Who We Are:
Cimpress Technology develops cutting-edge, best-in-class software that our mass customization businesses use to create personalized products for over 17 million global customers. Our Mass Customization Platform comprises modular, multi-tenant services. Our businesses can select the solutions that work for them or assemble any custom combination they need. This allows us to introduce new products faster, reach customers more effectively, and track orders seamlessly. Innovation is at our core, and it’s why customers keep coming back. Last year, Cimpress generated $2.88B in revenue through customized print products, signage, apparel, packaging, and more.
We operate with an ownership mindset: each team defines its own roadmaps, selects the technologies that suit them best, and acts as small, nimble units to make a big impact across our enterprise.
 

What You Will Do:
As a GRC Analyst, you will play a critical role in maintaining and enhancing our governance, risk, and compliance initiatives. Reporting to the Privacy and Data Governance Team, you will support privacy compliance efforts and broader data governance initiatives alongside your primary responsibilities, which include:
 

PCI Compliance Support:

 

Assist in maintaining and documenting compliance with PCI DSS requirements. Collect and organize evidence for audits and assessments. Coordinate with internal teams to address compliance gaps.

 

Vendor Risk Management:

 

Conduct vendor risk assessments, evaluating third-party security controls and compliance with security standards. Monitor vendor compliance and maintain comprehensive risk documentation.

 

Security Awareness Training:

 

Design, select, and deliver engaging security training programs for employees. Track participation, assess training effectiveness, and implement improvements to strengthen the organization’s security posture.

 

Policy and Documentation Development:

 

Support the creation, review, and maintenance of GRC-related documentation, such as policies, procedures, and reports. Ensure alignment with security frameworks and business requirements.

 

NIST Privacy Framework Preparation:

 

Assist in building a foundational understanding of the NIST Privacy Framework. Map organizational processes, identify compliance gaps, and collaborate with teams on remediation efforts.

 

Your Qualifications:

We are seeking a candidate with the following qualifications:
 

Experience:

 

2–3 years of experience in a GRC compliance role, with a strong focus on PCI DSS compliance, vendor risk management, and policy development.

 

Skills:

 

Understanding of security frameworks such as PCI DSS, NIST Privacy Framework, or ISO 27001. Familiarity with privacy regulations and standards such as GDPR, CCPA, or similar. Strong organizational and documentation skills with attention to detail. Excellent communication and collaboration skills to work effectively with cross-functional teams.

 

Nice to Have:

 

Familiarity with GRC tools and technologies. Prior experience delivering security awareness training programs. Certifications in GRC, privacy, or security, such as CISA, CRISC, CIPM, or similar, are a plus but not required.

 

Why You’ll Love Working Here:
We value our employees and are committed to providing a supportive and growth-oriented work environment. Here’s what we offer:

Opportunity to make a tangible impact on the organization’s security, privacy, and compliance posture. A collaborative and inclusive work culture that values your ideas and contributions. Continuous learning opportunities to enhance your professional skills. Flexibility with remote work options to support work-life balance.

 

Commitment to Diversity, Equity, and Inclusion:
We are proud to be an equal-opportunity employer and believe in creating an inclusive environment where everyone can thrive. We celebrate the unique perspectives and backgrounds of our team members and are committed to fostering a culture of belonging.