Chipotle Mexican Grill, Inc.
Columbus, OH, United States
Governance, Risk & Compliance Analyst (18033484)
CULTIVATING A BETTER WORLD
Food served fast doesn’t have to be a typical fast food experience. Chipotle has always done things differently, both in and out of our restaurants. We're changing the face of fast food, starting conversations, and directly supporting efforts to shift the future of farming and food. We hope you'll join us as we continue to learn, evolve, and shape what comes next on our mission to make better food accessible to everyone.
The IT Governance, Risk & Compliance (GRC) Analyst will be responsible for coordinating compliance activities and helping to mitigate and manage risks at Chipotle. This role will help IT Compliance team grow and mature our risk and compliance processes to gain efficiencies and something.
This position will require collaboration with all departments at Chipotle to ensure an acceptable risk posture for the organization. Responsibilities include enhancing the security posture for activities which impact the confidentiality, integrity, and availability of our information assets and resources, our infrastructure, and our business processes.
*WHAT YOU’LL DO *
* Conduct risk assessments in support of business requirements.
* Drive GRC program and process improvements.
* In conjunction with GRC leadership, implement the strategic direction and GRC program build.
* Work cross functionally with business partners throughout Chipotle’s organization, collaborating with management and their respective teams to drive adoption of Governance, Risk & Compliance policies, standards, principles, procedures and requirements.
* Design and consult on process workflow improvements in support of technology controls readiness or compliance management functions.
* Build procedural documentation (e.g. process flows, data flow maps, SOP's) or other work instructions to support the policies, standards, controls and compliance readiness capabilities.
* Develop and coordinate alignment to technology governance and control frameworks such as ISO 27001/2, COBIT, GAPP, ITIL, and various NIST SP’s, implementing where appropriate.
* Develop remediation models for events, incidents, and alerts in IT control domains, internal or external audits, and / or control readiness assessments.
* Assess technology systems supporting Governance, Risk & Compliance programs and consult with teams to protect information assets, tracking and reacting to exceptions to established baselines; recommends opportunities for improvement.
* Identify, report, and assist in resolving legal or regulatory compliance, control gaps, or governance (oversight / monitoring) gaps.
* Implement control design and effectiveness testing to assess control strength in treating technology risks.
* Be responsible for leading the coordination of data gathering needed for internal and external audits, regulatory requirements, and other compliance and risk management needs requirements.
* Manage control exceptions or deficiencies tracking and monitoring, assisting with remediation development within Chipotle, and serve as a liaison to internal or external audit entities.
* Develop and manage the lifecycle of policies, standards, procedures and policies, normalizing and rationalizing technology requirements within those governance tools.
* Design and develop requirements-based technology control models to meet regulatory needs.
* Assist in planning and designing the implementation of technology information security compliance awareness and education campaigns to encourage adoption of -- and adherence to -- requirements in Chipotle’s technology standards.
* Develop, review, and approve procedural and process documentation (e.g. SOPs, playbooks, leading practice guidelines, etc).
* Serve as an internal governance, risk, privacy, and compliance subject matter expert while interfacing with applicable departments, groups, and individuals on relevant initiatives and concerns.
* Maintain a working knowledge of applicable compliance drivers (SOX, PCI, GDRP, etc.).
* Keep abreast of developing regulatory changes and assist in providing guidance to assess new requirements.
* Assess, formulate, monitor, and support governance practices of internal compliance requirements primarily in the fields of information security and data privacy.
* Conduct, document, and report on internal and third-party risk assessments to drive improvements and overall risk reduction.
* Recommend and contribute to the evolution of appropriate KPIs
* Develop and prepare governance KPI reports on status of risk assessment, control effectiveness, gap remediation, third party risk management issues, and internal and external audit findings and recommendations.
* Identify, implement, and maintain GRC systems to support organizational needs.
* Develop, propose, and present solutions, assisting with prioritization of workload to strategic and tactical goals for themselves and other GRC analysts.
* Coach, mentor and train other GRC analysts, effectively multiplying intelligence and skills inside of the team
WHAT YOU’LL BRING TO THE TABLE
* 3 to 5 years of experience with governance, risk and compliance management.
* 3 to 5 years of experience working with relevant regulatory standards.
* 3 to 5 years of experience as a security, privacy, and compliance practitioner or consultant.
* Strong understanding of governance, risk, and compliance programs.
* Highly analytical and effective communicator capable of influencing other teams and departments.
* Current risk assessment and associated testing knowledge and demonstrated ability to perform and analyze results in a complex computing environment.
* Excellent written and verbal communication skills
* Exceptional organization skills and attention to detail.
* Ability to multi-task, and serve as a team player in a fast-paced environment and contribute in areas outside of expertise if necessary.
* Ability to manage priorities and projects.
* Bachelor's Degree or equivalent experience in Information Technology or related field.
* Industry and Discipline related certifications, such as CISA or CISSP, etc.
WWHO WE ARE
Chipotle Mexican Grill, Inc. (NYSE: CMG) is cultivating a better world by serving responsibly sourced, classically-cooked, real food with wholesome ingredients without added colors, flavors or other additives. Chipotle has more than 2,400 restaurants as of March 31, 2018 in the United States, Canada, the United Kingdom, France and Germany and is the only restaurant company of its size that owns and operates all its restaurants. With more than 70,000 employees passionate about providing a great guest experience, Chipotle is a longtime leader and innovator in the food industry. Chipotle is committed to making its food more accessible to everyone while continuing to be a brand with a demonstrated purpose as it leads the way in digital, technology and sustainable business practices.
Check us out at chipotle.com to learn more.
Primary Location: Ohio - Columbus - 8889 - 333 W Nationwide-(08889)
8889 - 333 W Nationwide-(08889)
333 W Nationwide Blvd
Chipotle Mexican Grill, Inc.
Website : http://www.chipotle.com
When Chipotle (pronounced chi-POAT-lay) opened its first store in 1993, the idea was simple: demonstrate that food served fast didn't have to be a "fast-food" experience. We use high-quality raw ingredients, classic cooking methods and distinctive interior design--features that are more frequently found in the world of fine dining. When we opened, there wasn't an industry category to describe what we were doing. Some 16 years and more than 900 restaurants later, we compete in a category of dining now called "fast-casual," the fastest growing segment of the restaurant industry, where customers expect food quality that's more in line with full-service restaurants, coupled with the speed and convenience of fast food.