✦ Luna Orbit — Legal & Compliance

Sr. Director, Governance, Risk, and Compliance (GRC)

at Nordstrom

📍 Seattle, WA Onsite 💰 $221K – $365K USD / year Posted April 17, 2026
Apply Now → ← Browse All Jobs

Position Details

Salary $221K – $365K USD / year
Type Full-Time
Experience executive
Exp. Years 10+ years
Education Not specified
Category Legal & Compliance

About this role

Nordstrom is hiring a Senior Director to build and mature an enterprise-wide Governance, Risk, and Compliance (GRC) function. The leader will partner with the CISO and executives across the company to translate cybersecurity and regulatory risk into clear insights, oversee audit readiness, and drive executive/Board reporting.

Key Responsibilities

  • Partner with the Chief Information Security Officer (CISO) to shape and execute the enterprise GRC strategy
  • Lead governance, risk, and compliance programs with regulatory rigor
  • Translate cybersecurity, regulatory, and enterprise risks into actionable executive insights
  • Oversee internal and external audit activities and ensure timely remediation
  • Drive executive and Boardlevel risk reporting through dashboards, metrics, and storytelling

Technical Overview

This is a GRC-focused leadership role centered on governance, risk, and compliance for cybersecurity, IT, third-party, and operational domains. The scope includes enterprise risk assessments, audit oversight and remediation, and evaluation of GRC tools and platforms to enable automation and scalable risk/compliance management.

Ideal Candidate

The ideal candidate is an executive-level GRC leader with 10+ years of progressive experience across governance, risk, compliance, information security, or enterprise risk management. They have partnered closely with a CISO to build and mature an enterprise-wide GRC function, translate complex cybersecurity and regulatory risks into executive-ready insights, and drive continuous audit readiness and remediation.

Must-Have Skills

10+ years of progressive experience in governanceriskcomplianceinformation securityor enterprise risk managementstrong executive presencedeep GRC expertisebuilding and maturing a modernenterprisewide GRC functionpartnering with the CISO to shape and execute a modernenterprisewide GRC strategyleading governanceriskand compliance programs with regulatory rigoroverseeing internal and external audit activities with timely remediationdriving executive and Boardlevel risk reporting through dashboards and metrics

Tools & Platforms

GRC toolsGRC platformsdashboardsmetrics

Required Skills

governanceriskcomplianceGovernanceRiskand Compliance (GRC)enterprise risk managementcybersecurity risk assessmentsthirdparty riskoperational riskinternal auditexternal auditrisk remediationregulatory requirementsdashboardsmetricsrisk appetiteBoardlevel risk reporting

Hard Skills

governanceriskcomplianceinformation securityenterprise risk managementcybersecurity risk assessmentsIT risk assessmentsthirdparty risk assessmentsoperational risk assessmentsinternal audit activitiesexternal audit activitiesrisk remediationexecutive and Boardlevel risk reportingdashboardsmetricsrisk appetite alignmentGRC tools and platforms evaluationGRC automationscalable risk managementscalable compliance managementregulatory requirements monitoringindustry trends monitoringenterprise-wide GRC strategyrisk governance operating rhythmsvendor relationships risk management

Soft Skills

executive presenceservice-oriented mindsetstakeholder managementcross-functional collaborationexecutive-ready communicationstorytellingleadershipmentoringaccountabilitypragmatisminfluencing without authorityprioritization

Industry & Role

Industry Retail
Job Function Lead and mature an enterprise-wide GRC program in partnership with the CISO and senior stakeholders.
Role Subtype Risk Analyst

Keywords for Your Resume

Sr. DirectorGovernanceRiskand Compliance (GRC)Senior Director of Governanceand ComplianceGRCChief Information Security OfficerCISOenterprise-wide GRCenterprise risk managementcybersecurity risk assessmentsthirdparty riskoperational riskinternal auditexternal auditrisk remediationregulatory requirementsrisk appetiteBoardlevel risk reportingdashboardsmetricsrisk management into strategyvendor relationshipsGRC toolsGRC automationcompliance management

Deal Breakers

Must have 10+ years of progressive experience in governance, risk, compliance, information security, or enterprise risk management, Must be based in Seattle (role is based in Seattle; direct reporting to CISO)

Apply for this Position →

Get matched to jobs like this

Luna finds roles that fit your skills and career goals — no endless scrolling required.

Create a Free Profile