Job Description:

Who We Are:

We’re Cart.com, one of the fastest growing commerce enablement companies in the world. We provide the digital and physical infrastructure that empowers thousands of leading B2B and B2C companies to unify commerce operations across channels and sell and fulfil anywhere their customers are.

We’re building toward a world where commerce has no bounds. Our enterprise-grade software, services and logistics infrastructure, including our own network of omnichannel fulfillment and distribution centers, enable merchants to navigate an increasingly complex operating landscape and drive efficient growth.

Our goal is to be the global backbone of commerce. To achieve it, we’re looking for entrepreneurial, innovative and determined teammates who are eager to help our growing base of customers simplify their commerce operations and seamlessly reach their own customers, wherever they are. Sound like you? We’d love to hear from you.

Cart.com Fast Facts:

• 6,000+ customers worldwide

• 1,600+ employees globally

• 14 warehouses nationwide, totaling over 8 million square feet of space

• Our software lists $10+ trillion in product value across channels

• Our digital and physical operations support $8+ billion in Gross Merchandise Value

Our values:

Cart.com is building a company that is committed to living out these 6 core values:

• Be brand obsessed: Our lives are shaped by the brands we interact with daily. We obsess over the brands we serve, and about the things they care about.

• Think beyond the box: “We’ve always done it that way” is not a phrase uttered often at our office. We create creative solutions to complex problems.

• Don’t give up: We learn from our challenges and see them for what they are; great building blocks to an amazing brand story.

• Speak up: We communicate clearly and directly because we care deeply. Communication is the bedrock of our community.

• Work together: We’ve built a team that prides itself on diversity of thought and background. Collaboration is better with contrast.

• Remember to be human: We work hard, but we leave room for the people, places and things that we love

This position is open to applicants or individuals who are located in or willing to move to AZ, CA,CO, CT,DE,FL, GA, HI, IL, IN, KY, MD, MA, MI, MS, NE, NV, NJ, NY, NC,OH, OR, PA, SC, TN, TX, UT, VA, WA.

The Role:

As a GRC Analyst, reporting to the Senior GRC Manager, you’ll play a pivotal role in strengthening Cart.com’s cybersecurity and compliance framework. You will implement and manage policies, procedures, and standards to protect our systems, networks, data, and third-party services. You’ll also collaborate with cross-functional teams to ensure adherence to regulatory requirements and mitigate security risks effectively.

What You’ll Do:

• Cybersecurity Governance: Assist in the development and implementation of a comprehensive Cybersecurity GRC program, aligning with industry-standard frameworks (e.g., NIST CSF, ISO 27001).

• Risk Management: Perform risk assessments for systems, processes, third-party applications, and configurations, and recommend mitigation strategies.

• Policy & Control Management: Document ownership and responsibilities of controls in Cart.com’s GRC platform and maintain corporate policies.

• Audit & Compliance: Manage and support PCI DSS audits, schedule internal and external control assessments, and ensure compliance with privacy regulations (e.g., CCPA, GDPR).

• Incident Management: Monitor and improve the security incident management program; assess incidents, secure baselines, and penetration test results.

• Training & Awareness: Lead security training and phishing simulations to mitigate social engineering risks.

• Reporting & Remediation: Identify and document control failures and gaps, provide remediation guidance, and prepare management reports to track progress.

• Privacy Program Support: Assist in managing privacy initiatives, including CCPA, CPRA, GDPR, and other relevant regulations.

• Continuous Improvement: Stay informed on emerging cybersecurity threats, best practices, and technology advancements to strengthen Cart.com’s security posture.

Who You Are:

• You are a strong critical thinking and problem-solving abilities.

• You have excellent written and verbal communication skills, with the ability to articulate complex concepts clearly

• You are collaborative mindset with a passion for learning and growth.

What You’ve Done:

• 2+ years in information security, technology governance, or compliance roles.

• Hands-on experience with GRC programs, including third-party risk management, metrics tracking, and issue resolution.

• Background in IT policies, laws, and frameworks (e.g., PCI DSS, ISO 27001, SOC, NIST CSF).

• Experience in testing or auditing technical controls.

Nice to Haves:

• Bachelor’s degree in Information Technology, Cybersecurity, or a related field (or equivalent experience).

• Certifications: CISA, CISM, CIPP, CIPM, CIPT, or Microsoft public cloud technical certifications.

• Familiarity with ITIL foundations and Agile methodologies.

Currently, Cart.com does not intend to hire candidates who will need, now or in the future, Cart.com sponsorship through any non-immigrant visa category such as the H-1B, H-1B1, E-3, O-1, or TN.

All hiring is contingent on eligibility to work in the United States. We are unable to sponsor or transfer visas for applicants.

Cart.com is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.