IT GRC Analyst II

Overview

It All Starts with Our People

As the leader in automotive preventive maintenance, Valvoline has a proven track record of growth. We continue to invest in our people, processes, and technology to strengthen our ability to efficiently deliver Quick, Easy, Trusted service across all our stores – every day. We're not just in the car business; we're in the people business. And we're looking for humble, hungry, and smart people to help us shape the future of mobility. If you're hungry to drive change and seek a dynamic, collaborative environment that fuels both personal and professional growth, you've found your place with us.

Our highest priority is creating a welcoming workplace with team members from a wide variety of diverse backgrounds and experiences.

The Opportunity

Valvoline has a rewarding opportunity as an IT Governance, Risk and Compliance (GRC) Analyst II. In this role, you will support Valvoline's IT GRC functions and perform security and risk assessments, vulnerability management, audit support, and regional regulatory compliance (i.e. SOX, PCI, NA Privacy regulations). You will assist in IT Risk Assessment projects including the identification and documentation of an IT Risk Register, Risk Assessments, impact analysis, appropriate mitigating Controls, Residual Risk, and other related data.

How You'll Make a Difference

• Responsible for the vulnerability scanning tool and remediation process, which may include vulnerabilities discovered through, but not limited to, vulnerability scanning, ethical hacking, pen testing, threat intelligence, application security, responsible disclosure, etc. Identifies, recommends, and prioritizes appropriate measures to manage and remediate vulnerabilities and reduce potential impacts on information resources to acceptable risk tolerances. Tracks VM program metrics, KPIs, KRIS, and other applicable performance reporting measures to communicate risk and overall effectiveness.

• Builds strong partnerships and collaborates with asset owners, third-party partners, and managed service providers to drive vulnerability remediation, and mitigation, reduce exposure and potential business impact, ensure secure asset configurations, and ensure security requirements are being adhered to.

• Supports the company's risk management program by assessing potential risks associated with 3rd parties, including cloud-specific ones, and ensuring compliance with defined policies, procedures, and external regulations (PCI-DSS, NIST, Privacy Regulations).

• Assists with and participates in annual PCI-DSS Report on Compliance (ROC) audit and Attestation of Compliance (AOC) completion for each applicable payment channel.

• Perform daily operational tasks. Tasks include (but are not limited to), responding to daily security tickets/requests; ITGC performance.

• Other duties and responsibilities as determined by Valvoline from time to time in its sole discretion.

What You'll Need to Succeed

• Bachelor's degree in business, accounting, finance, computer science, information systems, engineering, or a related field strongly preferred; or an associate degree and an IT Governance, Risk, or Compliance professional certification such as CGEIT, CRISC, or equivalent

• Minimum of two years of experience in IT, Audit, or Assurance or a minimum of two years dedicated IT GRC-related experience writing/reviewing IT policies and procedures preferred

• Experience assessing and applying regulatory requirements in a professional setting preferred

• Experience with information security frameworks and standards, as well as risk management processes, preferred

• Experience implementing and managing GRC tools and technologies, such as GRC platforms and vulnerability management systems

• CISA, CISSP, CRISC, CIA, CGEIT, PCIP, ISA preferred

• Demonstrate in-depth understanding of various compliance and regulatory areas (e.g. EU GDPR, CCPA, Sarbanes-Oxley, PCI DSS, COBIT, SOC, ISO, and NIST)

• Understanding of concepts such as information security and security governance, risk assessment and management, threat and vulnerability management, and identity and access management

• Excellent written and verbal communication skills

• Strong analytical and problem-solving skills

• Ability to work both independently and as part of a team to deliver quality work product in a timely fashion in a fast-paced environment

• Ability to multi-task and prioritize tasks

• Ability to exercise good professional judgment

• The ability to work well with people from different disciplines with varying degrees of technical experience

• Must be able to convey risks and vulnerabilities to people with varying degrees of technical experience.

• The ability to adapt to a dynamic, rapidly changing business and technical environment

• Ability to maintain confidentiality

• Must be authorized to work in the U.S.

We Take Care of the WHOLE You

• Health insurance plans (medical, dental, vision)
• HSA and flexible spending accounts
• 401(k)  
• Incentive opportunity*
• Life insurance
• Short and long-term disability insurance
• Paid vacation and holidays*
• Employee Assistance Program
• Valvoline Instant Oil Change discounts
• Tuition reimbursement*
• Adoption assistance* 

*Terms and conditions apply, and benefits may differ depending on position.

Your Path to Valvoline

Valvoline provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

Join us in revolutionizing the automotive aftermarket industry while enjoying competitive benefits, a supportive work culture, and opportunities for advancement. Apply now and become an integral part of our journey at Valvoline.

The Company endeavors to make its recruitment process accessible to any and all users.  Reasonable accommodations will be provided upon request to applicants with disabilities to facilitate equal opportunity throughout the recruitment and selection process.  Please contact Human Resources at 1.833.VVV.Report or email ECC@valvoline.com to make a request for reasonable accommodation during any aspect of the recruitment and selection process.  The contact information is for accommodation requests only; do not use this contact information to inquire about the status of applications.