Governance, Risk and Compliance (GRC) Analyst (Remote)
Posted on: May 13, 2022
Vroom is an innovative end-to-end ecommerce company that is
revolutionizing the car buying experience. Our scalable,
data-driven technology brings all phases of the vehicle buying and
selling process to consumers wherever they are and offers an
extensive selection of vehicles, transparent pricing, competitive
financing, and contact-free, at-home pick-up and delivery. We have
experienced tremendous growth and have become a disruptive force in
the automotive industry. Vroom is an exciting, dynamic workplace,
and there's no better time to join the team than right now.
Vroom is seeking a Governance, Risk & Compliance (GRC) Analyst to
assist with Information Security governance, risk, and compliance
policies, processes, technologies, and assessments. Reporting to
the Manager for GRC, the analyst provides assurance for adherence
to company policies and procedures, and contributes to activities
related to the development, implementation, maintenance in
compliance; and adherence to the organization's IT policies and
The Successful GRC Analyst Will
Perform assessments and gap analyses of Vroom's control environment
against industry and regulatory frameworks (i.e. PCI, NY DFS, GLBA,
ISO 27001, CCPA, SOX).
Collaborate with Vroom teams to design, implement, and perform
periodic testing and monitoring of controls.
Maintain control inventory and control mappings to compliance
Assess, evaluate and make recommendations regarding risk and
control adequacy of IT processes and systems.
Maintain IT Risk Register and follow-up on risk remediation
Define, maintain and implement corporate Cybersecurity documents
including policies, standards, guidelines, workflows, and
Conduct third-party risk assessments, and manage third-party risk
Ensures proper reporting and response to alleged violations of
company rules, regulations, policies, procedures, and standards of
conduct by initiating and cooperating in investigative
Produce and publish metrics, reports, and dashboards.
Track and assess emerging trends and industry best practices for
applicability to Vroom's policies and processes.
Coordinate and participate in audit activities and meetings.
Other duties as assigned.
The GRC Analyst Must Have
Experience evaluating security controls and conducting risks
Strong analytical, problem solving, and writing skills, including
the ability to work with technical and non-technical business
owners as well as internal and external auditors.
At least 3 years' experience related to IT audit and compliance,
including enterprise risk.
At least 1+ years of experience with working with technical
compliance controls using frameworks such as NIST Cyber Security
Framework, ISO 27001, SOC 1/2, COBIT, ITIL, Sarbanes-Oxley, PCI,
Preferred: CISA or similar information security certificate (e.g.,
CISM, CISSP, CRISC, PCIP, CIPP, IAPP, CDPSE).
Preferred architectural and network security experience.
Big 4 experience a plus
Position may require travel
Commitment to Diversity and Equal Employment Opportunity
Vroom is an equal opportunity employer that is committed to
creating a work environment where all employees can find their
drive. To do that, we champion a workplace where each and every
person is treated with dignity and respect and is valued for their
unique perspective and contributions. Our values of SPEED: Service,
Progress, Employees, Engagement, and Development are only possible
in an environment where every individual has the ability to bring
their whole selves to work and contribute fully.
Vroom's policy is to maintain a working environment that encourages
mutual respect, promotes harmonious and congenial relationships
between employees, and is free from all forms of discrimination and
harassment of any employee (or applicant for employment or service
provider) by anyone, including supervisors, co-workers, vendors, or
clients. Harassment and discrimination in any manner or form is
expressly prohibited. There is no tolerance for discrimination or
unequal treatment of any kind on the basis of race, color,
religion, creed, gender, sex, sexual orientation, gender identity
or expression, pregnancy, sexual and reproductive health decisions,
national origin, age, disability, genetic information, marital
status or civil partnership/union status, familial status, military
or veteran status, predisposition or carrier status, domestic
violence victim status, alienage or citizenship status,
unemployment status, sexual violence or stalking victim status,
caregiver status, or any other characteristic protected by law.
This practice applies to all terms, conditions and privileges of
employment including, but not limited to, recruitment, selection,
promotion, demotion, transfer, layoff, rehire, termination of
employment, development and training, compensation, benefits and
Please review our privacy and CCPA policies
Keywords: Vroom, Greenville , Governance, Risk and Compliance (GRC) Analyst (Remote), Professions , Greenville, South Carolina
Didn't find what you're looking for? Search again!