Starbucks Seattle , WA 98113
Job Summary and Mission
This position contributes to Starbucks success by conducting assessments, measuring program effectiveness, and driving capability process improvements as part of the Governance, Risk & Compliance (GRC) team in the Office of the CTO. As a senior GRC analyst you will work in conjunction with GRC leadership to define and implement the strategic direction and build out of capabilities within the team. The senior GRC analyst role also works cross-functionally with business partners throughout the Starbucks Technology organization and Starbucks enterprise, collaborating with management and their respective teams in order to drive adoption of Governance, Risk & Compliance principles. Models and acts in accordance with Starbucks guiding principles.
Summary of Key Responsibilities
Responsibilities and essential job functions include but are not limited to the following:
Conducts technology control assessments in support of business requirements.
Designs and consults on process workflow improvements in support of technology controls readiness or compliance management functions.
Builds procedural documentation (e.g. process flows, data flow maps, SOP's) or other work instructions to support the Controls & Compliance Readiness capabilities.
Develops and coodinates alignment to technology governance and control frameworks such as ISO 27001, COBIT, GAPP, and various NIST SP's, implementing where appropriate.
Develops remediation models for events and alerts in IT control domains, internal or external audits, and / or control readiness assessments.
Assesses technology systems supporting Governance, Risk & Compliance programs and consults with teams to protect data, tracking and reacting to variances to established baselines; recommends opportunities for improvement.
Identifies, reports, and assists in resolving legal or regulatory compliance, control gaps, or governance (oversight / monitoring) gaps.
Consultative approach to developing and presenting solutions, assisting with prioritization of workload to strategic and tactical goals for themselves and other GRC analysts.
Implements control design and effectiveness testing to assess control strength in treating technology risks.
Manages control exceptions or deficiencies tracking and monitoring, assisting with remediation development within Starbucks Technology, and acting as a liaison to Internal or External Audit entities.
Develops and manages the lifecycle of policies, procedures and standards, normalizing and rationalizing technology requirements within those governance tools.
Designs and develops requirements based technology control models to meet regulatory needs.
Creatively plans and designs implementation of technology compliance awareness and education campaigns to encourage adoption of and adherence to requirements in Starbucks Technology Standards.
Assists in development of goal-based metrics models (e.g. GQM) across all capability areas within Governance, Risk & Compliance and the Office of the CTO.
Develops, reviews and approves procedural and process documentation (e.g. work instructions, playbooks, leading practice guidelines, hassle maps).
Coaches, mentors and trains other GRC analysts, effectively multiplying intelligence and skills inside of the team.
Summary of Experience
IT compliance (SOX, PCI, internal controls), IT risk management, Internal Audit or Data Privacy fields, or in a related area (3-5 years)
Certifications such as CISSP, CISA, CIPP and other technical certifications are desired.
Bachelor's degree or equivalent professional experience
Required Knowledge, Skills and Abilities
Ability to collaborate across teams, both internal and external to Governance, Risk & Compliance, fostering engagement and building relationships.
Demonstrated ability to improve individual job skills through training, self-research and self-study
Ability to communicate clearly and concisely, both verbally and in writing; active listening skills
Ability to plan, organize and prioritize tasks and provide guidance to others
Strong IT controls design and engineering skills; code development skills such as Python, R, Powershell preferred.
Ability to work in a dynamic work environment, handle ambiguity and maintain productivity.
Experience leading SOX or PCI or other regulatory audits or readiness assessments.
Experience developing or enhancing existing IT control processes, or developing continuous controls monitoring processes.
Experience in assessing, developing or executing to a management framework such as ISO 27001, a control framework such as COBIT, or principle framework such as GAPP, preferred.
Experience developing common control frameworks (CCF) or conducting cross-controls mapping, preferred.
Experience in goal-based metrics development or reporting utilizing either a common framework such as Goal-Question-Metric (GQM) or equivalent, preferred.
Experience with Archer or similar GRC workflow platform, preferred.
Experience building functional, operational or technical requirements, preferred.
Experience utilizing data analysis and visualization tools such as PowerPivot, R, or Tableau, desired.
Starbucks and its brands are an equal opportunity employer of all qualified individuals, including minorities, women, veterans & individuals with disabilities. Starbucks will consider for employment qualified applicants with criminal histories in a manner consistent with all federal, state, and local ordinances.