This Governance, Risk, and Compliance (GRC) position contributes to Starbucks success by conducting assessments, measuring program effectiveness, and driving capability process improvements. As a GRC analyst, you will work in conjunction with GRC leadership to define and implement strategic risk-based decisions, and build relationships across the organization. The senior GRC analyst role also works cross-functionally with business partners throughout the Starbucks Technology organization and Starbucks enterprise, collaborating with management and their respective teams in order to drive adoption of Governance, Risk & Compliance principles.
Models and acts in accordance with Starbucks guiding principles.
Summary of Key Responsibilities
Responsibilities and essential job functions include but are not limited to the following:
* Develops and manages complex control frameworks
o Conducts technology control assessments in support of business requirements
o Designs and develops requirements based technology control models to meet regulatory needs
o Creates and monitors the performance of user access review (UAR) and segregation of duties (SOD) SOX controls
o Supports control design and effectiveness testing to assess control strength in treating technology risks
o Manages control exceptions or deficiencies tracking and monitoring, assisting with remediation development within Starbucks Technology, and acting as a liaison to Internal or External Audit entities
o Develops remediation models for events and alerts in IT control domains, internal or external audits, and / or control readiness assessments
o Coodinates alignment to technology governance and control frameworks such as ISO 27001, COBIT, GAPP, and various NIST SP's, implementing where appropriate
o Identifies, reports, and assists in resolving legal or regulatory compliance, control gaps, or governance (oversight / monitoring) gaps
o Develops and manages the lifecycle of policies, procedures and standards, normalizing and rationalizing technology requirements within those governance tools
o Assists in creation of goal-based metrics models (e.g. GQM) across all capability areas within Governance, Risk & Compliance
* Designs and consults on process workflow improvements in support of technology controls readiness or compliance management functions
o Builds procedural documentation (e.g. process flows, data flow maps, SOP's) or other work instructions to support the Controls & Compliance Readiness capabilities
o Develops, reviews and approves procedural and process documentation (e.g. work instructions, playbooks, leading practice guidelines, hassle maps)
* Build relationships across the organization
o Assesses technology systems supporting Governance, Risk & Compliance programs and consults with teams to protect data, tracking and reacting to variances to established baselines; recommends opportunities for improvement
o Brings a consultative approach to developing and presenting solutions, assisting with prioritization of workload to strategic and tactical goals for themselves and other GRC analysts
o Plans and designs technology compliance awareness and education campaigns to encourage adoption of and adherence to requirements in Starbucks Technology Standards
o Coaches, mentors and trains other GRC analysts, effectively multiplying intelligence and skills inside of the team
Summary of Experience
* IT compliance (SOX, PCI, internal controls), IT risk management, Internal Audit or Data Privacy fields, or in a related area - 3 - 5 years * Certifications such as CISSP, CISA, CIPP and other technical certifications are desired
Required Knowledge, Skills and Abilities
* Ability to:
o Collaborate across teams, both internal and external to Governance, Risk & Compliance, fostering engagement and building relationships - while acting as an analyst, engineer, and advisor
o Communicate clearly and concisely, both verbally and in writing; active listening skills
o Plan, organize and prioritize tasks and provide guidance to others
o Work in a fast paced and dynamic work environment, handle ambiguity, and maintain productivity
o Improve individual job skills through training, self-research and self-study
* Experience with:
o Designing IT controls (functional, operational, or technical), developing or enhancing existing IT control processes, or developing continuous controls monitoring processes
o Using GRC workflow platforms such as Archer
o Leading SOX or PCI or other regulatory audits or readiness assessments
o Performing, monitoring, or assessing user access review (UAR) and segregation of duties (SOD) SOX controls
o Assessing, developing or executing a management framework such as ISO 27001, a control framework such as COBIT, or a principle framework such as GAPP
o Developing common control frameworks (CCF) or conducting cross-controls mapping
o Developing goal-based metrics or reporting, utilizing either a common framework such as Goal-Question-Metric (GQM) or equivalent
o Working with Cloud technologies/environments, including evaluating and implementing controls on Software as a Service (SaaS)
o Utilizing data analysis and visualization tools such as Tableau, Power BI, or R
o Developing code such as Python, R, Powershell
Puts the Customer First: Has a relentless focus on the customer. Understands what the customer wants and how to best deliver the experience.
Works Well with Others: Listens and communicates well with others within and outside of Starbucks. Creates a team environment that is positive and productive.
Leads Courageously: Takes personal responsibility to do the right thing, and persists in times of challenge or uncertainty. Adapts quickly to change and makes timely, thoughtful decisions.
Develops Continuously: Continuously seek opportunities to improve self and others. Leads with trust, honesty and commitment to hire, coach and develop partners to achieve their potential.
Achieves Results: Understands what drives overall business success and is accountable to prioritize and deliver quality results. Demonstrates knowledge of core products and processes to get results. Anticipates obstacles and takes action to prevent or minimize their impact.
Starbucks and its brands are an equal opportunity employer of all qualified individuals, including minorities, women, veterans and individuals with disabilities. Starbucks will consider for employment qualified applicants with criminal histories in a manner consistent with all federal, state, and local ordinances.
Starbucks is a chain of restaurants that retails handcrafted coffee, tea, and fresh food items.