Security Governance Risk & Compliance Analyst

Commerce is a leading AI‑driven commerce ecosystem that empowers businesses to innovate and grow with open, AI‑powered tools.

Senior Security Governance, Risk & Compliance Analyst

• Act as a frontline representative of Information Security, leading by example and deploying industry‑standard practices and applicable laws, regulations, and policies.
• Manage third‑party risk assessments using a risk‑based framework, covering onboarding due diligence to continuous monitoring, and leveraging platforms such as One Trust and Safe Base.
• Partner with fraud operations and data science teams to model and detect threats such as account takeovers, payment abuse, promotional fraud, and affiliate misbehavior, and understand fraud detection platforms (e.g., e‑Hawk, Recorded Future).
• Maintain metrics and reporting that link fraud risk to potential loss or customer impact in real terms.
• Demonstrate understanding of the GRC Office strategic vision and act as a self‑starter to promote this vision.
• Provide support and guidance regarding best practices, regulatory, and legal compliance, including PCI, GDPR, ISO
  27001, NIST, and SOX.
• Assist in evaluating the design and operating effectiveness of the Integrated Secure Controls Framework (SCF) built from industry standards, covering SDLC, logical security, data interfaces, availability/redundancy, and cyber‑information security.
• Prepare supporting evidence and document test plans that describe audit procedures performed, test results, and conclusions, and create technology diagrams of system dependencies.
• Help with the department’s data collection and analytics efforts and internal audit report preparation.
• Support the development and tracking of control recommendations for corrective action and improvement.
• Collaborate with internal audit leadership to identify and continually improve departmental practices.
• Monitor and demonstrate compliance with organizational policies and practices, evidenced by strong quality‑assurance results and related metrics.
• Stay abreast of current issues and pursue continuing education and training.
• Participate in special projects and perform other duties as requested.
• Interact with all levels of management to provide effective risk and control advice and manage expectations.
• Provide data‑analysis support for ongoing compliance monitoring.
• Maintain up‑to‑date knowledge of audit controls and techniques.
• Utilize innovative ideas and tools to enhance operational effectiveness.
• Evaluate and recommend improvements to business practices, processes, and controls.

• 5–6years of relevant experience in a technology environment.
• Experience translating business requirements into project implementation plans and validation, including user‑acceptance testing.
• Knowledge of network‑based services, client/server applications, cloud‑based and virtualized environments, mobile applications, enterprise systems and infrastructure, network architecture, and security infrastructure.
• Passion for process improvement and removing friction from systems.
• Direct experience with audit and compliance frameworks such as ISO
  27001, PCI, and related standards.
• Background in IT hardware/software concepts and processes used within business, covering core security concepts, cloud services, Windows and Linux operating systems, and open‑source ecosystems.
• Experience with auditors and the evidence‑collection process.
• Experience designing and testing IT security controls in a managed hosting and/or SaaS environment.
• Experience building relationships across business functions, locations, and technical stakeholders.
• Self‑direction, attention to detail, and a passion for solving practical problems amid complexity.
• Able to present ideas and solutions clearly, concisely, and accurately at all organizational levels.
• Adaptability to different company cultures and ability to adjust communication style accordingly.
• Collaborative and upbeat work ethic, taking ownership and enjoying the work.
• Ability to meet deliverables and drive projects to completion within specified timelines.
• Excellent verbal and written communication skills.

Beginning March
12026, employees who live within commuting distance of a Dedicated Office will be expected to be in the office three days per week.

Base salary range: $88,951.00 – $. Variable compensation, equity, and benefits may be available in accordance with local policies.

Commerce is an equal‑opportunity employer. The inclusive atmosphere we build together will make room for every person to contribute, grow, and thrive. We are committed to creating an inclusive and accessible hiring experience for all candidates. If you require accommodations or adjustments at any stage of the recruitment process, please let us know and we will work with you to meet your needs.