Associate Manager, IT Compliance

Summary

Join Warby Parker's growing team as an Associate Manager, IT Compliance, focusing on Identity & Access Management. You will lead SOX access and change management reviews, support PCI, NIST, and HIPAA assessments, and ensure audit readiness. Collaborate with Tech Services and act as the main point of contact with GRC, Internal Audit, and External Audit. Manage IT General Controls (ITGCs), prepare compliance responses, maintain documentation, translate regulatory requirements into technical controls, track compliance status, partner with IT teams, and contribute to continuous improvement efforts. Shape the future of IT compliance at Warby Parker by developing long-term strategies and scalable practices. This role requires strong organizational and communication skills and a deep understanding of relevant regulatory frameworks.

Requirements

• Backed by 3+ years of experience in IT compliance, IT audits, or GRC within a technical or enterprise environment
• Equipped with a working knowledge of regulatory frameworks such as SOX, HIPAA, PCI DSS, CCPA, and NIST
• Familiar with ITGCs, particularly around access controls, change management, and operations
• Highly organized and detail-oriented—able to manage audits and evidence with precision
• Skilled at translating technical details into clear, actionable documentation
• A confident communicator who can work across teams and levels of technical knowledge
• Eager to take ownership, grow within a scaling organization, and help shape the future of IT compliance at Warby Parker

Responsibilities

• Act as the primary liaison between the Tech Services team and GRC, Internal Audit, and External Audit groups
• Manage IT General Controls (ITGCs) assigned to Tech Services, ensuring they are designed, implemented, and executed effectively
• Prepare and coordinate responses for SOX user access and change management reviews, including evidence collection and documentation
• Support compliance efforts for PCI DSS (including the annual AOC process) and HIPAA risk assessments
• Maintain accurate and up-to-date documentation of IT controls, procedures, and remediation efforts
• Translate compliance and regulatory requirements into actionable technical controls and workflows
• Track and report on the status of compliance activities, findings, and remediation within Tech Services
• Partner with IT Engineering and Security teams to align on compliance priorities and timelines
• Contribute to continuous improvement efforts that strengthen audit readiness, automation, and risk mitigation
• Participate in the development of long-term compliance strategies and help to define scalable practices as the function grows

Preferred Qualifications

• Experience with identity providers, ITSM platforms, access provisioning, or authentication systems
• Compliance-related certificates such as CISA, Security +, CISSP, etc

Benefits

• Health, vision, and dental insurance
• Life and AD&D Insurance
• Flexible vacation policy
• Paid Holidays
• Retirement savings plan with a company match
• Parental leave (non-birthing parents included)
• Short-term disability
• Employee Assistance Program (EAP)
• Bereavement Support
• Education Reimbursement
• Free eyewear