Compliance Analyst

About Us:

Rent the Runway (RTR) is transforming the way we get dressed by pioneering the world’s first Closet in the Cloud. Founded in 2009, RTR has disrupted the $2.4 trillion fashion industry by inspiring women with a more joyful, sustainable and financially-savvy way to feel their best every day. As the ultimate destination for circular fashion, the brand now offers infinite points of access to its shared closet via a fully customizable subscription to fashion, one-time rental or ownership. RTR offers designer apparel and accessories from hundreds of brand partners and has built in-house proprietary technology and a one-of-a-kind reverse logistics operation. Under CEO and Co-Founder Jennifer Hyman’s leadership, RTR has been named to CNBC’s “Disruptor 50” five times in ten years, and has been placed on Fast Company’s Most Innovative Companies list multiple times, while Hyman herself has been named to the “TIME 100” most influential people in the world and as one of People magazine’s “Women Changing the World.”

Galway Office 

Rent The Runway established its European Technology Hub in Galway in April 2019.  Based in the historic Claddagh area of the city, the growing team in Galway tackles core technology challenges and influences the next generation of services critical to Rent The Runway’s success and continued growth. 

The Galway office is Rent the Runway's first international office outside the US and enables the company to significantly expand its Software Engineering, Product Development, Machine Learning Engineering and Data Science footprint. Rent The Runway’s Galway-based employees have the opportunity to grow their careers across several roles and career paths in Technology.

About the Job:

As a core function of the CISO Organisation, the Compliance Analyst plays a crucial role in supporting compliance activities and ensuring adherence to technology and security standards. Working closely with the Senior Director of Information Security, this position will assist in Governance, Risk, and Compliance (GRC) efforts to raise the overall compliance and security posture and help reduce and mitigate risk levels for RTR. You will be working across multiple frameworks and regulatory standards, including, but not limited to SOX, NIST 800-53, ISO 27001, SOC 2, PCI-DSS, CIS, NIST CSF, GDPR, CCPA, etc. You will have exposure and will assist in implementing solutions, processes, and remediation of outstanding issues to all parts of the business, including Software Engineering, Finance, Corporate Systems, Operations, Legal, Internal Audit and other stakeholders. 

What You’ll Do:

• Work with the Information Security leadership on an organisation-wide IT and information security compliance program, ensuring IT activities, processes, and procedures meet defined requirements, policies and regulations.
• Responsible for assessing and documenting IT and security risk and compliance based on process and control walkthroughs or testing while working with the Information Security leadership to determine potential solutions that are appropriate for RTR’s business and system architecture.
• Oversee the exception management process, maintaining a centralised exception register and ensuring appropriate review, approval, and remediation actions.
• Responsible for carrying out internal and 3rd party audits/assessments, as well as facilitating evidence collection.
• Responsible for carrying out internal security risk assessments at all levels of the business, including assets and third parties.
• Interact with technology-focused teams and business stakeholders to understand risks to critical systems and data by understanding the potential business impact of mitigation strategies.
• Maintain knowledge of best practices in technology risk management, compliance, and data privacy.
• Provide input on issues resulting from risk analysis and assist in determining appropriate solutions.
• Assist in training and education efforts across the company.

About you:

• 4+ years of experience in IT and security governance, risk, or compliance functions.
• Knowledge of security and privacy frameworks such as SOX, NIST 800-53, ISO 27001, SOC 2, PCI-DSS, CIS, NIST CSF, GDPR and CCPA. 
• Manage SOX compliance activities within the technology organisation, ensuring adherence to internal controls, documentation, testing, and remediation requirements.
• Deep understanding of IT controls at the systems, network, and application levels.
• Strong understanding of privacy, data protection, and compliance requirements within cloud environments, including AWS, Azure, and Google Cloud Platform (GCP).
• Knowledge of cloud services (IaaS, PaaS, SaaS), databases, and infrastructure.
• Knowledge of qualitative vs. quantitative risk management.
• Experience in IT general controls audits, from test design to remediation.
• Understanding of information security domains, including web application and cloud security concepts.
• Experience conducting risk assessments at organisational, product, asset, and third-party levels.
• Experience working in cross-functional settings, including IT, engineering, and business stakeholders.
• Excellent interpersonal, communication, and presentation skills, including report writing experience.
• Understanding and belief that compliance is never a “one size fits all”.

Benefits:

At Rent the Runway, we’re committed to the happiness and well-being of our employees, and aim to create a workplace that fosters both personal and professional growth. Our inclusive benefits include, but are not limited to:

• Generous Paid Time Off, including annual leave, paid bereavement, and family sick leave - every employee needs time to take care of themselves and their family.
• Universal Paid Parental Leave for both parents + flexible return to work program  - because we know your newest family member(s) deserve your undivided attention.
• Paid Sabbatical after 5 years of continuous service - unplug, recharge, and have some fun.
• Competitive Stakeholder Pension - taking care of your future. 
• Comprehensive health, dental care and dependents care from day 1 of employment - Your health comes first, and we’ve got you covered. 
• Company-wide events and outings - our team spirit is no joke - we know how to have fun!
• Hybrid Work -This hybrid role requires 2-3 days per week in our Galway, Ireland office, with the option to work 2 days remotely.

Rent the Runway is an equal opportunity employer. In accordance with applicable law, we prohibit discrimination against any applicant or employee on any legally-recognised basis, including, but not limited to: gender, marital status, family status, age disability, sexual orientation, race, religion, and membership of the Traveller community.

#LI-EM1