Chewy is looking for a Senior IT Governance, Risk & Compliance (GRC) Analyst to join our Information Technology Team based in Boston, MA or Dania Beach, FL and the ideal candidate would be able to:
What you'll do:
- Oversee processes on development and maintenance of information security policies, standards, and procedures to address risk and security compliance requirements;
- Work with IT Leadership to support the execution of strategies and objectives in accordance with IT Compliance frameworks, guidelines and requirements;
- Advise and train IT process owners on best practices related to IT General Controls, IT security, remediation of any issues and deficiencies;
- Conduct risk assessments of information systems which includes creating asset profiles, evaluating threat likelihood and impact, and identifying mitigating controls to determine inherent and residual risk to systems;
- Help IT management to maintain an effective SOX control environment and ensure adequate controls are in place to mitigate risks;
- Support ongoing internal audit reviews to ensure all required documentation is provided
- Work with the IT Teams in the completion of the SOX certification for new systems and during significant upgrades/updates of existing systems;
- Monitor and test IT compliance metrics for SOX, PCI, Cybersecurity, and Privacy to ensure the program is meeting regulatory requirements and internal corporate goals and timelines;
- Lead the ongoing development, implementation, and enforcement of security awareness training programs, requirements and initiatives;
- Develop training, newsletters and other educational material that is engaging and promotes adoption of security & compliance best practices;
- Responsible for supporting Data Privacy activities including PCI and CCPA compliance.
- Review SSAE 18 and/or third-party assessments/reviews performed by external parties.
- Sustainable knowledge of compliance requirements associated with SOX (ITGCs & ITACs), Cybersecurity and PCI;
- Extensive knowledge of general information security best practices and standards such as ISO 27000, COBIT 5, NIST SP 800 series, NIST CSF;
- Solid knowledge/experience in Software development life cycle, DevOps, networks, databases, operating systems, application controls and IT operations;
- General understanding of internal audit methodologies and processes;
- Work with Internal Audit, external auditors, IT management and staff to identify feasible implementation of controls and resolutions to manage weaknesses and create opportunities for improvement;
- Ability to create and maintain IT policies & procedures, management and executive level reports on effectiveness of IT governance controls and exceptions;
- Excellent interpersonal and presentation skills.
- Ability to perform assigned tasks and responsibilities with moderate supervision, which includes planning, executing and reporting on required compliance tasks within assigned timelines
- 5+ years of IT experience covering Internal or External IT audit, Risk Management, vulnerability management, data security, regulatory compliance, vendor management, incident response
- Bachelor’s Degree in Information Systems, Risk Management, Business Administration, or a related field
- At least one of the following certifications: CISA, CISM or CISSP
Nice to have(s):
- Prior experience in eCommerce or start-up organization
- Prior experience with implementing Service Now, GRC tool or ITSM solutions
- Prior experience in automating controls and control testing, data analytics and Agile methodology
- Prior experience in the following areas: risk management, internal or external IT audit, vulnerability management, data security, regulatory compliance, vendor management, incident response
- ITIL, PMP, Six Sigma certification a plus.
If you have a disability under the Americans with Disabilities Act or similar law, or you require a religious accommodation, and you wish to discuss potential accommodations related to applying for employment at our company, please contact [email protected]