Senior Risk Analyst

At Warby Parker, we’ve proven that businesses can scale, be profitable, and do good in the world. Now, we’re searching for a motivated and experienced Governance, Risk, and Compliance (GRC) Security Analyst to help us on this mission. In this role, you will be supporting the security strategy of the business within new and existing information system capabilities. Consequently, the position requires both an understanding of legacy systems, as well as the latest technologies and requirements. As a key member of the Security team, the GRC Security Analyst must focus not only on compliance, but also on proactive risk management and overall corporate resiliency.

What you’ll do:

• Build strong relationships with internal teams, providing expert guidance on managing, improving, and implementing effective IT and compliance general controls
• Retain expertise in one (or more!) compliance standards, including Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry (PCI), National Institute of Standards and Technology (NIST), and International Standards Organization (ISO) 27001
• Collaborate closely with external and internal audits, maintain and support audit processes with detailed documentation, reporting, and accompanying technology recommendations
• Support the design, identification, tracking, and testing of key controls for IT systems and applications that impact financial reporting for the company
• Assist with various ongoing risk assessments, analyze findings, document recommendations, and monitor and report on remediation processes to security leadership
• Monitor current and proposed security changes that may impact the regulatory, privacy, and security industries’ best practices
• Assist with ongoing policy design and modification; ensure that the Security team maintains up-to-date configuration documentation for all systems and processes

Who you are:

• The proud owner of a degree in a computer science or an information security-related field (or equivalent work experience)
• Backed by 3+ years of experience as a cybersecurity practitioner
• Equipped with 3+ years of experience working in Governance, Risk, and Compliance functions with a specific focus as a Subject Matter Expert (SME) on Sarbanes-Oxley (SOX) compliance
• Equipped with an understanding of various regulatory requirements and laws, including but not limited to Sarbanes-Oxley (SOX), PCI, HIPAA, CCPA, ISO 27001/2, ITIL, and NIST frameworks
• A well-rounded self-starter with business acumen, security technology skills, and a  proven ability to align with security practices and compliance responsibilities 
• A team player with excellent written and oral communication skills—you communicate clearly, kindly, and often, both within your department and across the organization
• A proactive problem-solver who is able to manage complex local and international security requirements
• A well-organized, proactive thinker with the vision to position controls in anticipation of threats 

Extra credit:

• Experience using GRC systems from vendors such as ProcessUnity, RSA, and ZenGRC
• Cybersecurity or risk-related certifications such as CISA, CISSP, and Security+

Some benefits of working at Warby Parker for full-time employees:

• Health, vision, and dental insurance
• Life and AD&D Insurance
• Flexible vacation policy
• Paid Holidays
• Retirement savings plan with a company match
• Parental leave (non-birthing parents included)
• Short-term disability
• Employee Assistance Program (EAP)
• Bereavement Support
• Education Reimbursement
• Free eyewear
• And more (just ask!)