Manager, IT GRC

Our Opportunity:

At Chewy, we're constantly working hard to build world-class engineering solutions for our business partners and customers. Reporting under the Corporate Systems Organization, the GRC team is looking for a new leader for our GRC team. This role will lead and manage all organization-wide governance, risk and compliance related activities, helping our teams to scale, while maintaining the security of our platforms and meeting our compliance objectives. This lead will immediately step in to provide advice, methods, and guidance across our corporate systems.

The ideal candidate will utilize the skills they have gained working in enterprise compliance drive the maturation of the GRC roadmap, programs, and projects. This candidate will be personable and able to work across all business units, generate good-will across various teams and functions as they work to improve Chewy’s IT systems security posture.

This role will also be responsible for defining the roadmap of the GRC organization and how the GRC team will partner with other departments across Chewy. It will serve as a voice for compliance, risk, and policy issues and will work closely with Business and Functional area leadership to improve the quality and value of core data assets, respond to regulatory protection requirements as well as support the strategic requirements of the department.

What You'll Do:

• Lead, mentor and grow a diverse team of compliance professionals to execute against the GRC roadmap
• Define and drive the GRC roadmap to mature programs and enhance Chewy’s security posture while supporting a low-friction approach with our user community
• Generate actionable reports, metrics, and presentations for all levels of management involved in IT compliance oversight
• Manage security policies and training programs in partnership with security, legal, and internal audit
• Provide oversight for the design, implementation, and testing of controls in collaboration with security, engineering, IT and other risk functions
• Mature our risk management program, leading risk assessments and recommending appropriate actions
• Act as the relationship manager for internal and external audits, including external auditor selection, scheduling, coordination, and project monitoring
• Create accountability by developing and monitoring compliance metrics to ensure programs are meeting regulatory requirements, internal corporate goals, and timelines
• Support the execution of the Vulnerability Management Program, working with system administrators and developers to track remediation tasks and ensure that objectives are within expected timelines
• Administer corporate Information Security Awareness Program and Training

What You'll Need:

• 10 years of experience in IT audit, IT risk management, security or a related field, including at least 5 years of experience directly managing people
• 6 years of experience designing, implementing and managing technical compliance programs using frameworks such as NIST Cyber Security, ISO 27001, SOC 2, PCI, and/or HIPAA
• Ability to perform assigned tasks and responsibilities with moderate supervision, which includes planning, executing, and reporting on required compliance tasks within assigned timelines
• Ability to create management and executive level reports on compliance standing, effectiveness of controls and current exceptions
• Prior experience in building compliance programs in rapid growth organizations
• Recognized subject matter expert capable of influencing the way things are done
• Industry Recognized Certifications: CISSP, CISA