What are the responsibilities and job description for the GRC Analyst position at REI?
REI is committed to becoming a fully inclusive, antiracist, multicultural organization. To fulfill our brand promise of enabling a life well-lived outside for everyone, we are seeking candidates who demonstrate shared values of diversity, equity, inclusion, and antiracism
This job contributes to REI’s success by helping execute, as well as mature, our core Information Security GRC processes. As a GRC analyst, you will work in conjunction with GRC teammates to deliver on risk management, compliance, and security and awareness training activities. The GRC analyst role also works cross-functionally with business partners throughout REI, collaborating with teams to drive adoption of Governance, Risk & Compliance principles. Models and acts in accordance with REI’s guiding values and mission.
In this role you will:
This job contributes to REI’s success by helping execute, as well as mature, our core Information Security GRC processes. As a GRC analyst, you will work in conjunction with GRC teammates to deliver on risk management, compliance, and security and awareness training activities. The GRC analyst role also works cross-functionally with business partners throughout REI, collaborating with teams to drive adoption of Governance, Risk & Compliance principles. Models and acts in accordance with REI’s guiding values and mission.
In this role you will:
- Demonstrating advanced understanding of complex business processes, internal control risk management, IT controls and related standards.
- Assisting in the implementation, operation and maintenance of our common controls framework for continuously testing and monitoring of all information security controls.
- Identifying and evaluating complex business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement.
- Assisting with information security compliance activities, including PCI DSS and CTPAT.
- Providing support as needed to the team in the execution of objectives.
- Assist in designing, creating, and maintaining risk-based metrics.
Bring your passion and expertise
- Bachelor's Degree in Accounting/Audit, Cybersecurity, Risk Management, Business Information Systems, or a related field is preferred.
- Ability to identify, quantify, track, and lead mitigation of risks and control exceptions and communicate results to department leadership.
- One to three years of experience in security governance, risk management, compliance, audit, internal controls, or other security related areas and a minimum of five years of total work experience.
- Knowledge of control development, monitoring and reporting in enterprise environments.
- A strong understanding in one or more of the following industry compliance and security standards and frameworks: ISO 27001, ITIL, COBIT, PCI DSS, SOC 2, CSA,CCM, CIS Benchmarks and NIST frameworks.
GRC Engineer
ISACA -
Seattle, WA
GRC Engineer
Fred Hutchinson Cancer Research Center -
Seattle, WA
GRC Engineer
Unavailable -
Seattle, WA
