Senior Analyst, Governance, Risk and Compliance

About the role

Chipotle is hiring a Senior Analyst for Governance, Risk and Compliance to work across teams and help protect the confidentiality, integrity, and availability of applications, infrastructure, and core business processes. The position focuses on building and improving policies, procedures, and governance practices while aligning them with security frameworks and compliance requirements in a way that also supports operational efficiency.

Work location

This role is based in Newport Beach, California, with an in-office schedule of four days per week and work from home on Fridays. Remote work is not offered for this position.

What you will do

• Support company-wide security awareness initiatives, including training programs and phishing simulations, then analyze results to strengthen the organization’s security posture.
• Partner with GRC leadership to roll out global policies, regulatory updates, and risk frameworks across products and systems.
• Track developments in industry standards, especially PCI-DSS, and recommend updates to the compliance program as needed.
• Help improve audit processes and procedures.
• Advise project teams so that new systems, applications, and processes are built and launched in line with applicable standards.
• Run risk assessments, audits, and control testing to confirm compliance with PCI-DSS, SOX, and internal information security policies, while keeping evidence complete and organized.
• Support the third-party risk management program by performing vendor assessments, reviewing security documentation, using tools such as Viso Trust, and working with stakeholders to manage risk across the vendor lifecycle.
• Track remediation work for compliance gaps, including policy exceptions and violations, until issues are resolved.
• Take part in incident response as a scribe and on-call participant, documenting events, decisions, timelines, and actions, and helping with post-incident reviews and reporting.
• Prepare written reports and dashboards to monitor compliance and share status updates with business leaders.
• Help coordinate annual on-site audits and assemble compliance reports for external stakeholders.
• Review change management tickets and supporting evidence to confirm control effectiveness and audit readiness.
• Contribute to additional compliance initiatives as business and regulatory needs evolve.
• Help design and improve GRC tools that automate controls, risk data gathering, monitoring, and governance workflows.
• Build and maintain policies, standards, and supporting work instructions that advance operational and compliance objectives.
• Develop or coordinate governance structures aligned to PCI, SOX, and NIST CSF.

Requirements

• A bachelor’s degree in computer science, information technology, or a related field is preferred.
• Strong knowledge of cloud environments, APIs, infrastructure, networks, and mobile security regulations, requirements, and best practices.
• Solid technical background in information technology, security, privacy, or compliance.
• Excellent organizational ability with the capacity to manage competing priorities and meet deadlines.
• At least 5 years of experience in risk and compliance management frameworks, risk-based solutions, and control frameworks.
• Proven experience managing enterprise risks and driving mitigation plans.
• At least 5 years of experience defining audit scope, working with technical and business partners, and supporting internal and external audits.
• Hands-on experience with third-party risk management, including vendor due diligence, assessments, and ongoing monitoring.
• Experience supporting incident response activities, including documentation, coordination, and post-incident analysis.
• Experience reviewing change management activities and validating audit evidence for compliance and control effectiveness.
• Ability to work independently and collaboratively in complex environments.
• Preferred certifications include CISSP, CISM, CISA, PCIP, and PCI ISA.
• Strong analytical ability and communication skills, with the influence to work across functions and stakeholder groups.

Compensation and benefits

The expected base salary range for this role is $114,000 to $161,000 per year. In addition, the role is eligible for annual cash bonuses and equity awards based on performance and other factors. Total rewards include medical, dental, and vision insurance, 401(k), sick leave, vacation time, and other benefits.

About the company

Chipotle Mexican Grill is focused on making better food available to more people through responsibly sourced ingredients and a people-first culture. The company operates restaurants in the United States, Canada, the United Kingdom, France, and Germany, and is committed to digital innovation, sustainable business practices, diversity, equity, and inclusion.

Equal opportunity and accommodation

Chipotle is an equal opportunity employer and welcomes applicants from all backgrounds. Qualified applicants with disabilities may be eligible for reasonable accommodation under the Americans with Disabilities Act or applicable state and local laws. Accommodation requests related to the hiring process can be directed to ADAaccommodations@chipotle.com.