IT GRC Analyst

Potbelly Corporate • Chicago, Illinois, United States • 1d ago

PAY TRANSPARENCY

$85,000 - $95,000 base salary range + annual bonus potential!
100% remote in the United States

Do you hunger for more? Potbelly Sandwich Shop is looking for friendly and outgoing people who enjoy working in a fast-paced, friendly environment. We are where good vibes and great careers are a way of life! What started as a small antique store in 1977 has become a nationally recognized neighborhood sandwich shop with over 400 locations across the United States. But toasty sandwiches are only as good as the people behind them. And yeah, we've got the best. Ready to join our growing Potbelly Nation?

What’s In It For You**:

Competitive pay with performance-based annual raises!
Medical, Dental & Vision Insurance
Domestic Partnership Benefits
Paid Parental Leave
FSA and HSA with Employer Contribution
Commuter Benefit Program
Retirement Savings 401(k) WITH company match
Employee Assistance Program
Paid Time Off
Discount Program
Flexible Work Schedule
Career growth opportunities

**If hired, you must meet and maintain all eligibility requirements to qualify**

GENERAL DESCRIPTION

The IT Governance, Risk, and Compliance (GRC) Analyst is responsible for the assessing and documenting of the Potbelly's compliance and risk posture as they relate to its information assets.

FOCUS

The purpose of this position is to provide highly skilled technical and information security expertise for development and implementation of the information security risk management program. Responsibilities require leadership and project management experience, as well as expertise to ensure effective system-wide security analysis; intrusion detection; standards and testing; risk assessment; awareness and education; and development of policies, standards and guidelines.

The GRC Analyst reports to the Chief Information Officer.

Leadership

Perform other duties as assigned to ensure the smooth functioning of the department and maintain the reputation of the organization as a viable business partner.
Recommend programmatic and technical directions and operate with a high degree of independence in matters relating to the investigation, impact, and analysis of security incidents, decisions regarding risk, and measures for computer and network security.
Operate with a high degree of independence regarding project management activities, including development of project plans and budget/resource estimates

Risk

Lead the development and implementation of the system-wide risk management function of the information security program to ensure information security risks are identified and monitored.
Internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls for Potbelly's information and technology systems.

Policy/Compliance

Lead the system-wide information security compliance program, ensuring IT activities, processes, and procedures meet defined requirements, policies and regulations.
Develop and implement effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
Execute strategy for dealing with increasing number of audits, compliance checks and external assessment processes for internal/external auditors, PCI DSS and SOX IT General Controls

Outreach/Awareness

Interacts in both oral and written communications with all levels of Potbelly staff including IT support staff, developers and other IT staff, general counsel, auditors, and all Potbelly staff and technology vendors and contractors, in matters related to information security and security awareness materials.

Audit

Work with Internal Audit, PCI Compliance Assessor and outside consultants/auditors as appropriate on required security assessments and audits
Coordinate and track all information technology and security related audits including scope of audits, systems involved, timelines, auditing agencies and outcomes. Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provide a consistent perspective that continually puts the institution in its best light. Provide guidance, evaluation and advocacy on audit responses.

Problem-Solving Skills

Must be able to assess computer hardware, software, and systems for security risks or violations and work with IT staff and technology vendors to recommend solutions. Develop strategies to address awareness and training for all stakeholders as well as technical solutions. Must be able to assess the status of complex projects as well as identify and implement appropriate corrective measures to resolve issues as they arise. Must have a strong customer service orientation and the ability to project that attitude to customers in remote locations.

ESSENTIAL PHYSICAL FUNCTION

Must have the ability/stamina to work a minimum of 45 to 55 hours a week.
Must be able to engage in problem-solving skills to help identify and solve potential issues in the field.
Must be able to communicate heavily through telephone, e-mail and in-person communications

EXPERIENCE, EDUCATION AND BEHAVIORS

Must represent The Potbelly Advantage and Our Values.
Must exhibit the traits of The Potbelly Leader
3-5 years of advanced IT skills with high level of information security experience and expertise
Knowledge of information security risk management frameworks and compliance practices.
Knowledge of securing network technologies, client, and server operating systems.
Ability to develop security standards and guidelines based on best practices and industry standards
Experience responding to, analyzing, and communicating information security incidents
2-3 years of planning and managing security projects
Excellent interpersonal, communication, and presentation skills, including formal report writing experience
Understanding of common security standards and regulations (e.g., PCI DSS, SOX IT General Controls, NIST 800-53, ISO2700x, etc.)

Application Deadline: We accept applications for this position until 09/30/2025. We encourage all individuals to submit their applications.

Potbelly actively creates and promotes an environment that is inclusive of all people and their unique abilities, strengths, and differences. We respect and embrace diversity in each other, our customers, suppliers, and all others with whom we interact as an essential component in the way we do business. Diversity only strengthens our Potbelly vibe, who we are, and how we work.

We’re an equal opportunity employer. Each applicant will be considered for employment without regard to race, color, religion, disability, sex, sexual orientation, age, gender identity, national origin, or veteran status.