Job Description

8901 - Corp Office West Crk - 12800 Tuckahoe Creek Parkway, Richmond, Virginia, 23238 CarMax, the way your career should be!

About this job

We are looking for a Senior Technology Compliance Analyst who will play a pivotal role in advancing our ComplianceProgram. This unique opportunity allows you to serve as a subject matter expert, collaborating with Technology management teams todesign,evaluate and test internal controls for efficiency and effectiveness. In this role, youwillmonitor regulatoryandtechnologychanges, coordinate with internal and external auditors, and ensure compliance across the organization. Youwilllead control reviews for new business areas,technologies, andevolving processes, identify gaps between policy and practice, and recommend remediation strategies.

What you will do – Essential Responsibilities

• Develop and maintain a comprehensive framework for Technology Compliance, including validation, classification, and control testing across IT domains (e.g., PCI DSS, HIPAA, Data Privacy).

• Execute enterprise compliance governance frameworks, balancing risk appetite with business needs and translating findings into actionable steps.

• Lead compliance assessments and pre-implementation reviews to ensure proper controls are designed, implemented, and documented.

• Design, implement, and maintain enterprise-wide General IT Controls (GITCs) and compliance frameworks aligned with regulatory requirements (PCI DSS, SOX, HIPAA, Data Privacy, etc.).

• Develop and enforce processes and procedures to ensure adherence to company policies, laws, and industry standards (e.g., NIST, ITIL).

• Influence compliance strategy and direction within established standards and guidance.

• Act as a trusted advisor and subject matter expert on technology key controls, partnering to evaluate control effectiveness,identifyrisks, and support remediation efforts.

• Leverage technical experience toassistmanagementin designingappropriate automationand systemconfigurations to support the enforcement and collection ofcompliance-relatedevidence.

• Facilitate internal and external audits, and provide clear, timely communication of findings, recommendations, and remediation plans.

• Monitor and validate information security controls, analyze trends in control weaknesses, and recommend enhancements to meet evolving compliance standards.

• Collaborate cross-functionally while demonstrating ownership, initiative, and effective communication on compliance matters.

• Execute enterprise compliance governance frameworks, balancing risk appetite with business needs and translating findings into actionable steps.

• Assess compliance exposure and deficiencies across internal and external systems, recommending effective solutions.

• Lead remediation and design review meetings, build consensus on compliance strategies, and influence direction across teams.

• Maintain awareness of emergingtechnologytrends and evolving external regulations to proactively adapt compliance processes.

Purpose of the role

As aSeniorTechnology Compliance Analyst, you will play apivotalrole in strengthening our IT control environment by driving innovation, collaboration, and continuous improvement. Youwillwork closely with product, technology, and compliance teams to design controls, assist with control execution, and perform testing and validation. This role is ideal for someone who thrives in a fast-paced environment, is passionate about technology and compliance, and embraces automation and data-driven insights to modernize practices. Success in this role requires strong communication skills, attention to detail, a proactive mindset, and a commitment to delivering high-impact solutions that enhance operational resilience and ensure regulatory alignment.

 Qualifications and Requirements

• Bachelor's degree(or equivalent experience),with solid IT audit or compliance experience.

• Familiarity withTechnology Compliance management industry frameworks and standards: NIST, OWASP, SANS, ISO-27001/2, SANS, andCobit

• 5+yearsworking experience with enterprise technology compliance management programs, orauditing experience, controls testing, conducting ITGC and PCI assessments

• Possession of industry certifications required: CISAand/orCISSP. Desired CRISC, CIA, CISM, PCI

• StrongCommunication skillswith the ability toclearlycommunicatethrough tailored messaging, organized presentations, and group facilitation.

• Strong technical skills with the ability to design IT controls and system functions that enforceor collect compliance evidence.

• Demonstratesexpertisein mentoring colleagues on compliance principles andleadseffective training and awareness programs.

• Demonstrates strong analytical, problem-solving, and organizational skills under pressure, with a commitment to world-class service, flexibility, and continuous improvement.

• Effectiveorganization and time management skillswithstrongattention to detail.

Work Location and Arrangement: This role will be based out of the Richmond, VA Technology Innovation Center. Associates based in Richmond work onsite 5 days per week.

Work Authorization: Applicants must be currently authorized to work in the United States on a full-time basis.

About CarMax

CarMax disrupted the auto industry by delivering the honest, transparent and high-integrity experience customers want and deserve. This innovative thinking around the way cars are bought and sold has helped us become the nation’s largest retailer of used cars, with over 200 locations nationwide.

Our amazing team of more than 25,000 associates work together to deliver iconic customer experiences. Along the way, we help every associate grow their career and achieve their best, at work and in their community. We are recognized for our commitment to training and diversity and are one of the FORTUNE 100 Best Companies to Work For®.

Our Commitment to Diversity and Inclusion:

CarMax is committed to bringing together people from different backgrounds and perspectives, providing employees with a safe, welcoming, and inclusive work environment.

CarMax is an equal opportunity employer, and all qualified candidates will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity, genetic information, national origin, protected veteran status, disability status, or any other characteristic protected by law.

Upon an applicant's request, CarMax will consider reasonable accommodation to complete the CarMax Job Application