JobsGovernance, Risk and Compliance Analyst II
StubHub logo

Governance, Risk and Compliance Analyst II

StubHub

Location

New York, NY

Type

Full-time

Posted

7/3/2026

Compensation

$110,000 per year

Undergraduate with 2+ Years of Experience
Approval 93.5%·Filings 16·New hires 3·
Occasional Sponsor
·FY 2025

Job description

StubHub is seeking a Government, Risk, Compliance Analyst II to join their IT Security team. This role focuses on measuring and managing risk to ensure compliance with regulations while minimizing potential threats. The GRC Analyst will work closely with various teams to develop a control framework and provide training on risk management. The position is hybrid, requiring three days in the office and two days remote in New York, NY.

Requirements

  • 2+ years of experience in Information Security Governance, Risk and Compliance
  • Prior experience performing SOC 2 reviews
  • Prior experience with SOX compliance processes and being a part of a SOX program
  • Experience using the MS or Google productivity suite
  • Experience leveraging AI to increase productivity and efficiency
  • Prior experience conducting or being part of IT Audits
  • Understanding of fulfilling audit documentation requests
  • Prior experience fulfilling e-discovery requests
  • Prior experience with Microsoft’s Purview Compliance Portal and its toolset is a plus
  • Effective analytical, negotiation, facilitation, interpersonal, and stakeholder management skills
  • Strong verbal and written communication skills
  • Strong attention to detail
  • Experience creating and updating company policies, procedures, and standards
  • Experience with the NIST CSF, SOX security frameworks and PCI DSS standards
  • Prior operational experience in applying risk frameworks to technologies and continuous processes is very helpful
  • Familiarity with change management processes
  • Superb problem-solving skills
  • Ability to clearly report on the risk posture of the organization

Responsibilities

  • Oversee and manage the vendor risk management program by performing risk assessments of third parties.
  • Monitor and manage the IT Security risk register to ensure accurate representation of IT Security risks.
  • Perform evidence collection and quality assurance of IT and Security controls.
  • Manage the GRC request queue to assist other teams with GRC related queries or requests.
  • Build and manage user awareness training campaigns.
  • Assist Legal with contract reviews for technology vendors.
  • Conduct e-discovery searches as required by StubHub’s Legal, HR, or Fraud teams.
  • Collaborate with teams across StubHub to execute the Information Security and Governance, Risk & Compliance strategy.
  • Document all risks and controls identified during third party assessments and audits.
  • Ensure PCI compliance by overseeing PCI scans and working with other teams to remediate issues.
  • Contribute to the SOX Program by owning the User Recertification process for in-scope applications.
  • Perform continuous checks and reviews on access management to mitigate risks.
  • Proactively provide relevant inputs to the global risk framework based on the latest government and industry information.

Benefits

  • Employees at StubHub may receive benefits such as health coverage, retirement savings options, and other perks typical of large technology and e-commerce companies, supporting both their professional growth and overall well-being.

Is this posting expired or inaccurate?