Skip to main content

Governance, Risk, & Compliance Analyst

Columbus, Ohio 333 W Nationwide Blvd, 43215
Governance, Risk, & Compliance Analyst (21020200)



Under direct supervision, the GRC Analyst will be responsible for coordinating Governance, Risk, and Compliance activities to mitigate and manage risks at Chipotle. This role will assist the IT GRC team to grow and mature our risk and compliance processes to gain efficiencies and effectiveness and requires collaboration with all departments at Chipotle to ensure an acceptable risk posture for the organization, thereby enhancing the security posture for activities that impact the confidentiality, integrity, and availability of our information assets and resources, our infrastructure, and our business processes.


In addition to following Chipotle’s policies and procedures, principal accountabilities include, but are not limited to:

  • Conduct, document, and report on security risk assessments for technology systems, and internal and third-party vendor solutions.
  • Maintain policies, standards, procedures, and operational procedure documents.
  • Support procedural documentation (e.g. process flows, data flow maps, SOP's) or other work instructions to support the policies, standards, controls, and compliance readiness capabilities for SOX, PCI, and NIST CSF & RMF frameworks.
  • Maintain alignment to technology governance and control frameworks such as PCI, SOX, ISO 27001/2, COBIT, ITIL, GDPR, CCPA, and various NIST SP’s, implementing where appropriate.
  • Document and insert into the GRC tool the remediation actions taken for events, incidents, and alerts in IT control domains (SOX, PCI, NIST, etc.), internal or external audits, and/or control readiness assessments.
  • Conduct compliance testing to assess control strength in treating technology risks.
  • Report out from GRC tool the Key Performance Indicators (KPI) status of risk assessment, control effectiveness, gap remediation, third party risk management issues, and internal and external audit findings and recommendations.
  • Work cross-functionally with business partners throughout Chipotle’s organization, collaborating with management and their respective teams to drive adoption of Governance, Risk & Compliance policies, standards, principles, procedures, and requirements.
  • Facilitate Change Advisory Board requests, meetings, minutes, and ensure compliance with SOX and policy requirements; performs account provisioning PAM review activities via ServiceNow tickets.
  • May perform other duties as assigned.


  • Bachelor's Degree (BA/BS) from 4-year college or university.
  • 1-3 of experience in application IT capacity
  • Preferred: Certified Information Systems Security Professional (CISSP), Systems Security Certified Practitioner (SSCP) Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM)
  • Proficient with MS Office - Excel, Word, PowerPoint, Outlook & SharePoint
  • Working in GRC Tools, Payment Card Industry (PCI) Data Security Standards
  • Testing and validation of SOX Key Controls
  • Data security & privacy protection regulations, requirements, and best practices
  • Infrastructure, network, cloud, desktop, and mobile security regulations, requirements, and best practices
  • Excellent communication (written and verbal) skills
  • Analytical in Information Technology, Security, Privacy, or Compliance (SOX) fields
  • Advanced organizational and deadline achieving skillset


Food served fast does not have to be a typical fast-food experience.  Chipotle has always done things differently, both in and out of our restaurants. We are changing the face of fast food, starting conversations, and directly supporting efforts to shift the future of farming and food. We hope you will join us as we continue to learn, evolve, and shape what comes next on our mission to make better food accessible to everyone.

Chipotle Mexican Grill, Inc. (NYSE: CMG) is cultivating a better world by serving responsibly sourced, classically cooked, real food with wholesome ingredients without artificial colors, flavors, or preservatives. Chipotle had over 2,800 restaurants as of March 31, 2021, in the United States, Canada, the United Kingdom, France, and Germany and is the only restaurant company of its size that owns and operates all its restaurants. With over 97,000 employees passionate about providing a great guest experience, Chipotle is a longtime leader and innovator in the food industry. Chipotle is committed to making its food more accessible to everyone while continuing to be a brand with a demonstrated purpose as it leads the way in digital, technology and sustainable business practices. Steve Ells, founder, and former executive chairman, first opened Chipotle with a single restaurant in Denver, Colorado in 1993. For more information or to place an order online, visit WWW.CHIPOTLE.COM.

Primary Location: Ohio - Columbus - 8889 - 333 W Nationwide-(08889)

Work Location:
8889 - 333 W Nationwide-(08889)
333 W Nationwide Blvd
Columbus 43215

Job Information Technology Job Posting Jun. 18, 2021 Job Number 21020200

You have not viewed any jobs recently.

Dream Jobs Do Come True

Eyeing your ideal job? Sign up for alerts and we’ll let you know when the position opens up.

Already signed up? click here

By submitting this form, you are agreeing to our privacy agreement. Opens in a new window