YOUR OPPORTUNITY:

Chewy is seeking a dedicated GRC Analyst that will act as the strategic lead for Chewy’s GRC programs in partnership with its leadership, partners, and Team Members. This role combines a high level of expertise in GRC principles with forward-thinking program leadership to develop and implement strategies that align with Chewy’s operational objectives, risk appetite, and regulatory requirements.
This individual will help shape the vision of GRC initiatives, driving innovative solutions, and ensuring integration of compliance across the organization. This team ensures the organization operates within regulatory requirements, with minimal risks, and upholds strong governance practices. We develop and maintain policies within industry standards and governance frameworks, providing oversight and reporting to leadership.
The team ensures the company follows regulations like GDPR, CCPA, and PCI-DSS, facilitates audit preparation, and provides training to educate employees on compliance standards. They collaborate with IT and security teams to implement robust cybersecurity controls, handle access to critical data, and prepare for incident response.
A successful GRC Analyst at Chewy will work with leadership to craft and drive alignment on Chewy’s broader GRC strategy and execution plans, and partner with Team Members and leaders across the company to drive GRC initiatives and processes.

• Creation and enhancement of scalable GRC programs, frameworks, and policies to ensure enterprise-wide consistency and efficiency.
• Collaborate with cross-functional teams to embed risk management practices into operational processes.
• Establish and maintain governance structures that ensure accountability and visibility in decision-making.
• Create, update, and socialize policies and standards to address regulatory requirements, industry standard methodologies, and organizational needs.
• Develop comprehensive risk management frameworks to identify, assess, and mitigate risks across the enterprise.
• Monitor risk indicators and provide actionable insights to executive leadership.
• Ensure compliance with applicable laws, regulations, and standards, including SOX, GDPR, CCPA, PCI DSS, and others.
• Act as a liaison with regulatory bodies, auditors, and external collaborators during reviews and audits.
• Identify and implement GRC tools and technologies to streamline processes and improve program efficiency.
• Drive innovation by exploring the use of AI, data analytics, and automation within GRC initiatives.