Senior Analyst, Governance, Risk & Compliance

CULTIVATE A BETTER WORLD

Food served fast does not have to be a typical fast-food experience. Chipotle has always done things differently, both in and out of our restaurants. We are changing the face of fast food, starting conversations, and directly supporting efforts to shift the future of farming and food. We hope you will join us as we continue to learn, evolve, and shape what comes next on our mission to make better food accessible to everyone.

THE OPPORTUNITY

As the Senior Analyst, Governance, Risk & Compliance, you will collaborate with all departments at Chipotle to ensure compliance with policies and other activities which impact the confidentiality, integrity, and availability of our application, infrastructure, and business processes.  The role will require the creation of new policies and procedures while recommending, implementing, and ensuring compliance with appropriate information security frameworks and standards all while keeping in mind the efficiencies that can be gained for those fulfilling the policy and/or procedure.

LOCATION

This position will be based in our Columbus, OH office 4 days per week (with work from home on Friday). Remote work is not available for this role.

WHAT YOU’LL DO

• Strong candidates are motivated by what they can achieve, growth they could experience and how they will impact the company.

• Participate in the development and implementation of security awareness trainings and phishing campaigns for the whole organization. Collect data for analysis and continuously improve the organization’s security posture. 

• Work closely with GRC Leadership to implement global policies, regulatory changes, and risk frameworks across products and systems.

• Stay up to date in industry trends and best practices, including monitoring for changes in PCI-DSS and recommending necessary adjustments to our compliance program.  Contribute to the development of audit process improvements.

• Provide guidance and support to internal project teams to ensure new systems, applications, or processes are designed and implemented in accordance with relevant standards. 

• Perform risk assessments, audits, and control testing to ensure Chipotle systems and processes remain in compliance with applicable regulations (PCI-DSS, SOX) and internal Information Security policies, ensuring evidence is collected, reviewed, and maintained to meet compliance objectives. 

• Support and enhance the Third-Party Risk Management (TPRM) program, including conducting vendor risk assessments, reviewing security documentation, leveraging tools such as Viso Trust, and partnering with stakeholders to manage third-party risk throughout the vendor lifecycle.

• Monitor and track remediation efforts for identified non-compliance issues to ensure timely resolution, including managing policy exceptions and violations. 

• Participate in incident response activities as a Scribe and on-call team member, ensuring accurate documentation of events, timelines, decisions, and actions during security incidents, and supporting post-incident reviews and reporting.

• Create written reports and dashboards for monitoring compliance and communicating status with business leaders. 

• Assist in coordinating annual on-site audits and preparing compliance reports for submission to external stakeholders. 

• Review change management tickets and associated evidence to validate control effectiveness and audit readiness, ensuring completeness, accuracy, and alignment with compliance requirements.

• Assist with other compliance team projects as required to meet evolving regulatory and compliance needs and objectives. 

• Assist in architecting and improving a suite of GRC tools to automate controls, risk data collection, monitoring, and governance procedures. 

• Develop and maintain policies and standards in support of operational and compliance goals, including creating supporting operational work instructions where it would be most effective. 

• Develop, execute, and/or coordinate governance structures to align with industry and compliance frameworks such as PCI, SOX, and NIST CSF. 

WHAT YOU’LL BRING TO THE TABLE

• Bachelor’s degree in computer science, Information Technology, or related field preferred. 

• Strong understanding of cloud technologies, API systems, infrastructure, network, and mobile security regulations, requirements, and best practices.

• Technical depth in Information Technology, Security, Privacy, or Compliance fields.  

• Advanced organizational skills with the ability to manage multiple priorities and meet deadlines.

• 5+ years of experience working in risk and compliance management frameworks, risk-based solutions, and control frameworks.

• Strong experience managing enterprise risks and driving mitigation efforts. 

• 5+ years of experience managing audit scope, interfacing with technologists and business representatives, and supporting external and internal audits. 

• Hands-on experience with Third-Party Risk Management (TPRM), including vendor assessments, due diligence, and ongoing risk monitoring.

• Experience supporting or participating in incident response activities, including documentation, coordination, and post-incident analysis.

• Experience reviewing change management processes and validating audit evidence for compliance and control effectiveness.

• Ability to work effectively in complex environments, both independently and collaboratively within a team. 

• CISSP, CISM, CISA, PCIP, PCI ISA certifications preferred. 

• Highly analytical and effective communicator capable of influencing cross-functional teams and stakeholders. 

PAY TRANSPARENCY

A reasonable estimate of the current base pay range for this position is $99,000.00–$139,500.00. You are also eligible for annual cash bonuses and equity awards based upon performance and other factors. Actual compensation offered may vary depending on skill level, experience, and/or education. Chipotle offers a competitive total rewards package, which includes medical, dental, and vision insurance, 401k, sick leave, vacation time, and much more. Visit https://jobs.chipotle.com/benefits for more details.

WHO WE ARE

Chipotle Mexican Grill, Inc. (NYSE: CMG) is cultivating a better world by serving responsibly sourced, classically cooked, real food with wholesome ingredients without artificial colors, flavors or preservatives. Chipotle has restaurants in the United States, Canada, the United Kingdom, France and Germany and is the only restaurant company of its size that owns and operates all its restaurants in North America and Europe. With employees passionate about providing a great guest experience, Chipotle is a longtime leader and innovator in the food industry. Chipotle is committed to making its food more accessible to everyone while continuing to be a brand with a demonstrated purpose as it leads the way in digital, technology and sustainable business practices. For more information or to place an order online, visit WWW.CHIPOTLE.COM

Chipotle Mexican Grill is an equal opportunity employer that values diversity at all levels. As a people-first company rooted in values, our purpose extends beyond serving nutritious food using real ingredients. It means hiring world-class individuals and fostering a culture that champions diversity, ensures equity, and celebrates inclusion. All qualified applicants, regardless of personal characteristics, are encouraged to apply.  

Qualified applicants with disabilities may be entitled to reasonable accommodation under the terms of the Americans with Disabilities Act and/or certain state or local laws. Please contact ADAaccommodations@chipotle.comif you need an accommodation due to a disability to complete an application, job interview, and/or to otherwise participate in the hiring process. This email does not respond to non-accommodations related requests.