GRC Analyst


Posted Date
Job ID
Job Function
Information Technology
REI City
REI State
REI Location
Seattle HQ
Remote Eligible
Please visit the Covid-19 Hiring Updates before applying
What's cool about this job
REI is committed to becoming a fully inclusive, antiracist, multicultural organization. To fulfill our brand promise of enabling a life well-lived outside for everyone, we are seeking candidates who demonstrate shared values of diversity, equity, inclusion, and antiracism 

This job contributes to REI’s success by helping execute, as well as mature, our core Information Security GRC processes. As a GRC analyst, you will work in conjunction with GRC teammates to deliver on risk management, compliance, and security and awareness training activities. The GRC analyst role also works cross-functionally with business partners throughout REI, collaborating with teams to drive adoption of Governance, Risk & Compliance principles. Models and acts in accordance with REI’s guiding values and mission.

In this role you will: 
  • Demonstrating advanced understanding of complex business processes, internal control risk management, IT controls and related standards.
  • Assisting in the implementation, operation and maintenance of our common controls framework for continuously testing and monitoring of all information security controls.
  • Identifying and evaluating complex business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement.
  • Assisting with information security compliance activities, including PCI DSS and CTPAT.
  • Providing support as needed to the team in the execution of objectives.
  • Assist in designing, creating, and maintaining risk-based metrics.
Bring your passion and expertise
  • Bachelor's Degree in Accounting/Audit, Cybersecurity, Risk Management, Business Information Systems, or a related field is preferred.
  • Ability to identify, quantify, track, and lead mitigation of risks and control exceptions and communicate results to department leadership.
  • One to three years of experience in security governance, risk management, compliance, audit, internal controls, or other security related areas and a minimum of five years of total work experience.
  • Knowledge of control development, monitoring and reporting in enterprise environments.
  • A strong understanding in one or more of the following industry compliance and security standards and frameworks: ISO 27001, ITIL, COBIT, PCI DSS, SOC 2, CSA,CCM, CIS Benchmarks and NIST frameworks.

At REI we offer an enviable work environment that Fortune Magazine has recognized on the "100 Best Places to Work" list since the award's inception – 23 years in a row! Sure, we work hard, but it’s balanced with time off to play—a strategy that works for us as we continue to grow and thrive. Want to enjoy a workplace where you can be yourself, be heard and be respected while having a job that challenges you? This is the place.

With more than 160 retail locations (and growing), REI offers unique competitive benefits to its more than 15,000 employees, including healthcare, gear and apparel discounts, free equipment rentals and challenge grants to help employees reach personal outdoor goals, generous retirement plan contributions, public transit subsidy, adoptions assistance, paid sabbaticals, and more.

REI is an Equal Opportunity Employer

Posting Range
$55,000 to $110,000 per year
ARTICLE 23-A, Section 753

§753. Factors to be considered concerning a previous criminal conviction; presumption.

1. In making a determination pursuant to section seven hundred fifty-two of this chapter, the public agency or private employer shall consider the following factors:

(a) The public policy of this state, as expressed in this act, to encourage the licensure and employment of persons previously convicted of one or more criminal offenses.

(b) The specific duties and responsibilities necessarily related to the license or employment sought or held by the person.

(c) The bearing, if any, the criminal offense or offenses for which the person was previously convicted will have on his fitness or ability to perform one or more such duties or responsibilities.

(d) The time which has elapsed since the occurrence of the criminal offense or offenses.

(e) The age of the person at the time of occurrence of the criminal offense or offenses.

(f) The seriousness of the offense or offenses.

(g) Any information produced by the person, or produced on his behalf, in regard to his rehabilitation and good conduct.

(h) The legitimate interest of the public agency or private employer in protecting property, and the safety and welfare of specific individuals or the general public.

2. In making a determination pursuant to section seven hundred fifty-two of this chapter, the public agency or private employer shall also give consideration to a certificate of relief from disabilities or a certificate of good conduct issued to the applicant, which certificate shall create a presumption of rehabilitation in regard to the offense or offenses specified therein.