Senior Analyst, Governance, Risk and Compliance

About the role

Chipotle is seeking a Senior Analyst to lead Governance, Risk and Compliance (GRC) initiatives across the organization. Based in Newport Beach, CA, you will work closely with all departments to ensure that policies, procedures, and security frameworks protect the confidentiality, integrity, and availability of our applications, infrastructure, and business processes.

Key responsibilities

• Develop, implement, and maintain security awareness training and phishing campaigns for the entire company.
• Collaborate with GRC leadership to roll out global policies, regulatory updates, and risk frameworks.
• Monitor industry standards, especially PCI‑DSS, and recommend adjustments to the compliance program.
• Conduct risk assessments, audits, and control testing to verify compliance with PCI‑DSS, SOX, and internal security policies.
• Support and enhance the Third‑Party Risk Management program, including vendor risk assessments and use of Viso Trust.
• Track remediation of non‑compliance issues, manage policy exceptions, and ensure timely resolution.
• Participate in incident response as a scribe and on‑call team member, documenting events and actions.

Required profile

• Strong understanding of GRC concepts and regulatory requirements such as PCI‑DSS and SOX.
• Experience creating and enforcing security policies and procedures.
• Ability to work collaboratively across multiple business units.
• Excellent analytical and communication skills.

Required skills

• PCI‑DSS
• SOX
• Viso Trust