Senior GRC Analyst

Job Description:

Who We Are: 

We’re Cart.com, one of the fastest growing commerce enablement companies in the world. We provide the digital and physical infrastructure that empowers thousands of leading B2C, B2B and public sector organizations to unify commerce operations from product discovery to product delivery. 

We’re building toward a world where commerce has no bounds. Our enterprise-grade software, services and logistics infrastructure, including our own network of omnichannel fulfillment and distribution centers, enable merchants to navigate an increasingly complex operating landscape and drive efficient growth. 

Our goal is to be the global backbone of commerce. To achieve it, we’re looking for entrepreneurial, innovative and determined teammates who are eager to help our growing base of customers simplify their commerce operations and seamlessly reach their own customers, wherever they are. Sound like you? We’d love to hear from you. 

Cart.com Fast Facts: 

• 6,000+ customers worldwide 

• 1,600+ employees globally 

• 17 warehouses nationwide, totaling over 10 million square feet of space 

• Headquartered in Houston, TX with international offices in Mexico and Poland 

Our values: 

Cart.com is building a company that is committed to living out these 6 core values: 

• Be brand obsessed: Our lives are shaped by the brands we interact with daily. We obsess over the brands we serve, and about the things they care about. 

• Think beyond the box: “We’ve always done it that way” is not a phrase uttered often at our office. We create creative solutions to complex problems. 

• Don’t give up: We learn from our challenges and see them for what they are; great building blocks to an amazing brand story. 

• Speak up: We communicate clearly and directly because we care deeply. Communication is the bedrock of our community. 

• Work together: We’ve built a team that prides itself on diversity of thought and background. Collaboration is better with contrast. 

• Remember to be human: We work hard, but we leave room for the people, places and things that we love. 

This position is open to applicants or individuals who are located in or willing to move to AZ, CA,CO, CT,DE,FL, GA, HI, IL, IN, KY, MD, MA, MI, MS, NE, NV, NJ, NY, NC,OH, OR, PA, SC, TN, TX, UT, VA, WA. 

The Role:  

As a Senior GRC Analyst, you will be a key driver in fortifying Cart.com’s cybersecurity, governance, risk, and compliance (GRC) framework. Reporting to the Senior GRC Manager, you will lead critical security and compliance initiatives, ensuring the company meets regulatory, industry, and internal security standards. You’ll take on complex risk assessments, security policy development, audit management, and third-party risk oversight, collaborating with stakeholders across IT, Security, Legal, and Business Operations.
 

This role requires deep expertise in GRC frameworks, risk management methodologies, and regulatory compliance standards, coupled with strong communication and analytical skills to drive security initiatives effectively.

What You’ll Do:

Governance & Compliance

• Develop, implement, and enhance Cart.com’s GRC program, ensuring compliance with industry regulations such as ISO 27001, NIST CSF, SOC 2, PCI DSS, GDPR, and CCPA.

• Own and maintain the enterprise security policy framework, ensuring alignment with business objectives and regulatory requirements.

• Collaborate with Legal, IT, and Security teams to oversee privacy programs and data protection initiatives (e.g., CCPA, GDPR, CPRA).

Risk Management & Security Controls

• Lead enterprise-wide risk assessments, identify security vulnerabilities, and develop mitigation strategies.

• Evaluate and enhance third-party risk management processes, ensuring vendors meet Cart.com’s security and compliance requirements.

• Assess and optimize security control effectiveness, tracking control failures and working with teams on remediation strategies.

• Guide security incident response processes, working closely with SOC teams to refine investigation and mitigation workflows.

Audit & Assurance

• Serve as a primary liaison for internal and external security audits, ensuring compliance with regulatory and contractual requirements.

• Manage SOX IT controls, PCI DSS compliance, and security assessments, tracking findings and ensuring timely remediation.

• Collaborate with internal teams to prepare, execute, and review security audits, penetration testing, and vulnerability assessments.

Training & Awareness

• Design and conduct security awareness training programs for employees, focusing on phishing, social engineering, and compliance best practices.

• Develop and distribute compliance dashboards, risk reports, and executive-level updates on security performance and trends.

Continuous Improvement

• Stay ahead of emerging cybersecurity threats, regulatory changes, and best practices, adapting Cart.com’s security strategy accordingly.

• Evaluate new security technologies and automation tools to streamline GRC processes and improve risk management capabilities.

• Mentor and train junior GRC analysts, fostering a strong security culture within the organization.

Who You Are:

• A strategic thinker who can balance technical security needs with business objectives.

• A problem-solver with strong analytical skills, capable of identifying risks and implementing effective security measures.

• A clear communicator with the ability to translate complex security concepts into actionable business recommendations.

• A collaborative leader, comfortable working across multiple departments and engaging with stakeholders at all levels.

What You’ve Done:

• 5+ years of experience in cybersecurity governance, risk, and compliance (GRC) roles.

• Proven expertise in risk assessments, control frameworks, and compliance audits (e.g., ISO 27001, SOC 2, PCI DSS, NIST CSF).

• Hands-on experience managing security compliance programs, third-party risk assessments, and security incident response.

• Strong familiarity with IT security controls, cloud security best practices, and regulatory privacy laws.

• Experience working with GRC platforms (e.g., OneTrust, Archer, LogicGate, or similar tools).

Nice to Haves: 

•  Bachelor’s or Master’s degree in Cybersecurity, Information Security, IT Governance, or a related field (or equivalent experience).

• Industry-recognized certifications such as CISSP, CISM, CISA, CIPT, or CRISC.

• Experience working in fast-paced, high-growth environments with a strong understanding of eCommerce, SaaS, or technology industries.

Currently, Cart.com does not intend to hire candidates who will need, now or in the future, Cart.com sponsorship through any non-immigrant visa category such as the H-1B, H-1B1, E-3, O-1, or TN.

All hiring is contingent on eligibility to work in the United States. We are unable to sponsor or transfer visas for applicants.

Cart.com is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.