Governance, Risk and Compliance (GRC) Analyst (Remote)

Company: Vroom
Location: Garland
Posted on: May 16, 2022

Job Description:

Vroom is an innovative end-to-end ecommerce company that is revolutionizing the car buying experience. Our scalable, data-driven technology brings all phases of the vehicle buying and selling process to consumers wherever they are and offers an extensive selection of vehicles, transparent pricing, competitive financing, and contact-free, at-home pick-up and delivery. We have experienced tremendous growth and have become a disruptive force in the automotive industry. Vroom is an exciting, dynamic workplace, and there's no better time to join the team than right now.

Vroom is seeking a Governance, Risk & Compliance (GRC) Analyst to assist with Information Security governance, risk, and compliance policies, processes, technologies, and assessments. Reporting to the Manager for GRC, the analyst provides assurance for adherence to company policies and procedures, and contributes to activities related to the development, implementation, maintenance in compliance; and adherence to the organization's IT policies and assessment activities.

The Successful GRC Analyst Will
Perform assessments and gap analyses of Vroom's control environment against industry and regulatory frameworks (i.e. PCI, NY DFS, GLBA, ISO 27001, CCPA, SOX).
Collaborate with Vroom teams to design, implement, and perform periodic testing and monitoring of controls.
Maintain control inventory and control mappings to compliance frameworks.
Assess, evaluate and make recommendations regarding risk and control adequacy of IT processes and systems.
Maintain IT Risk Register and follow-up on risk remediation activities.
Define, maintain and implement corporate Cybersecurity documents including policies, standards, guidelines, workflows, and procedures.
Conduct third-party risk assessments, and manage third-party risk and remediation.
Ensures proper reporting and response to alleged violations of company rules, regulations, policies, procedures, and standards of conduct by initiating and cooperating in investigative procedures.
Produce and publish metrics, reports, and dashboards.
Track and assess emerging trends and industry best practices for applicability to Vroom's policies and processes.
Coordinate and participate in audit activities and meetings.
Other duties as assigned.

The GRC Analyst Must Have
Experience evaluating security controls and conducting risks assessments.
Strong analytical, problem solving, and writing skills, including the ability to work with technical and non-technical business owners as well as internal and external auditors.
At least 3 years' experience related to IT audit and compliance, including enterprise risk.
At least 1+ years of experience with working with technical compliance controls using frameworks such as NIST Cyber Security Framework, ISO 27001, SOC 1/2, COBIT, ITIL, Sarbanes-Oxley, PCI, and CCPA/GDPR.
Preferred: CISA or similar information security certificate (e.g., CISM, CISSP, CRISC, PCIP, CIPP, IAPP, CDPSE).
Preferred architectural and network security experience.
Big 4 experience a plus
Position may require travel

Commitment to Diversity and Equal Employment Opportunity

Vroom is an equal opportunity employer that is committed to creating a work environment where all employees can find their drive. To do that, we champion a workplace where each and every person is treated with dignity and respect and is valued for their unique perspective and contributions. Our values of SPEED: Service, Progress, Employees, Engagement, and Development are only possible in an environment where every individual has the ability to bring their whole selves to work and contribute fully.

Vroom's policy is to maintain a working environment that encourages mutual respect, promotes harmonious and congenial relationships between employees, and is free from all forms of discrimination and harassment of any employee (or applicant for employment or service provider) by anyone, including supervisors, co-workers, vendors, or clients. Harassment and discrimination in any manner or form is expressly prohibited. There is no tolerance for discrimination or unequal treatment of any kind on the basis of race, color, religion, creed, gender, sex, sexual orientation, gender identity or expression, pregnancy, sexual and reproductive health decisions, national origin, age, disability, genetic information, marital status or civil partnership/union status, familial status, military or veteran status, predisposition or carrier status, domestic violence victim status, alienage or citizenship status, unemployment status, sexual violence or stalking victim status, caregiver status, or any other characteristic protected by law.

This practice applies to all terms, conditions and privileges of employment including, but not limited to, recruitment, selection, promotion, demotion, transfer, layoff, rehire, termination of employment, development and training, compensation, benefits and retirement.

Please review our privacy and CCPA policies

Keywords: Vroom, Garland , Governance, Risk and Compliance (GRC) Analyst (Remote), Professions , Garland, Texas