Casey's · 10 hours ago
IT GRC Analyst
Ankeny, IA
Full-time
Onsite
Mid Level
$72K/yr - $94K/yr
3+ years expCasey’s is seeking a Governance, Risk & Compliance (GRC) Analyst to help design, implement, and operate their enterprise compliance programs across PCI DSS and SOX IT General Controls. The role involves executing risk assessments, automating compliance tasks, and managing third-party risk assurance activities.
E-CommerceFood and Beverage
No H1B
Responsibilities
Assist with or lead risk assessments discussions (e.g Cyber, Compliance, AI), maintain IT risk register, define treatment plans, and report status, trends, and residual risk
Operate PCI DSS v4.0.1 controls across CDE environments, maintain scope/evidence, and support QSA interviews and artifact packaging for ROC/AOC submissions
Support SOX ITGC readiness across access, change, computer operations by validating control design, coordinating evidence, supporting audit walkthroughs
Automate compliance tasks using either enterprise or custom GRC solution to generate tickets, reminders, evidence collection, and review workflows for key control activities
Manage third party risk (TPRM): conduct vendor onboarding questionnaires, review security documentation (SOC reports, AOCs etc.), track reassessments, and document decisions in TPRM Platform
Update technology policies and standards, manage acknowledgments/exceptions, and ensure ‘policy à control à evidence’ linkage for auditability
Improve recurring compliance process workflows through automation, build and maintain dashboards for risk & controls posture, KRIs, remediation SLAs, and trends (e.g., Power BI/Power Automate), and identify control gaps/ process inefficiencies for practical improvements
Qualification
Required
This position requires authorization to work in the U.S. without the need for employment-based immigration sponsorship now or in the future. Casey's will not provide sponsorship or employer support for applications or petitions for F-1 OPT, F-1 CPT, H-1B, L-1, TN, O-1, E-3, H-1B1, J-1, or any other employment-based visa
Bachelor's degree in Information Security, Computer Science, MIS/Accounting/Finance, or a related field, or equivalent experience
Minimum 3 years in IT risk, compliance, audit, IAM, or security operations with hands on security policy, control execution, research, and evidence management
You independently perform GRC tasks with minimal supervision and communicate effectively across IT, Security, Legal, Finance, Operations, and external partners, demonstrating strong collaboration and written and verbal skills
Working knowledge of PCI DSS v4.01 and SOX ITGC; familiarity with risk management and assessment
Support cyber and technology risk assessments by evaluating likelihood, exploitability, and business impact
Experience with GRC/TPRM platforms (e.g. OneTrust, AuditBoard, SAFE TPRM) and automation/reporting tools (e.g., Power BI, Excel, Power Automate)
Preferred
Multi-site retail, convenience or hospitality industry experience
Scripting exposure (PowerShell, Python, APIs)
Identity access governance (AD, Entra, privileged access)
Certifications: CISA, CRISC, CISSP, PCIP, Security + (or in progress)
Benefits
Annual cash bonus based on company performance
Company
Casey's
Third largest convenience retailer. Fifth largest pizza chain.
10001+ employees
Funding
Current Stage
Public CompanyTotal Funding
$569M2010-08-23Post Ipo Debt· $569M
1983-10-28IPO
Leadership Team
Darren Rebelez
Chief Executive Officer
Terry W. Handley
President & Chief Executive Officer
Recent News
2026-01-20
2026-01-11
Company data provided by crunchbase