Our Opportunity:

Chewy is looking for a Senior IT Governance, Risk & Compliance (GRC) Analyst to join our Information Technology Team based in Boston, MA or Dania Beach, FL and the ideal candidate would be able to:

What you'll do:

• Oversee processes on development and maintenance of information security policies, standards, and procedures to address risk and security compliance requirements;
• Work with IT Leadership to support the execution of strategies and objectives in accordance with IT Compliance frameworks, guidelines and requirements;
• Advise and train IT process owners on best practices related to IT General Controls, IT security, remediation of any issues and deficiencies;
• Conduct risk assessments of information systems which includes creating asset profiles, evaluating threat likelihood and impact, and identifying mitigating controls to determine inherent and residual risk to systems;
• Help IT management to maintain an effective SOX control environment and ensure adequate controls are in place to mitigate risks;
• Support ongoing internal audit reviews to ensure all required documentation is provided
• Work with the IT Teams in the completion of the SOX certification for new systems and during significant upgrades/updates of existing systems;
• Monitor and test IT compliance metrics for SOX, PCI, Cybersecurity, and Privacy to ensure the program is meeting regulatory requirements and internal corporate goals and timelines;
• Lead the ongoing development, implementation, and enforcement of security awareness training programs, requirements and initiatives;
• Develop training, newsletters and other educational material that is engaging and promotes adoption of security & compliance best practices;
• Responsible for supporting Data Privacy activities including PCI and CCPA compliance.
• Review SSAE 18 and/or third-party assessments/reviews performed by external parties.

Must have(s):

• Sustainable knowledge of compliance requirements associated with SOX (ITGCs & ITACs), Cybersecurity and PCI;
• Extensive knowledge of general information security best practices and standards such as ISO 27000, COBIT 5, NIST SP 800 series, NIST CSF;
• Solid knowledge/experience in Software development life cycle, DevOps, networks, databases, operating systems, application controls and IT operations;
• General understanding of internal audit methodologies and processes;
• Work with Internal Audit, external auditors, IT management and staff to identify feasible implementation of controls and resolutions to manage weaknesses and create opportunities for improvement;
• Ability to create and maintain IT policies & procedures, management and executive level reports on effectiveness of IT governance controls and exceptions;
• Excellent interpersonal and presentation skills.
• Ability to perform assigned tasks and responsibilities with moderate supervision, which includes planning, executing and reporting on required compliance tasks within assigned timelines
• 5+ years of IT experience covering Internal or External IT audit, Risk Management, vulnerability management, data security, regulatory compliance, vendor management, incident response
• Bachelor’s Degree in Information Systems, Risk Management, Business Administration, or a related field
• At least one of the following certifications: CISA, CISM or CISSP

Nice to have(s):

• Prior experience in eCommerce or start-up organization
• Prior experience with implementing Service Now, GRC tool or ITSM solutions
• Prior experience in automating controls and control testing, data analytics and Agile methodology
• Prior experience in the following areas: risk management, internal or external IT audit, vulnerability management, data security, regulatory compliance, vendor management, incident response
• ITIL, PMP, Six Sigma certification a plus.

If you have a disability under the Americans with Disabilities Act or similar law, or you require a religious accommodation, and you wish to discuss potential accommodations related to applying for employment at our company, please contact [email protected].

To access Chewy’s Privacy Policy, which contains information regarding information collected from job applicants and how we use it, please click here: Chewy Privacy Policy (https://www.chewy.com/app/content/privacy).