Governance Risk and Compliance (GRC) Specialist

Information Technology Chicago, Illinois Remote, United States


This position is open to fully-remote candidates who can work from anywhere in the United States and Canada. Candidates also have the option to work from one of our office locations in Chicago or Toronto.

Who we are: Vivid Seats is the largest independent online ticket marketplace, sending tens of millions of fans to live events. We believe in the power of experiences and are fiercely dedicated to building products that inspire human connections. Named as one of Built In Chicago’s top 10 places to work in 2021, we believe that our People are our greatest competitive advantage. To support our People, we have built a company culture that empowers our employees to embrace challenges, encourages unity through collaboration, and seeks to constantly evolve by leveraging data and inspiring innovation.

The Opportunity: As a Governance Risk and Compliance (GRC) Specialist, you’ll be responsible for strengthening our governance and compliance program to ensure adherence with regulatory requirements and industry best practices.  You will partner across corporate, operations, and technology teams to implement tools and practices to enhance our processes related to third-party risk management, business continuity planning, controls assurance, and external auditor engagement.

How your role contributes to the success of Vivid Seats: 

  • Establish standard repeatable practices to maintain a balanced security and compliance control framework that meets necessary regulatory and contractual requirements
  • Ensure that necessary security due diligence of our vendor portfolio is maintained
  • Act as the focal point for external auditor activity/assessments; driving accountability and efficiency across teams
  • Influence and contribute to the policies, standards, and controls to drive efficient compliance controls
  • Facilitates the processes necessary to ensure that we have effective business continuity to overcome physical, operational, or technology disruptions
  • Partner with Human Resources, Legal, and Finance teams to ensure appropriate operational, technical, data privacy, and SOD controls are implemented and enforced
  • Ensure compliance with society, regulatory, and industry standards for security and compliance

How your role expectations will progress as a GRC Specialist in the first 30, 60, and 180 days:

30 days in:

  • Complete new hire orientation, gaining the resources you need to be successful
  • Learn how ticket marketplaces operate and how you’ll contribute to providing great experiences for our customers
  • Acclimate to team and company norms, business objectives, and Vivid Seats values
  • Develop basic understanding of business functions, applications, tech stack, and development process
  • Understand our existing security governance practices, frameworks, and tools
  • Conduct initial interview with stakeholders to understand risk areas

90 days in:

  • Update our security risk register reflecting learnings and opportunities identified
  • Identify preferred tooling to facilitate an effective GRC program
  • Enhance our existing controls framework
  • Revise third-party risk review process and ongoing monitoring program
  • Participate in external security reviews and/or audits
  • Update our Business Impact Analysis and document business continuity plans

180 days in:

  • Design and implement process improvements that positively impacts the team and our overall security posture
  • Mentor others, playing an active role in elevating the skill sets of those you work with
  • Rollout security compliance training to the organization and lead training for ongoing awareness.
  • Guide the team's work so that it fits into the larger team and engineering group objectives
  • Improve security in core systems, applications, and operations managed by the team and contribute to engineering group objectives
  • Continuously evaluate the organization’s existing security and compliance practices, define and measure security-related activities, and demonstrating concrete improvements to the application assurance program within the organization
  • Plan and facilitate testing of our business continuity, incident response, and disaster recovery plans with appropriate business and technology stakeholders

What You’ll Bring:

  • 5+ years of combined experience in information security, GRC, BCP/DR, and risk management with at least 3 years’ experience developing and implementing security compliance programs
  • Hands on security controls testing experience for web applications, mobile applications, and corporate systems
  • Strong knowledge of relevant control frameworks such as ISO, SOX, NIST, CobiT, and PCI
  • Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred
  • Familiarity working with and/or managing Governance, Risk, and Compliance (GRC) tools
  • Ability to work both independently and collaboratively with peers, across teams, and with management
  • Exceptional business and technical writing capabilities

Our Commitment:

We are an equal opportunity employer that values the critical importance of a diverse workforce and sense of belonging. Many of our roles have flexible requirements and we encourage you to apply regardless of whether you meet every qualification. 

Vivid Seats provides competitive compensation; bonus incentives; FLEX PTO; mental health days; medical, dental, and vision insurance; 401K matching; monthly credits and discounts for attending live events; remote work and snack allowances; and a variety of additional workplace perks.