Senior GRC Manager

Your Opportunity: 

Chewy is seeking a dedicated Senior GRC Manager to serve as the strategic lead for Chewy’s GRC programs. This role combines deep expertise in GRC principles with forward-thinking program leadership to design and execute strategies aligned with Chewy’s operational goals, risk appetite, and regulatory requirements. The Senior GRC Manager will help define the vision for GRC initiatives, champion innovative solutions, and ensure that compliance is seamlessly integrated across the organization.  

Our team is responsible for maintaining Chewy’s compliance posture and risk governance. We ensure adherence to regulations such as CCPA and PCI-DSS, facilitate regulatory audits, and manage compliance training. We collaborate with IT and Security teams to implement cybersecurity controls, manage access to sensitive data, and support incident response planning. We also develop policies, align them to industry standards, and provide risk and compliance reporting to leadership. 

A successful candidate will partner with senior leaders and cross-functional teams to  shape and drive Chewy’s enterprise GRC strategy and implementation roadmap. 

What You’ll Do: 

• Lead the development and enhancement of enterprise-wide GRC frameworks, programs, and policies aligned with regulatory requirements and operational objectives.
• Establish governance structures that promote accountability, visibility, and effective decision-making. 
• Partner with cross-functional teams to embed risk and compliance into daily operations.
• Define and maintain policies and standards based on evolving laws, industry frameworks (e.g., SOX, PCI DSS, CCPA), and standard methodologies.
• Develop and oversee comprehensive risk management practices, including risk identification, assessment, mitigation, and monitoring.
• Provide executive-level insights through risk and compliance reporting using defined indicators and metrics.
• Act as a liaison with auditors, regulators, and external partners during compliance reviews and audits.
• Identify and implement GRC tools and technologies to automate processes and increase program efficiency.
• Drive innovation in GRC practices through the use of AI, automation, and data analytics. 

What You’ll Need: 

• 5+ years of experience in governance, risk, and compliance, with a track record of developing and executing enterprise GRC strategies.
• Solid understanding of regulatory frameworks and compliance standards (e.g., SOX, PCI DSS, CCPA, ISO 27001).
• Leadership and ability to influence and inspire cross-functional teams. People leadership experience is a plus.  
• Exceptional communication and collaboration skills. Experience in writing and presenting content to Senior Leadership including C-Suite leaders.  
• Demonstrated success managing multiple initiatives in fast-paced, evolving environments.
• Proficiency in GRC platforms and tools; data-driven attitude for continuous improvement.
• Analytical mentality with a focus on data-driven decision-making. Ability to navigate ambiguity, work flexibly, and implement scalable solutions.
• Preferred: ISACA certifications (e.g., CISA, CISSP, CISM). 

What You’ll Get: 

• The opportunity to shape and scale a strategic GRC function at one of the fastest-growing e-commerce brands.
• Meaningful career growth with access to senior leadership, sophisticated challenges, and high-impact projects.
• A culture that values innovation, collaboration, and authenticity-where diverse voices are encouraged and respected.
• The flexibility and support to do your best work with the leadership that empowers you. 

Apply now and let’s build something phenomenal together!