Cart.com is an ecommerce software, services, and brand holding company on a mission to democratize ecommerce and give digital merchants the freedom to grow. We are integrating all the pieces of the ecommerce value chain brands need to thrive, creating a truly end-to-end Ecommerce-as-a-Service platform that helps third party brands (and a few of our own) move faster, grow more quickly, and deliver on their promises more completely.
The Governance, Risk, Compliance (GRC) Analyst will assist in implementing policies, procedures, and standards to govern the protection of corporate information systems, networks, data, and 3rd party services. The analyst will stay up to date on the latest cybersecurity intelligence while managing privacy workflows to ensure the company meets regulatory compliance.
- Assist in the implement security program using industry standard frameworks that align to regulatory requirements and business objectives.
- Perform risk analysis for systems, processes, third-party tools/applications, and configurations.
- Assist in improving security posture through process, policy, automation, and the continuous advancement of capabilities.
- Document business ownership and responsibilities of the controls using the company’s GRC tool.
- Schedule and perform regular assessments (internal and external) to test effectiveness of controls.
- Investigate (internal and external) information security risk and exceptions assessments.
- Assist in managing Payment Card Industry Data Security Standards (PCI DSS) audits.
- Manage security training and phishing campaigns to mitigate social engineering attacks.
- Monitor security incident management program to ensure effectiveness.
- Assess incidents, vulnerability/patching status, secure baselines, and penetration test result.
- Document and reports control failures and gaps to stakeholders. Provides remediation guidance and prepares management reports to track remediation activities.
- Assist in managing privacy program involving CCPA, CPRA, GDPR, etc.
- Remain current on best practices and technological advancements and acts as the technical resource for security assessment and regulatory compliance.
- Experience in GRC Programs (i.e., Technology Governance, Issue Management, Metrics Management, Third-Party Risk Management, Risk Profile, etc.).
- Understanding of IT policies, laws, standards, and frameworks applicable to the specific technical role e.g., PCI DSS, ISO27001/2, and NIST CSF.
- Experience maintaining corporate policies.
- Experience testing or auditing technical controls.
- Creative problem solver and desire to learn.
- Strong oral and written communication skills.
Vacancy Type: Full Time
Job Location: Houston, TX, US
Application Deadline: N/A