GRC Analyst

3 days ago

🇺🇸 United States – Remote

🤠 Texas – Remote

Although this job is listed in Texas, this company may be open to hiring remote in other states.

⏰ Full Time

🟢 Junior

🟡 Mid-level

🧐 Analyst

🚫👨‍🎓 No degree required

🦅 H1B Visa Sponsor

Apply Now

Receive Emails with Similar Jobs

Cart.com

WebsiteLinkedInAll Job Openings

ecommerce • digital marketing • fulfillment • order management • artificial intelligence

1001 - 5000 employees

🛍️ eCommerce

☁️ SaaS

Description

• Assist in the development and implementation of a comprehensive Cybersecurity GRC program, aligning with industry-standard frameworks (e.g., NIST CSF, ISO 27001). • Perform risk assessments for systems, processes, third-party applications, and configurations, and recommend mitigation strategies. • Document ownership and responsibilities of controls in Cart.com’s GRC platform and maintain corporate policies. • Manage and support PCI DSS audits, schedule internal and external control assessments, and ensure compliance with privacy regulations (e.g., CCPA, GDPR). • Monitor and improve the security incident management program; assess incidents, secure baselines, and penetration test results. • Lead security training and phishing simulations to mitigate social engineering risks. • Identify and document control failures and gaps, provide remediation guidance, and prepare management reports to track progress. • Assist in managing privacy initiatives, including CCPA, CPRA, GDPR, and other relevant regulations. • Stay informed on emerging cybersecurity threats, best practices, and technology advancements to strengthen Cart.com’s security posture.

Requirements

• 2+ years in information security, technology governance, or compliance roles. • Hands-on experience with GRC programs, including third-party risk management, metrics tracking, and issue resolution. • Background in IT policies, laws, and frameworks (e.g., PCI DSS, ISO 27001, SOC, NIST CSF). • Experience in testing or auditing technical controls.