senior cybersecurity analyst

About The Position

Requirements

• Bachelor's degree in computer science or related field or 3+ years of relevant experience.
• Apply knowledge of business principles and technology practices to achieve successful outcomes in cross-functional activities.
• Excellent analytical and problem-solving skills.
• Generate comprehensive documentation in support of systems.
• Exhibit exception oral and written interpersonal and communication skills.
• Experience with Microsoft Office products such as Word, Excel, and PowerPoint proficiently.
• Apply a deep understanding of business processes and process improvement initiatives.
• Provide top-tier customer service.
• Implement system development concepts effectively.
• Proven working knowledge of system development lifecycle and IT operations.
• Ability to use business knowledge, sound judgement, and resourcefulness to design and deploy highly reliable and sustainable technology solutions.
• Ability to balance multiple priorities and meet deadlines.
• Configuration knowledge of relevant applications/modules/platforms.

Nice To Haves

• 3+ years of progressive industry experience in Information Risk Management, IT Governance, IT Compliance, Data Privacy or Internal/External Technology Audit disciplines, with at least two of those years in an IT or a software development setting.
• Exposure to Common Control Framework (CCF) practices with knowledge and ability to track common control requirements across numerous security and regulatory standards
• Ability to work within large organizations to collaborate and drive cross-functional efforts, and build partnerships to secure the resources necessary to achieve goals
• Certifications such as CISA, CISSP, CISM, CIPM or others focused on controls assurance, information security, data privacy or information risk management is a strong plus
• Detailed and results-oriented, able to analyze data to justify product decisions and apply key learnings.
• Strong verbal and written communications skills
• Consistently uses communications skills to influence outcomes within a known skill set
• Ability to balance multiple priorities and meet deadlines
• Ability to thoroughly understand complex business and technical issues and influence decision making
• Hands on experience in developing roadmaps, story outlines, writing user stories, refining product backlogs, and coordinating/prioritizing conflicting requirements across teams in a fast-paced, changing environment
• Ability to apply knowledge of multidisciplinary business principles and practices to achieve successful outcomes in cross-functional projects and activities
• Experience in engineering and/or platform role for GRC solutions and/or cybersecurity risk management solutions.

Responsibilities

• Serve as a subject-matter expert across key technology compliance domains (e.g., SOX ITGC, PCI DSS, SWIFT, ISO/IEC 27001, NIST CSF/800-53, SOC 2), navigating cross-functional dependencies and translating regulatory obligations into actionable, risk-based controls.
• Partners with managers, engineers, and cross-functional teams to drive compliance within technology products and solutions, build strong working relationships, and provide advisory support that aligns requirements, policies, standards, and controls that reduce risk and strengthen operational resilience
• Develop training and reusable templates to help compliance scale across the enterprise
• Operate in a largely self-directed manner; escalate risks and decisions appropriately.
• Lead compliance automation initiatives to streamline control execution, validation, evidence collection, and monitoring through scalable, technology-driven workflows.
• Design and configure Governance Risk Compliance (GRC)/Integrated Risk Management (IRM) capabilities (e.g. control libraries, issues and risk management, assessments, evidence orchestration), integrating with enterprise systems to automate data flows, control testing, and compliance reporting.
• Enable continuous control monitoring by defining data models, automation patterns (APIs, eventing, scripting), with an increasing focus on AI-assisted detection, testing, and anomaly identification to reduce manual effort and expand assurance coverage.
• Build intelligent dashboards and metrics that visualize control health, risk posture, findings, exceptions, and remediation progress, incorporating role-based experiences and leveraging AI/ML insights to surface emerging risks and control degradation trends.
• Continuously identify and implement automation, standardization, and reuse opportunities to improve productivity, quality, and cost efficiency.
• Design risk and control matrices that support regulatory requirements and internal standards.
• Provide consulting and guidance to ensure effective use of compliance and risk‑management tools and processes.
• Develop budget recommendations to support compliance initiatives and program maturity.
• Own multiple compliance products and maintain deep knowledge of relevant Starbucks and industry domain areas.
• Apply LEAN and user‑centered design techniques to simplify compliance processes and improve partner experience.
• Administer and support GRC tools and integrations, including triaging requests, managing queues against SLAs, and coordinating with vendors and cross‑functional teams.
• Develop and maintain documentation (wikis, knowledge articles, runbooks) and deliver training on compliance services, tooling, and governance processes.
• Coordinate and execute control assessments, readiness reviews, and walkthroughs, collecting and validating evidence for internal and external audits.
• Perform root‑cause analysis and drive durable remediation through control improvements, process changes, or automation.
• Track and report remediation status, risk acceptance, and exceptions in partnership with control owners and audit stakeholders.
• Own and refine the compliance services backlog by creating user stories, defining acceptance criteria, and driving delivery within agile sprint cadences.
• Manage GRC/compliance products and services, applying continuous improvement to mature capabilities over time.
• Collaborate with stakeholders to define requirements, assess business value, prioritize backlog items, and maintain user personas that support the compliance program.
• Define controls and compliance goals, KPIs, and measurement plans to evaluate program effectiveness with minimal oversight.
• Balance scope, capacity, and timelines to deliver small feature sets and enhancements aligned to business and compliance outcomes.
• Develop strategic and operational plans for compliance services, ensuring effective execution and measurable results.