Senior Analyst, Governance, Risk & Compliance

About The Position

Requirements

• Bachelor’s degree in computer science, Information Technology, or related field preferred.
• Strong understanding of cloud technologies, API systems, infrastructure, network, and mobile security regulations, requirements, and best practices.
• Technical depth in Information Technology, Security, Privacy, or Compliance fields.
• Advanced organizational skills with the ability to manage multiple priorities and meet deadlines.
• 5+ years of experience working in risk and compliance management frameworks, risk-based solutions, and control frameworks.
• Strong experience managing enterprise risks and driving mitigation efforts.
• 5+ years of experience managing audit scope, interfacing with technologists and business representatives, and supporting external and internal audits.
• Hands-on experience with Third-Party Risk Management (TPRM), including vendor assessments, due diligence, and ongoing risk monitoring.
• Experience supporting or participating in incident response activities, including documentation, coordination, and post-incident analysis.
• Experience reviewing change management processes and validating audit evidence for compliance and control effectiveness.
• Ability to work effectively in complex environments, both independently and collaboratively within a team.
• Highly analytical and effective communicator capable of influencing cross-functional teams and stakeholders.

Nice To Haves

• CISSP, CISM, CISA, PCIP, PCI ISA certifications preferred.

Responsibilities

• Participate in the development and implementation of security awareness trainings and phishing campaigns for the whole organization.
• Collect data for analysis and continuously improve the organization’s security posture.
• Work closely with GRC Leadership to implement global policies, regulatory changes, and risk frameworks across products and systems.
• Stay up to date in industry trends and best practices, including monitoring for changes in PCI-DSS and recommending necessary adjustments to our compliance program.
• Contribute to the development of audit process improvements.
• Provide guidance and support to internal project teams to ensure new systems, applications, or processes are designed and implemented in accordance with relevant standards.
• Perform risk assessments, audits, and control testing to ensure Chipotle systems and processes remain in compliance with applicable regulations (PCI-DSS, SOX) and internal Information Security policies, ensuring evidence is collected, reviewed, and maintained to meet compliance objectives.
• Support and enhance the Third-Party Risk Management (TPRM) program, including conducting vendor risk assessments, reviewing security documentation, leveraging tools such as Viso Trust, and partnering with stakeholders to manage third-party risk throughout the vendor lifecycle.
• Monitor and track remediation efforts for identified non-compliance issues to ensure timely resolution, including managing policy exceptions and violations.
• Participate in incident response activities as a Scribe and on-call team member, ensuring accurate documentation of events, timelines, decisions, and actions during security incidents, and supporting post-incident reviews and reporting.
• Create written reports and dashboards for monitoring compliance and communicating status with business leaders.
• Assist in coordinating annual on-site audits and preparing compliance reports for submission to external stakeholders.
• Review change management tickets and associated evidence to validate control effectiveness and audit readiness, ensuring completeness, accuracy, and alignment with compliance requirements.
• Assist with other compliance team projects as required to meet evolving regulatory and compliance needs and objectives.
• Assist in architecting and improving a suite of GRC tools to automate controls, risk data collection, monitoring, and governance procedures.
• Develop and maintain policies and standards in support of operational and compliance goals, including creating supporting operational work instructions where it would be most effective.
• Develop, execute, and/or coordinate governance structures to align with industry and compliance frameworks such as PCI, SOX, and NIST CSF.

Benefits

• Chipotle offers a competitive total rewards package, which includes medical, dental, and vision insurance, 401k, sick leave, vacation time, and much more.