About this job
We are looking for a Senior Technology Compliance Analyst who will play a pivotal role in advancing our Compliance Program. This unique opportunity allows you to serve as a subject matter expert, collaborating with Technology management teams to design, evaluate and test internal controls for efficiency and effectiveness. In this role, you will monitor regulatory and technology changes, coordinate with internal and external auditors, and ensure compliance across the organization. You will lead control reviews for new business areas, technologies, and evolving processes, identify gaps between policy and practice, and recommend remediation strategies.
What you will do – Essential Responsibilities
Develop and maintain a comprehensive framework for Technology Compliance, including validation, classification, and control testing across IT domains (e.g., PCI DSS, HIPAA, Data Privacy).
Execute enterprise compliance governance frameworks, balancing risk appetite with business needs and translating findings into actionable steps.
Lead compliance assessments and pre-implementation reviews to ensure proper controls are designed, implemented, and documented.
Design, implement, and maintain enterprise-wide General IT Controls (GITCs) and compliance frameworks aligned with regulatory requirements (PCI DSS, SOX, HIPAA, Data Privacy, etc.).
Develop and enforce processes and procedures to ensure adherence to company policies, laws, and industry standards (e.g., NIST, ITIL).
Influence compliance strategy and direction within established standards and guidance.
Act as a trusted advisor and subject matter expert on technology key controls, partnering to evaluate control effectiveness, identify risks, and support remediation efforts.
Leverage technical experience to assist management in designing appropriate automation and system configurations to support the enforcement and collection of compliance-related evidence.
Facilitate internal and external audits, and provide clear, timely communication of findings, recommendations, and remediation plans.
Monitor and validate information security controls, analyze trends in control weaknesses, and recommend enhancements to meet evolving compliance standards.
Collaborate cross-functionally while demonstrating ownership, initiative, and effective communication on compliance matters.
Execute enterprise compliance governance frameworks, balancing risk appetite with business needs and translating findings into actionable steps.
Assess compliance exposure and deficiencies across internal and external systems, recommending effective solutions.
Lead remediation and design review meetings, build consensus on compliance strategies, and influence direction across teams.
Maintain awareness of emerging technology trends and evolving external regulations to proactively adapt compliance processes.
Purpose of the role
As a Senior Technology Compliance Analyst, you will play a pivotal role in strengthening our IT control environment by driving innovation, collaboration, and continuous improvement. You will work closely with product, technology, and compliance teams to design controls, assist with control execution, and perform testing and validation. This role is ideal for someone who thrives in a fast-paced environment, is passionate about technology and compliance, and embraces automation and data-driven insights to modernize practices. Success in this role requires strong communication skills, attention to detail, a proactive mindset, and a commitment to delivering high-impact solutions that enhance operational resilience and ensure regulatory alignment.
Qualifications and Requirements
Bachelor's degree (or equivalent experience), with solid IT audit or compliance experience.
Familiarity with Technology Compliance management industry frameworks and standards: NIST, OWASP, SANS, ISO-27001/2, SANS, and Cobit
5+ years working experience with enterprise technology compliance management programs, or auditing experience, controls testing, conducting ITGC and PCI assessments
Possession of industry certifications required: CISA and/or CISSP. Desired CRISC, CIA, CISM, PCI
Strong Communication skills with the ability to clearly communicate through tailored messaging, organized presentations, and group facilitation.
Strong technical skills with the ability to design IT controls and system functions that enforce or collect compliance evidence.
Demonstrates expertise in mentoring colleagues on compliance principles and leads effective training and awareness programs.
Demonstrates strong analytical, problem-solving, and organizational skills under pressure, with a commitment to world-class service, flexibility, and continuous improvement.
Effective organization and time management skills with strong attention to detail.
Work Location and Arrangement: This role will be based out of the Richmond, VA Technology Innovation Center. Associates based in Richmond work onsite 5 days per week.
Work Authorization: Applicants must be currently authorized to work in the United States on a full-time basis.
About CarMax
CarMax disrupted the auto industry by delivering the honest, transparent and high-integrity experience customers want and deserve. This innovative thinking around the way cars are bought and sold has helped us become the nation’s largest retailer of used cars, with over 200 locations nationwide.
Our amazing team of more than 25,000 associates work together to deliver iconic customer experiences. Along the way, we help every associate grow their career and achieve their best, at work and in their community. We are recognized for our commitment to training and diversity and are one of the FORTUNE 100 Best Companies to Work For®.
Our Commitment to Diversity and Inclusion:
CarMax is committed to bringing together people from different backgrounds and perspectives, providing employees with a safe, welcoming, and inclusive work environment.
CarMax is an equal opportunity employer, and all qualified candidates will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity, genetic information, national origin, protected veteran status, disability status, or any other characteristic protected by law.
Upon an applicant's request, CarMax will consider reasonable accommodation to complete the CarMax Job Application.
Skills Required
- Bachelor's degree or equivalent experience
- 5+ years working experience with enterprise technology compliance management
- CISA and/or CISSP certifications
- Familiarity with NIST, OWASP, SANS, ISO-27001/2, Cobit
CarMax Compensation & Benefits Highlights
The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about CarMax and has not been reviewed or approved by CarMax.
-
Retirement Support — Retirement benefits appear robust, including a 401(k) with dollar-for-dollar matching up to the first 6% of base salary and immediate vesting. Stock purchase programs with a discount or match are positioned as an additional long-term wealth-building option.
-
Healthcare Strength — Health coverage is described as comprehensive, spanning medical, dental, vision, disability, and life insurance, with access beginning relatively early for eligible associates. Mental health resources and wellbeing programs are also present as part of the health offering.
-
Leave & Time Off Breadth — Time-off offerings are described as broad, including vacation, holidays, sick time, and paid leave related to new child placement or birth/adoption in addition to family medical leave options. The structure varies by role and tenure, but the overall menu is sizable.
CarMax Insights
What We Do
CarMax revolutionized the auto industry by delivering the honest, transparent and high-integrity car buying experience customers want and deserve. This disruptive thinking has helped us become the nation’s largest retailer of used cars with more than 200 stores nationwide. And thanks to our amazing team of nearly 25,000 associates, we have been recognized as one of the FORTUNE 100 Best Companies to Work For® - 16 years in a row! Committed to hiring people with strong values of integrity, transparency and respect, we offer unmatched training and support for associate career growth, and have been recognized as one of Training Magazine’s "Training Top 125" companies in America. We are also proud to be a best place to work for Veterans, and the #2 Best Workplace for Retail.
.png){kind=logo}
