: Sr IT Compliance Analyst

Our Opportunity:

Chewy is looking for a Senior IT Governance, Risk & Compliance (GRC) Analyst to join our Information Technology Team based in Boston, MA or Dania Beach, FL and the ideal candidate would be able to:

What you'll do:

  • Oversee processes on development and maintenance of information security policies, standards, and procedures to address risk and security compliance requirements;
  • Work with IT Leadership to support the execution of strategies and objectives in accordance with IT Compliance frameworks, guidelines and requirements;
  • Advise and train IT process owners on best practices related to IT General Controls, IT security, remediation of any issues and deficiencies;
  • Conduct risk assessments of information systems which includes creating asset profiles, evaluating threat likelihood and impact, and identifying mitigating controls to determine inherent and residual risk to systems;
  • Help IT management to maintain an effective SOX control environment and ensure adequate controls are in place to mitigate risks;
  • Support ongoing internal audit reviews to ensure all required documentation is provided
  • Work with the IT Teams in the completion of the SOX certification for new systems and during significant upgrades/updates of existing systems;
  • Monitor and test IT compliance metrics for SOX, PCI, Cybersecurity, and Privacy to ensure the program is meeting regulatory requirements and internal corporate goals and timelines;
  • Lead the ongoing development, implementation, and enforcement of security awareness training programs, requirements and initiatives;
  • Develop training, newsletters and other educational material that is engaging and promotes adoption of security & compliance best practices;
  • Responsible for supporting Data Privacy activities including PCI and CCPA compliance.
  • Review SSAE 18 and/or third-party assessments/reviews performed by external parties.

Must have(s):

  • Sustainable knowledge of compliance requirements associated with SOX (ITGCs & ITACs), Cybersecurity and PCI;
  • Extensive knowledge of general information security best practices and standards such as ISO 27000, COBIT 5, NIST SP 800 series, NIST CSF;
  • Solid knowledge/experience in Software development life cycle, DevOps, networks, databases, operating systems, application controls and IT operations;
  • General understanding of internal audit methodologies and processes;
  • Work with Internal Audit, external auditors, IT management and staff to identify feasible implementation of controls and resolutions to manage weaknesses and create opportunities for improvement;
  • Ability to create and maintain IT policies & procedures, management and executive level reports on effectiveness of IT governance controls and exceptions;
  • Excellent interpersonal and presentation skills.
  • Ability to perform assigned tasks and responsibilities with moderate supervision, which includes planning, executing and reporting on required compliance tasks within assigned timelines
  • 5+ years of IT experience covering Internal or External IT audit, Risk Management, vulnerability management, data security, regulatory compliance, vendor management, incident response
  • Bachelors Degree in Information Systems, Risk Management, Business Administration, or a related field
  • At least one of the following certifications: CISA, CISM or CISSP

Nice to have(s):

  • Prior experience in eCommerce or start-up organization
  • Prior experience with implementing Service Now, GRC tool or ITSM solutions
  • Prior experience in automating controls and control testing, data analytics and Agile methodology
  • Prior experience in the following areas: risk management, internal or external IT audit, vulnerability management, data security, regulatory compliance, vendor management, incident response
  • ITIL, PMP, Six Sigma certification a plus.

If you have a disability under the Americans with Disabilities Act or similar law, or you require a religious accommodation, and you wish to discuss potential accommodations related to applying for employment at our company, please contact [email protected].

To access Chewys Privacy Policy, which contains information regarding information collected from job applicants and how we use it, please click here: Chewy Privacy Policy (https://www.chewy.com/app/content/privacy).

Full-time

Employee Testimonials

Bill Poitras
Software Engineer

It’s amazing working with such a diverse group of talented people at Chewy! I really love the culture of fun, collaboration, hard work, and innovation that I’ve seen throughout the company. I especially am impressed the lengths our company strives to wow our customers. I’ve witnessed first-hand how our customer service representatives not only encourage the passion of pet parents, but share their own. I’m grateful for the opportunity to learn so much new technology and the world of e-commerce.

Becca Litwack
Affiliate Marketing Manager

The environment at Chewy is energizing and there is a strong sense of purpose. Our focused attention to the customer leads to great enthusiasm for the work we get to do. There is real comradery on the teams as well – our team frequently lunches together which lends to a friendly work environment, collaboration, and innovation. Having dogs in the office doesn’t hurt either!

Shantesh Kanekar
Director of Software Engineering

The company known for best in class Customer Service knows how to keep its internal customers (our team members) happy, too. There is a positive energy and vibe the moment you set foot in the office. The workforce at Chewy is a vibrant mix of diversity in all aspects but one thing that is common is the shared belief of being the best in class at whatever job function one is in.

Chris Foley
Senior Software Development Manager

Working at Chewy is fast-paced, challenging, and very fulfilling. Each person here has the opportunity to have a profound effect on how we wow both our internal and external customers. We place a very high value on customer service here at Chewy and regardless of what you are working on, the customer satisfaction is always going to be #1. By everyone working towards the same common goal, teamwork organically happens in everything we do.