIndustrial
Responsibilities
Perform and lead information security risk assessments across applications, infrastructure, cloud environments, and business processes
Maintain risk registers, document findings, assign remediation actions, and track closure
Conduct threat modeling and control gap analyses in collaboration with engineering and security teams
Perform and review third-party/vendor security risk assessments and questionnaires
Directly manage compliance efforts for frameworks and regulations such as ISO 27001, SOC 2, PCI DSS, SOX, GDPR, or HIPAA (as applicable)
Prepare audit evidence, coordinate walkthroughs, and respond to auditor and regulator requests
Execute control testing and validate control design and operating effectiveness
Track remediation plans and validate corrective actions
Draft, update, and maintain information security policies, standards, and procedures
Map technical and administrative controls to compliance requirements and business risks
Work hands-on with system owners to design and implement security controls
Administer and optimize GRC tools (e.g., Varonis, Lighbeam, Tenable, Auditboard etc)
Build risk dashboards, compliance metrics, and executive-level reporting
Automate evidence collection and control monitoring where possible
Work closely with IT, Cloud, DevOps, Security Operations, Legal, Privacy, and Internal Audit teams
Provide actionable security guidance during system design, cloud migrations, and vendor onboarding
Act as a subject matter expert for security risk and compliance inquiries
Lead by example with direct execution while mentoring junior risk and compliance staff
Review work products, provide hands-on coaching, and ensure quality and consistency
Support hiring and onboarding of risk and compliance team members as needed
Serves as an internal information security consultant to the organization
Effectively leads and or coordinates all internal dedicated security functions including but not limited to - patching, anti-virus, intrusion prevention, CERT response, log file monitoring, cross division security coordination, systems operational security testing, rule set analysis, threat detection and adaptation, as well as advent security related functions
Initiates activities to create information security awareness within the organization
Performs information security risk assessments, and acts as an internal auditor
Evaluates audit findings and drives remediation of identified control deficiencies
Reviews all system-related security planning throughout the network and acts as a liaison to information systems
Monitors compliance with information security policies and procedures, addressing problems with the appropriate department manager or data owner
Oversees the security policy to ensure appropriateness
Provides training and consultation to ensure understanding of and compliance with established security standards and controls
Manages the Computer Security Incident Response Plan
Manages the Risk Program including coordination and follow-up of the semi-annual risk assessment and development and implementation of business unit policies and standards
Manages the business unit's audits and examinations
Works with management to put controls in place needed to comply with SOX and PCI regulatory requirements
Qualification
Required
Bachelor's degree in Information Security, Computer Science, or related field
8–12+ years of experience in information security, risk, compliance, or IT audit roles
Strong hands-on experience with risk assessments, audits, and control testing
Practical working knowledge of NIST CSF, ISO 27001/27002, SOC 2, and cloud security controls
Ability to independently manage multiple assessments and audits end-to-end
Preferred
CISSP, CISM, CRISC, CISA, ISO 27001 Lead Implementer/Auditor, or equivalent
Company
HD Supply
HD Supply, a wholly owned subsidiary of The Home Depot, is a leading wholesale distribution company serving customers and their communities across the Multifamily, Institutional, Hospitality, Trades, Government Housing, Healthcare, Building Services and Education industries through an expansive network of over 100 distribution centers across the U.S.
10001+ employees
H1B Sponsorship
HD Supply has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (30)
2024 (7)
2023 (11)
2022 (26)
2021 (13)
2020 (13)
Funding
Current Stage
Public CompanyTotal Funding
unknown2020-11-16Acquired
2013-06-27IPO
Leadership Team
Marc Brown
Chief Executive Officer
Scott Bohrer
Chief Financial Officer
Recent News
2026-01-10
Company data provided by crunchbase