Sr. IT GRC Analyst

It All Starts with Our People

As the leader in automotive preventive maintenance, Valvoline has a proven track record of growth. We continue to invest in our people, processes, and technology to strengthen our ability to efficiently deliver Quick, Easy, Trusted service across all our stores – every day. We're not just in the car business; we're in the people business. And we're looking for humble, hungry, and smart people to help us shape the future of mobility. If you're hungry to drive change and seek a dynamic, collaborative environment that fuels both personal and professional growth, you've found your place with us.

Our highest priority is creating a welcoming workplace with team members from a wide variety of diverse backgrounds and experiences.

The Opportunity

Valvoline has a rewarding opportunity as a Senior Governance Risk & Compliance (GRC) Analyst. In this role, you will support Valvoline’s IT GRC functions and perform security and risk assessments, audit support, and framework and regulatory compliance (SOX, PCI, NIST, etc.). While partnering with IT, Information Security, and audit resources, you will support documentation and review, reporting and analytics, and maintaining appropriate records related to policy, procedures, control self-assessments, risk, etc.

How You'll Make a Difference

• Supporting Valvoline’s risk management program by performing risk assessments to identify security risks and oversee the risk register.
• Collaborating on identified program deficiencies and gaps from internal and external resources, determining appropriate mitigation strategies.
• Assisting with measuring security program maturity and building plans for increasing maturity and organizational alignment.
• Assisting the IT Security team in identifying, assessing, and mitigating security risks, ensuring compliance with relevant regulations and standards.
• Coordinating performance of annual PCI DSS report on Compliance (ROC) and Attestation of Compliance (AOC).
• Participating in incident response tabletops, recovery and/or penetration testing, and other compliance activities.
• Other duties as determined by Valvoline.

What You'll Need to Succeed

• Bachelor’s degree in business, accounting, finance, computer science, information systems, engineering, or a related field strongly preferred
• Minimum of five years years in a GRC related role with experience in:
  • Assessing risks, vulnerabilities, and mitigating controls
  • PCI Compliance environment
  • Information security frameworks and standards as well as risk management processes
  • Assessing and applying regulatory requirements in a professional setting
• One of CISA, CRISC, CISM, PCI-ISA certification is preferred
• Working knowledge of various compliance and regulatory areas (e.g. Sarbanes-Oxley, PCI DSS, COBIT, SOC, ISO, and NIST)
• Understanding of common IT technologies and concepts such as: security governance and risk assessment with a thorough understanding of risk management principles and methodologies
• Recommend and influence business process changes for Information Security policies, standards and processes
• Excellent communication, analytical, and problem solving skills
• Work independently, as part of a team, and multitask as needed
• Work and communicate well with people from different disciplines with varying degrees of technical experience
• Adapt to a dynamic, rapidly changing business and technical environment
• Maintain confidentiality
• Must be authroized to work in the U.S.

We Take Care of the WHOLE You

• Health insurance plans (medical, dental, vision)
• HSA and flexible spending accounts
• 401(k)
• Incentive opportunity*
• Life insurance
• Short and long-term disability insurance
• Paid vacation and holidays*
• Employee Assistance Program
• Valvoline Instant Oil Change discounts
• Tuition reimbursement*
• Adoption assistance*

*Terms and conditions apply, and benefits may differ depending on position.

Your Path to Valvoline

Valvoline provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

Join us in revolutionizing the automotive aftermarket industry while enjoying competitive benefits, a supportive work culture, and opportunities for advancement. Apply now and become an integral part of our journey at Valvoline.

The Company endeavors to make its recruitment process accessible to any and all users. Reasonable accommodations will be provided upon request to applicants with disabilities to facilitate equal opportunity throughout the recruitment and selection process. Please contact Human Resources at 1.833.VVV.Report or email ECC@valvoline.comto make a request for reasonable accommodation during any aspect of the recruitment and selection process. The contact information is for accommodation requests only; do not use this contact information to inquire about the status of applications.