Technology Risk & Compliance Analyst

About The Position

Requirements

• Bachelor’s degree in Information Technology, Cybersecurity, Business, or related field.
• 3–7 years of experience in IT risk, compliance, audit, or cybersecurity.
• Strong working knowledge of GRC frameworks (e.g., NIST, ISO 27001, COBIT).
• Knowledge of regulatory standards (SOX, SOC, GDPR, or similar).
• Experience with risk assessment, control design, and audit support.
• Ability to translate technical risk into business impact and executive-level messaging.
• Strong collaboration and stakeholder management across technology and business teams.
• High attention to detail with disciplined documentation practices.

Responsibilities

• Identify, assess, and document technology risks across projects, products, and platforms within the Retail portfolio.
• Facilitate the prioritization of technology risks based on business impact, regulatory exposure, and defined risk appetite.
• Conduct risk assessments for new initiatives, including M&A integrations and platform implementations.
• Partner with project managers and product teams to integrate risk mitigation into delivery plans and milestones.
• Ensure risk mitigation strategies align to enterprise risk appetite and portfolio priorities.
• Monitor risk exposure and ensure remediation activities are tracked through completion.
• Ensure alignment with internal policies and external regulatory requirements (e.g., SOX, SOC controls, data privacy standards).
• Support implementation and maintenance of IT governance, risk, and compliance (GRC) frameworks.
• Evaluate and ensure technology policies, standards, and procedures are fit for purpose and aligned to regulatory and business requirements.
• Recommend updates to policies and standards based on regulatory changes, audit findings, and evolving risk landscape.
• Maintain compliance documentation, control narratives, and evidence repositories.
• Monitor and report adherence to policies, standards, and standard operating procedures across the portfolio.
• Support internal and external audit activities, including evidence collection, walkthroughs, and remediation tracking.
• Partner with internal and external Audit to support successful audit outcomes, including SOX compliance, evidence validation, and timely remediation of findings.
• Assess effectiveness of IT controls and identify gaps across applications, infrastructure, and processes.
• Partner with control owners to strengthen control design and execution.
• Drive timely closure of audit findings and control deficiencies.
• Partner with Vendor Management and enterprise third- and fourth-party risk teams to ensure technology-related vendor risks are identified and addressed.
• Incorporate vendor-related risks into portfolio-level risk visibility and reporting.
• Support tracking and remediation of vendor-related control gaps impacting Retail Technology delivery.
• Prepare and deliver transparent, decision-ready reporting for governance forums, including Steering Committees and OCIO leadership.
• Provide insights that enable leadership to evaluate risk exposure alongside investment, delivery progress, and business outcomes.
• Highlight trade-offs, emerging risks, and areas requiring leadership attention or decision.
• Track key risk indicators (KRIs), control effectiveness, and remediation progress.
• Identify opportunities to streamline and improve GRC processes, tooling, and operating model effectiveness.
• Contribute to the evolution of OCIO governance, risk, and control frameworks.

Benefits

• Medical/Rx
• Dental
• Vision
• Life Insurance
• Disability Insurance
• ESPP
• 401k
• Student Loan Assistance
• Tuition Reimbursement
• Free Mental Health & Enhanced Advocacy Services
• Paid Time Off
• Holidays
• Preferred Partner Discounts