About this job
We are looking for a Senior Technology Compliance Analyst who will play a pivotal role in advancing our Compliance Program. This unique opportunity allows you to serve as a subject matter expert, collaborating with Technology management teams to design, evaluate and test internal controls for efficiency and effectiveness. In this role, you will monitor regulatory and technology changes, coordinate with internal and external auditors, and ensure compliance across the organization. You will lead control reviews for new business areas, technologies, and evolving processes, identify gaps between policy and practice, and recommend remediation strategies.
What you will do – Essential Responsibilities
Develop and maintain a comprehensive framework for Technology Compliance, including validation, classification, and control testing across IT domains (e.g., PCI DSS, HIPAA, Data Privacy).
Execute enterprise compliance governance frameworks, balancing risk appetite with business needs and translating findings into actionable steps.
Lead compliance assessments and pre-implementation reviews to ensure proper controls are designed, implemented, and documented.
Design, implement, and maintain enterprise-wide General IT Controls (GITCs) and compliance frameworks aligned with regulatory requirements (PCI DSS, SOX, HIPAA, Data Privacy, etc.).
Develop and enforce processes and procedures to ensure adherence to company policies, laws, and industry standards (e.g., NIST, ITIL).
Influence compliance strategy and direction within established standards and guidance.
Act as a trusted advisor and subject matter expert on technology key controls, partnering to evaluate control effectiveness, identify risks, and support remediation efforts.
Leverage technical experience to assist management in designing appropriate automation and system configurations to support the enforcement and collection of compliance-related evidence.
Facilitate internal and external audits, and provide clear, timely communication of findings, recommendations, and remediation plans.
Monitor and validate information security controls, analyze trends in control weaknesses, and recommend enhancements to meet evolving compliance standards.
Collaborate cross-functionally while demonstrating ownership, initiative, and effective communication on compliance matters.
Execute enterprise compliance governance frameworks, balancing risk appetite with business needs and translating findings into actionable steps.
Assess compliance exposure and deficiencies across internal and external systems, recommending effective solutions.
Lead remediation and design review meetings, build consensus on compliance strategies, and influence direction across teams.
Maintain awareness of emerging technology trends and evolving external regulations to proactively adapt compliance processes.
Purpose of the role
As a Senior Technology Compliance Analyst, you will play a pivotal role in strengthening our IT control environment by driving innovation, collaboration, and continuous improvement. You will work closely with product, technology, and compliance teams to design controls, assist with control execution, and perform testing and validation. This role is ideal for someone who thrives in a fast-paced environment, is passionate about technology and compliance, and embraces automation and data-driven insights to modernize practices. Success in this role requires strong communication skills, attention to detail, a proactive mindset, and a commitment to delivering high-impact solutions that enhance operational resilience and ensure regulatory alignment.
Qualifications and Requirements
Bachelor's degree (or equivalent experience), with solid IT audit or compliance experience.
Familiarity with Technology Compliance management industry frameworks and standards: NIST, OWASP, SANS, ISO-27001/2, SANS, and Cobit
5+ years working experience with enterprise technology compliance management programs, or auditing experience, controls testing, conducting ITGC and PCI assessments
Possession of industry certifications required: CISA and/or CISSP. Desired CRISC, CIA, CISM, PCI
Strong Communication skills with the ability to clearly communicate through tailored messaging, organized presentations, and group facilitation.
Strong technical skills with the ability to design IT controls and system functions that enforce or collect compliance evidence.
Demonstrates expertise in mentoring colleagues on compliance principles and leads effective training and awareness programs.
Demonstrates strong analytical, problem-solving, and organizational skills under pressure, with a commitment to world-class service, flexibility, and continuous improvement.
Effective organization and time management skills with strong attention to detail.
Work Location and Arrangement: This role will be based out of the Richmond, VA Technology Innovation Center. Associates based in Richmond work onsite 5 days per week.
Work Authorization: Applicants must be currently authorized to work in the United States on a full-time basis.
About CarMax
CarMax disrupted the auto industry by delivering the honest, transparent and high-integrity experience customers want and deserve. This innovative thinking around the way cars are bought and sold has helped us become the nation’s largest retailer of used cars, with over 200 locations nationwide.
Our amazing team of more than 25,000 associates work together to deliver iconic customer experiences. Along the way, we help every associate grow their career and achieve their best, at work and in their community. We are recognized for our commitment to training and diversity and are one of the FORTUNE 100 Best Companies to Work For®.
Our Commitment to Diversity and Inclusion:
CarMax is committed to bringing together people from different backgrounds and perspectives, providing employees with a safe, welcoming, and inclusive work environment.
CarMax is an equal opportunity employer, and all qualified candidates will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity, genetic information, national origin, protected veteran status, disability status, or any other characteristic protected by law.
Upon an applicant's request, CarMax will consider reasonable accommodation to complete the CarMax Job Application.