Compliance Analyst

Rent the Runway (RTR) is transforming the way we get dressed by pioneering the world’s first Closet in the Cloud. Founded in 2009, RTR has disrupted the $2.4 trillion fashion industry by offering a more joyful, sustainable and financially-savvy way to feel your best every day. The brand provides designer apparel and accessories from hundreds of partners through a fully customizable subscription, one-time rental, or ownership model, with in-house proprietary technology and a unique reverse logistics operation.

Under CEO and Co-Founder Jennifer Hyman’s leadership, RTR has been recognized on CNBC’s Disruptor 50 and Fast Company’s Most Innovative Companies list, among other accolades.

Rent The Runway established its European Technology Hub in Galway in April 2019. Based in the historic Claddagh area, the Galway team tackles core technology challenges and influences the next generation of services critical to RTR’s success and growth. This is RTR’s first international office outside the US, expanding the Software Engineering, Product Development, Machine Learning Engineering and Data Science footprint. Galway-based employees have opportunities to grow across multiple technology roles and career paths.

As a core function of the CISO Organisation, the Compliance Analyst plays a crucial role in supporting compliance activities and ensuring adherence to technology and security standards. Working closely with the Senior Director of Information Security, this position assists in Governance, Risk, and Compliance (GRC) efforts to raise RTR’s compliance and security posture and help reduce risk. You will work across multiple frameworks and regulatory standards, including, but not limited to SOX, NIST 800-53, ISO 27001, SOC 2, PCI-DSS, CIS, NIST CSF, GDPR, and CCPA. You will assist in implementing solutions, processes, and remediation across the business, including Software Engineering, Finance, Corporate Systems, Operations, Legal, Internal Audit and other stakeholders.

• Work with Information Security leadership on an organization-wide IT and information security compliance program, ensuring activities, processes, and procedures meet defined requirements, policies and regulations.
• Assess and document IT and security risk and compliance based on process and control walkthroughs or testing; collaborate with leadership to determine suitable solutions for RTR’s architecture.
• Oversee the exception management process, maintaining a centralized exception register with review, approval, and remediation actions.
• Carry out internal and third-party audits/assessments and facilitate evidence collection.
• Conduct internal security risk assessments at all levels of the business, including assets and third parties.
• Interact with technology-focused teams and stakeholders to understand risks to critical systems and data and the business impact of mitigation strategies.
• Maintain knowledge of best practices in technology risk management, compliance, and data privacy.
• Provide input on issues from risk analysis and assist in determining appropriate solutions.
• Assist in training and education efforts across the company.

• 4+ years of experience in IT and security governance, risk, or compliance functions.
• Knowledge of security and privacy frameworks such as SOX, NIST 800-53, ISO 27001, SOC 2, PCI-DSS, CIS, NIST CSF, GDPR and CCPA.
• Manage SOX compliance activities within the technology organisation, ensuring adherence to internal controls, documentation, testing, and remediation requirements.
• Deep understanding of IT controls at the systems, network, and application levels.
• Strong understanding of privacy, data protection, and compliance requirements within cloud environments (AWS, Azure, GCP).
• Knowledge of cloud services (IaaS, PaaS, SaaS), databases, and infrastructure.
• Knowledge of qualitative vs. quantitative risk management.
• Experience in IT general controls audits, from test design to remediation.
• Understanding of information security domains, including web application and cloud security concepts.
• Experience conducting risk assessments at organisational, product, asset, and third-party levels; experience working cross-functionally with IT, engineering, and business stakeholders.
• Excellent interpersonal, communication, and presentation skills, including report writing experience.
• Understanding and belief that compliance is not a one-size-fits-all approach.

• Generous Paid Time Off, including annual leave, bereavement, and family sick leave.
• Universal Paid Parental Leave for both parents and a flexible return to work program.
• Paid Sabbatical after 5 years of continuous service.
• Competitive Stakeholder Pension.
• Comprehensive health, dental, and dependent care from day 1 of employment.
• Company-wide events and outings.
• Hybrid Work: 2-3 days per week in Galway office, with up to 2 days remote.

Rent the Runway is an equal opportunity employer. We prohibit discrimination against any applicant or employee on legally-recognised bases, including gender, marital status, age, disability, sexual orientation, race, religion, and membership of the Traveller community.