Senior GRC Analyst

Job Description:
Who we are:
At Cart.com, our mantra is "Be Brand Obsessed". Why? Because we know that our lives are shaped by the brands we interact with daily. As a new disruptor in e-commerce, Cart.com's mission is to not only help brands scale seamlessly, but also build a deeper connection with their customers. We obsess over the brands we serve and the things they care about, and that passion is what drives us to provide a consumer experience like no other.
Since our founding in 2020, Cart.com's one-of-a-kind e-commerce platform has quickly redefined how brands operate online. With our end-to-end world-class tools and services, we empower brands to manage their stores, find more customers, and deliver their products in one seamless experience. It is our mission to give brands the same capabilities as the world's largest retailers so they can do more of what they love-getting their great products into the hands of amazing customers.
We are always looking for entrepreneurial, innovative and determined humans who are eager to creatively transform the e-commerce space. Sound like you? Come hop on the brandwagon and discover what Cart.com is all about.
Cart.com is building a community that is committed to living out these 6 core values:

• WE ARE OBSESSED WITH BRANDS: We live for brands and are fanatical about their success.

• WE THINK BEYOND THE BOX: We explore new ideas and discover creative solutions. We think openly about how to serve brands and solve problems.

• WE DON'T GIVE UP: No one expected this to be easy. We are resilient- we dig in and keep going.

• WE SPEAK UP: Every person here has an obligation to question norms, voice concerns, and offer their perspective.

• WE WORK TOGETHER: We work with integrity and respect, ask for help, and extend the same help to others.

• WE ARE HUMAN: Our people are our biggest strength. We have fun and make real connections with one another and with the brands we serve.

The Role:
This role falls under our Information Security group and sits within our Cybersecurity team. Reporting directly into our Senior GRC Manager, this role will directly support all GRC projects within the company.
The Senior Governance, Risk, Compliance (GRC) Analyst will work directly with a team of 4 to assist in implementing policies, procedures, and standards to govern the protection of corporate information systems, networks, data, and 3rd party services. The Senior Analyst alongside a partner Senior Analyst will stay up to date on the latest cybersecurity intelligence while managing privacy workflows to ensure the company meets regulatory compliance.
This role will experience challenges that come within a startup environment as we are building and while we are growing at lightning speed. These challenges include partnering closely with your peers and team to meet project deadlines efficiently and effectively and as a Senior on the team, assisting to solve for problems or challenges that come up.
What You'll Do:

• Implement security program using industry standard frameworks that align to regulatory requirements and business objectives
• Perform risk analysis for systems, processes, third-party tools/applications, and configurations
• Improve security posture through process, policy, automation, and the continuous advancement of capabilities
• Document business ownership and responsibilities of the controls using the company's GRC tool
• Schedule and perform regular assessments (internal and external) to test effectiveness of controls
• Investigate (internal and external) information security risk and exceptions assessments
• Manage Payment Card Industry Data Security Standards (PCI DSS) audits
• Manage security training and phishing campaigns to mitigate social engineering attacks
• Develop and monitor security incident management program to ensure effectiveness
• Assess incidents, vulnerability scans, patching status, secure baselines, and penetration test result
• Document and reports control failures and gaps to stakeholders. Provides remediation guidance and prepares management reports to track remediation activities
• Manage privacy program involving CCPA, CPRA, GDPR, etc.
• Remain current on best practices and technological advancements and acts as the technical resource for security assessment and regulatory compliance
• Perform other related duties as assigned

Who You Are:

• You are a creative problem solver and desire to learn
• You have strong oral and written communication skills
• You have a team first mentality
• You are proactive and fast paced

What You've Done:

• You have advanced level professional experience within Information Security and/or Technology.
• You have expert knowledge and experience within GRC Programs (i.e., Technology Governance, Issue Management, Metrics Management, Third-Party Risk Management, Risk Profile, etc.)
• You have advanced level understanding of IT policies, laws, standards, and frameworks applicable to the specific technical role e.g., PCI DSS, ISO27001/2, and NIST CSF
• You have advanced experience creating and managing corporate policies
• You have experience testing or auditing technical controls

Nice to Haves:

• Experience working in an Agile environment
• Bachelor's degree or equivalent work experience (Information Technology, Engineering, Cybersecurity, or a related technical field)
• CISSP, CISA, CISM certifications or equivalent
• CIPP, CIPM, CIPT certifications or equivalent
• Microsoft, public cloud technical certifications
• ITIL foundations certification

Cart.com is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.