It Compliance Analyst at Chewy

What you'd actually do

Assist in assessing risk statements and mapping controls to established compliance frameworks such as PCI and NIST.

Participate in the execution of PCI assessments across the organization, including evidence collection, documentation review and coordination with control owners.

Support subject matter experts in maintaining and validating control effectiveness, audit readiness and risk management processes.

Contribute to governance, risk & compliance initiatives by assisting with compliance framework implementations.

Help maintain risk registers, track remediation activities and follow up on action plans.

Skills

Required

Bachelor's degree or higher in Computer Science, Computer Information Systems, or similar; or equivalent experience.
Familiarity with industry frameworks and standards such as PCI-DSS, NIST CSF, NIST 800-53, SOC 2 or similar.
Comfortable reading, interpreting and analyzing policy documents, audit reports and technical control descriptions.
Strong attention to detail and ability to organize and manage documentation effectively.
Basic understanding of IT infrastructure, cloud environments, applications and security controls.
Strong written and verbal communication skills with the ability to collaborate across technical and non-technical teams.
Ability to prioritize tasks and manage multiple initiatives in a structured, deadline-driven environment.
A proactive mindset with a desire to learn and grow within the GRC domain.

Nice to have

Experience supporting PCI environments (Levels 1 – 3) or participating in formal PCI assessments.
Experience working in organizations with strong adoption of AI technologies and understanding associated governance or compliance considerations.
Exposure to GRC tooling (e.g., AuditBoard, Drata, Vanta, etc.).
Relevant certifications such as Security+, CISA or similar.

Job Description:

Our Opportunity:

Chewy is seeking a GRC Analyst I to join our Cyber Governance Risk & Compliance team (GRC) in** Plantation FL**. At Chewy, we’re passionate about pets and just as passionate about protecting the systems, data and experiences that support pet parents everywhere. As a GRC Analyst I, you will help us keep our compliance program purring smoothly and our risk posture on a short leash. This is an entry-level opportunity designed for someone eager to grow their cybersecurity career in a fast paced e-commerce environment. You will get hands on experience with frameworks like PCI and NIST while partnering with teams across the organization to ensure our controls are strong, our assessments are well groomed and our risk management practices are anything but ruff.

What You’ll Do:

Assist in assessing risk statements and mapping controls to established compliance frameworks such as PCI and NIST.
Participate in the execution of PCI assessments across the organization, including evidence collection, documentation review and coordination with control owners.
Support subject matter experts in maintaining and validating control effectiveness, audit readiness and risk management processes.
Contribute to governance, risk & compliance initiatives by assisting with compliance framework implementations.
Help maintain risk registers, track remediation activities and follow up on action plans.
Support internal and external audit activities by organizing documentation, coordinating stakeholders responses and validating evidence.
Assist with policy and procedure reviews to ensure alignment with evolving regulatory and industry standards.
Partner with technical teams to understand system environments and document control implementations accurately.

What You’ll Need:

Bachelor's degree or higher in Computer Science, Computer Information Systems, or similar; or equivalent experience.
Familiarity with industry frameworks and standards such as PCI-DSS, NIST CSF, NIST 800-53, SOC 2 or similar.
Comfortable reading, interpreting and analyzing policy documents, audit reports and technical control descriptions.
Strong attention to detail and ability to organize and manage documentation effectively.
Basic understanding of IT infrastructure, cloud environments, applications and security controls.
Strong written and verbal communication skills with the ability to collaborate across technical and non-technical teams.
Ability to prioritize tasks and manage multiple initiatives in a structured, deadline-driven environment.
A proactive mindset with a desire to learn and grow within the GRC domain.

Bonus (if applicable):

Experience supporting PCI environments (Levels 1 – 3) or participating in formal PCI assessments.
Experience working in organizations with strong adoption of AI technologies and understanding associated governance or compliance considerations.
Exposure to GRC tooling (e.g., AuditBoard, Drata, Vanta, etc.).
Relevant certifications such as Security+, CISA or similar.

The base salary range for this role is $68,500 - $102,500.00.

The specific salary offered to a candidate may be influenced by a variety of factors including but not limited to the candidate’s relevant experience, education, and work location. In addition, this position is eligible for 401k and a new hire and annual equity grant. C08+ positions may also be eligible for annual bonus.

We offer different types of insurance and benefits, such as medical/Rx, vision, dental, life, disability, hospital indemnity, critical illness, and accident. We offer parental leave, family services benefits, backup dependent care, flexible spending accounts, telemedicine, pet adoption reimbursement, employee assistance program, and many discounts including 10% off pet insurance and 20% off at Chewy.com.

Exempt salary team members have unlimited PTO, subject to manager approval. Team members will receive six paid holidays per year. Team members may be eligible for paid sick and family leave in compliance with applicable state and local regulations.

Chewy is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, ancestry, national origin, gender, citizenship, marital status, religion, age, disability, gender identity, results of genetic testing, veteran status, as well as any other legally-protected characteristic. If you have a disability under the Americans with Disabilities Act or similar law, and you need an accommodation during the application process or to perform these job requirements, or if you need a religious accommodation, please contact CAAR@chewy.com.

To access Chewy's California CPRA Job Applicant Privacy Policy, please click here.