|Preferred GIAC Certifications||GISP, GSEC, GISF, GWEB, GCSA, GCIH, GCPM, GSTRT, GSNA|
|Contact Name||Chris Vucic|
Overview of the job:
· Conduct, document, and report on security risk assessments for technology systems, and internal and third-party vendor solutions.
· Develop automation for loading security data and completing security tool integrations into GRC platform
· Designing and creating data interfaces to integrate GRC capabilities into corporate or 3rd party systems
· Designing and developing custom solutions to address various business needs in order to drive efficiency within the organization
· Create and update product integration scripts and produce documentation
· Maintain alignment to technology governance and control frameworks such as PCI, SOX, and NIST CSF implementing where appropriate.
· Document the remediation actions taken for events, incidents, and alerts.
· Conduct compliance testing to assess control strength in treating technology risks.
· Report out from GRC tool the Key Performance Indicators (KPI) status of risk assessment, control effectiveness, gap remediation, third party risk management issues, and internal and external audit findings and recommendations.
· Work cross-functionally with business partners throughout Chipotle’s organization, collaborating with management and their respective teams to drive adoption of Governance, Risk & Compliance policies, standards, principles, procedures, and requirements.
· May perform other duties as assigned.
WHAT YOU’LL BRING TO THE TABLE:
· Bachelor's Degree (BA/BS) from 4-year college or university in Information Technology, Computer Science, or a minimum of 5 years in IT with direct experience with API integrations and/or scripting experience.
· C#, .NET technologies, WebAPI experience required
· Knowledge of HTML, CSS
· Knowledge of Relational and Non-Relational data stores – i.e. SQL Server, Oracle, Cosmos DB, Mongo DB.
· Ability to work independently and produce required results with minimal supervision
· Hands-on experience with data manipulation of both structured and unstructured data including data exchange, transformation, and loading via APIs and scripts
· Demonstrated success working on a high functioning team
· Working knowledge of cybersecurity control frameworks
· Infrastructure, network, cloud, desktop, and mobile security regulations, requirements, and best practices
· Excellent written and verbal communication
· Analytical in Information Technology, Security, Privacy, or Compliance fields
· Advanced organizational and deadline achieving skillset