Warby Parker is hiring a
Senior Risk Analyst

Summary

Join us at Warby Parker as we search for a motivated and experienced Governance, Risk, and Compliance (GRC) Security Analyst to support our security strategy. In this role, you will build strong relationships with internal teams, provide expert guidance on managing IT and compliance general controls, retain expertise in various compliance standards, collaborate closely with external and internal audits, and assist with ongoing risk assessments.

Requirements

• The proud owner of a degree in a computer science or an information security-related field (or equivalent work experience)
• Backed by 3+ years of experience as a cybersecurity practitioner
• Equipped with 3+ years of experience working in Governance, Risk, and Compliance functions with a specific focus as a Subject Matter Expert (SME) on Sarbanes-Oxley (SOX) compliance
• Equipped with understanding of various regulatory requirements and laws, including but not limited to Sarbanes-Oxley (SOX), PCI, HIPAA, CCPA, ISO 27001/2, ITIL, and NIST frameworks
• A well-rounded self-starter with business acumen, security technology skills, and a proven ability to align with security practices and compliance responsibilities
• A team player with excellent written and oral communication skills—you communicate clearly, kindly, and often, both within your department and across the organization
• A proactive problem-solver who is able to manage complex local and international security requirements
• A well-organized, proactive thinker with the vision to position controls in anticipation of threats

Responsibilities

• Build strong relationships with internal teams, providing expert guidance on managing, improving, and implementing effective IT and compliance general controls
• Retain expertise in one (or more!) compliance standards, including Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry (PCI), National Institute of Standards and Technology (NIST), and International Standards Organization (ISO) 27001
• Collaborate closely with external and internal audits, maintain and support audit processes with detailed documentations, reporting, and accompanying technology recommendations
• Support the design, identification, tracking, and testing of key controls for IT systems and applications that impact financial reporting for the company
• Assist with various ongoing risk assessments, analyze findings, document recommendations, and monitor and report on remediation processes to security leadership
• Monitor current and proposed security changes that may impact the regulatory, privacy, and security industries’ best practices
• Assist with ongoing policy design and modification; ensure that the Security team maintains up-to-date configuration documentation for all systems and processes

Preferred Qualifications

• Experience using GRC systems from vendors such as ProcessUnity, RSA, and ZenGRC
• Cybersecurity or risk-related certifications such as CISA, CISSP, and Security+

Benefits

• Health, vision, and dental insurance
• Life and AD&D Insurance
• Flexible vacation policy
• Paid Holidays
• Retirement savings plan with a company match
• Parental leave (non-birthing parents included)
• Short-term disability
• Employee Assistance Program (EAP)
• Bereavement Support
• Education Reimbursement
• Free eyewear