Lead IT 3rd Party Risk and Compliance

Carter’s, Inc. is the largest branded marketer in North America of apparel exclusively for babies and young children. The Company owns the Carter’s and OshKosh B’gosh brands, two of the most recognized brands in the marketplace. These brands are sold in leading department stores, national chains, and specialty retailers domestically and internationally. They are also sold through more than 1,000 Company-operated stores in the United States, Canada, and Mexico and online at www.carters.com, www.oshkosh.com, www.cartersoshkosh.ca, and www.carters.com.mx. The Company’s Child of Mine brand is available at Walmart, its Just One You brand is available at Target, and its Simple Joys brand is available on Amazon. The Company also owns Skip Hop, a global lifestyle brand for families with young children. Carter’s is headquartered in Atlanta, Georgia. Additional information may be found at www.carters.com.

Baby Clothing, Kids Clothes, Toddler Clothes | Carter's

Shop for baby clothing, baby necessities and essentials at Carters.com,  the most trusted name in baby, kids, and toddler clothing. Shop our selection of cute baby & kids clothing.

How You’ll Make an Impact:

  This role will be expected to assist with the implementation of leading security and governance practices, procedures, and controls to protect Carter’s information assets and ensure compliance with applicable regulatory requirements.

This role typically reports to the Director, IT Risk, Governance, and Compliance, and is based in our Buckhead office in our hybrid work environment.

IT Compliance (3rd Party Risk Management (80%)

• Responsible for independently building/ creating Carter’s IT 3rd Party Risk Management program that partially exist

• Responsible for leading the implementation of the IT 3rd Party Risk Management program for all of CRI.

• Partner and support the Director of IT Risk and Compliance with the selection of 3rd Party Risk Management Framework

• High level of professional written and verbal communication is needed in this role. This role is responsible for partnering with every LT member and their team that owns any vendor relationships and providing strong recommendations on how to handle vendor management within the Carter’s. Role needs to be able to explain the business case and collaborate effectively with multiple challenging high-level stakeholders.

• Responsible for preparing and reporting IT 3rd Party Risk Management status and key metrics to Executive Management.

• Responsible for analyzing all vendors to determine Carter’s Tier 1 through Tier 3 vendors and implementing a cycle for periodic reviews

• Evaluates and updates IT security policies, procedures, and standards to ensure alignment with applicable security control requirements

• Assist the VP of Procurement to build out the vendor management global program for Carter’s

• Review guidelines related to IT 3rd party risk management, and coordinate with various teams to ensure compliance with requirements

• Manage and upkeep of data maps process i.e., workflows within One Trust that handle IT 3rd party vendor management data

• Monitoring and management 3rd party vendor investigation as appropriate including collaborating with business partners who own the vendor relationship

• Coordination of IT 3rd party vendor management external systems in support of internal groups

• Assist with other IT 3rd party vendor management compliance needs for Carter’s

IT Risk Management (20%)

• Assists with the execution of IT security risk assessments against industry leading security controls frameworks

• Regularly updates metrics and analysis to track remediation progress and demonstration of control maturity and effectiveness

• Evaluates the adequacy and effectiveness of safeguards protecting sensitive Company information

• Assist with the Cyber Security semiannual review process

We’d Love to hear from you if: (Requirements section)

Must have:

• Reference top three skills

Preferred skills and experience:

• Bachelor’s degree is required, technical degree is preferred

• Professional certification (CISA, CISM, CGEIT, CRISC or similar)

• Prefer 5+ years of experience related to building and implementing IT 3rd party risk management programs 

• Experience implementing 3rd party risk management plans

• The ability to think critically, assess and quantify technology risk, document complex processes, and collaborate effectively with cross-functional stakeholders is required

• As needed, independently researches 3rd party risk management related assignments

• Assists with special projects and risk mitigation objectives

OUR Team Members:

• Lead Courageously: Have a strong sense of personal values that align with our Company values

• Collaborates Broadly: Build cooperation, trust, and thrive in a consensus driven environment

• Customer Focus: Proactively seek opportunities to leverage data and fact-based insights to serve customers and/or internal clients

• Drive Growth: Set aggressive goals and implement plans precisely

• Cultivates Innovation:  Respectfully challenge the "we’ve always done it this way" mentality and explore new ways to achieve desired outcomes

Make a career at Carter’s:

• Career Development: Success starts from within, and we have several paths from which you can choose to enhance your career evolution. From Carter’s University to Toastmasters to mentorship programs and more, we encourage you to utilize these tools to elevate your professional prowess.

NOTE:  This job description is not intended to be all-inclusive. The duties described may be changed or reassigned at the discretion of management, and the employee may be required to perform duties that are not listed in the job description.

Carters is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity, sexual orientation, national origin, genetics, disability, age, veteran status, or any other status protected by federal, state, or local law.