Sr. Governance Risk Compliance (GRC) Analyst

Posted Date: Dec- 2-2021

Job ID: 21828

Job Type: Full Time

Job Function: Information Technology

City: Seattle

State: Washington

Store: Seattle HQ

Remote Eligible: Yes

Please visit the Covid-19 Hiring Updates before applying

What's cool about this job

At REI, we believe that a life outdoors is a life well lived. As an employee of REI, you will have that REI Co-op, e opportunity to shape what it means to be a Co-op Member. REI is more than an outdoor retailer – our members engage with us in experiences, content and community, advocacy and more.

This job contributes to REI’s success by helping build out and mature core GRC processes into defined, repeatable activities. As a Senior GRC analyst, you will work in conjunction with GRC leadership to define and implement strategic risk-based decisions. The Senior GRC analyst role also works cross-functionally with business partners throughout REI, collaborating with management and their respective teams to drive adoption of Governance, Risk & Compliance principles.

Bring your passion and expertise


  • Help develop and maintain an information security risk register to assist in the prioritization of key risks and to aggregate risks for the Enterprise Risk Management program.
  • Maintain and update REI’s common controls framework.
  • Monitor internal compliance against information security governance frameworks by conducting routine testing and internal control reviews.
  • Identify and communicate control gaps, evaluate management remediation action plans, and provide ongoing monitoring of resolution through briefings to senior management.
  • Provide expertise and consult with the objective of helping the organization manage risk to an acceptable level.
  • Identify and create metrics and dashboards to quantify and measure the impact of information security GRC processes.
  • Focus on continuous improvement of operational processes and designing innovative and automated functionality for added efficiency.
  • Maintain awareness of external regulations and industry standards for new or modified requirements.
  • Support security awareness efforts and help maintain awareness materials.


  • 5+ years of security governance, risk management compliance, and internal security controls experience
  • Operational process design, improvement and implementation experience
  • Advanced understanding in one or more of the following compliance areas: ISO 27001, ITIL, COBIT, PCI DSS, SOC 2, CSA, CCM, CIS Benchmarks, and NIST frameworks
  • Preferred industry qualifications: CISA, CISSP, CISM, CRISC, CIA, or related certifications

As required by the Colorado Equal Pay Transparency Act, REI provides a range of minimum compensation for roles that may be hired in Colorado. Factors that may be used to determine your actual salary may include a wide array of factors, including: your specific skills and experience, geographic location or other relevant factors. The salary range for this position may be lower or higher in different markets.

$75,000 to $147,500 per year

To review benefits information, including medical, retirement, and time off visit

At REI we offer an enviable work environment that Fortune Magazine has recognized on the "100 Best Places to Work" list since the award's inception – 23 years in a row! Sure, we work hard, but it’s balanced with time off to play—a strategy that works for us as we continue to grow and thrive. Want to enjoy a workplace where you can be yourself, be heard and be respected while having a job that challenges you? This is the place.

With more than 160 retail locations (and growing), REI offers unique competitive benefits to its more than 15,000 employees, including healthcare, gear and apparel discounts, free equipment rentals and challenge grants to help employees reach personal outdoor goals, generous retirement plan contributions, public transit subsidy, adoptions assistance, paid sabbaticals, and more.

REI is an Equal Opportunity Employer

ARTICLE 23-A, Section 753

§753. Factors to be considered concerning a previous criminal conviction; presumption.

1. In making a determination pursuant to section seven hundred fifty-two of this chapter, the public agency or private employer shall consider the following factors:

(a) The public policy of this state, as expressed in this act, to encourage the licensure and employment of persons previously convicted of one or more criminal offenses.

(b) The specific duties and responsibilities necessarily related to the license or employment sought or held by the person.

(c) The bearing, if any, the criminal offense or offenses for which the person was previously convicted will have on his fitness or ability to perform one or more such duties or responsibilities.

(d) The time which has elapsed since the occurrence of the criminal offense or offenses.

(e) The age of the person at the time of occurrence of the criminal offense or offenses.

(f) The seriousness of the offense or offenses.

(g) Any information produced by the person, or produced on his behalf, in regard to his rehabilitation and good conduct.

(h) The legitimate interest of the public agency or private employer in protecting property, and the safety and welfare of specific individuals or the general public.

2. In making a determination pursuant to section seven hundred fifty-two of this chapter, the public agency or private employer shall also give consideration to a certificate of relief from disabilities or a certificate of good conduct issued to the applicant, which certificate shall create a presumption of rehabilitation in regard to the offense or offenses specified therein.