Governance, Risk, and Compliance (GRC) Analyst

at  Vail Resorts Corporate

Our mission is to create the Experience of a Lifetime for our employees, so they can, in turn, create the Experience of a Lifetime for our guests. We own and operate the most renowned destination resorts in the world as well as regional and local ski areas outside major cities, and connect them all through one unrivaled network. We are looking for ambitious leaders, innovators and creators to join our talented team. If you’re ready to pursue your fullest potential, we want to get to know you!
Candidates for year-round positions are reviewed on a rolling basis. Applications will be accepted up to 90 days after the posting date, or until the position is filled (whichever is first).

JOB SUMMARY:

As a Governance, Risk, and Compliance (GRC) Analyst, you will be responsible for supporting IT and Business personnel in meeting our Information Security and GRC objectives. This role will involve assisting in the implementation and maintenance of our technology GRC program, contributing to various compliance activities, and fostering a security-aware culture through education and training.

JOB QUALIFICATIONS:

• Bachelor’s degree or equivalent experience in Business, Technology, or related field.
• Familiarity of key concepts in Technology Compliance, Information Security, Risk Management, and Privacy requirements
• Successful regular partnership with IT teams, process owners, and Business teams
• Understanding of corporate Information Security Governance, Risk, Compliance, and Privacy functions
• Experiencing supporting industry and regulatory compliance frameworks such as PCI, ISO, NIST, and Sarbanes-Oxley
• Applies critical thinking to generate new thoughts and opportunities; has ability to collaborate and build on innovative thoughts/ideas
• Informed on industry standards and practices, and a forward thinker on new and innovative approaches

JOB RESPONSIBILITIES:

The Analyst’s day-to-day activities include implementation and maintenance of our technology GRC&P program, including but not limited to the following program components:

• Primary
• Assist in Sarbanes Oxley (SOX) compliance activities, including control execution and documentation.
• Collaborate with internal stakeholders and the QSA during the annual Payment Card Industry (PCI) compliance audit.
• Guide team members on approach and steps for finalizing control population, sampling, re-testing, exception reporting, and tracking requirements.
• Assist in enforcing policy and maintaining our policy inventory.
• Secondary
• Support the development and maintenance of IT Governance processes (policies, procedures, security awareness training, etc.).
• Contribute to annual Risk Management activities (risk assessments, third-party risk management, security testing, etc.).
• Assist our Data Privacy team with various compliance efforts.

As a key member on the Information Security Team, reporting to Principal Analyst of GRC&P, this role will play a critical role in sustaining our existing environment, strive for excellence and additional maturity throughout our processes, and nurturing a security engaged culture across the organization.

ESSENTIAL RESPONSIBILITIES:

• Drive: Develop and drive the ownership and accountability of GRC and IT Compliance objectives, supporting IT and Business initiatives.
• Assist Information Security, IT application teams, Business Leadership in execution of roadmaps driving increased maturity into our compliance ecosystem.
• Be a strong self-starter and step up when and where the team and organization need you.
• Hold teams accountable for their Information Security and Compliance obligations and escalate issues in a timely fashion.
• Demonstrate strong, clear, and concise communications skills.
• Connect: Inspire trust and build strong, authentic, productive relationships within the organization and with key stakeholders.
• Develop and maintain positive, collaborative relationships with all constituents including business and IT peers and leaders.
• Engage broadly and deeply across the organization to quickly connect information and people to drive enterprise projects, programs, and initiatives.
• Partner with stakeholders to understand their drivers and needs and use that knowledge and those relationships to drive effective prioritization and roadmaps for delivery.
• Develop: Create an environment of continual improvement both inside and outside of direct team.
• Be open to seeking and providing feedback creating a culture of candor and positive intent.
• Demonstrate the ability to learn and develop as a self-starter requiring little direction. We are looking for someone who shows the potential to do more and is a natural leader.
• Be a Producer of Talent by enabling and educating employees across the organization on GRC objectives.
• Out Front: Anticipate the needs of the business and facilitate as well as motivate those around you to identify solutions that both improve the security of our environment and advance business objectives.
• Maintain an external network to ensure our organization continuously analyzes new threats, trends, innovations, etc. and ensures our strategy and priorities stay appropriately aligned.
• Be curious about our business and seek to understand our strategy, business practices, and projects so we can support our business strategy AND ensure we meet our Information Security, Technology Risk, Compliance, and Privacy objectives.
• Assist in the development and execution of education, standards and guidelines that will seamlessly incorporate GRC objectives into repeatable business initiatives enabling us to continue to grow and scale.
• Re-Imagine: Bring new ideas, methods, and approaches to Vail Resorts and this role. Leverage personal expertise to challenge the status quo and drive decisions and actions necessary to improve our business processes and related technology.
• Evolve current GRC practices to align with recent growth and ensure repeatability and scalability.
• Thoughtfully analyze all potential options and outcomes to drive the best possible solutions and recommendations.
• Passion: Demonstrate an unyielding passion for the employee and guest experience, culture, mission and vision. Lead by example and inspire others to follow.

Full Time roles are eligible for the above, plus:

• Health Insurance; Medical Insurance, Dental Insurance, and Vision Insurance plans (for eligible seasonal employees after working 500 hours)
• Free ski passes for dependents
• Critical Illness and Accident plan