Information Security Risk & Compliance Analyst - Remote USA (*eligible states)

About The Role

The Information Security team’s mission is to build and protect stakeholder trust - customers, employees, investors - in our business, especially where technology is involved. Information Security & Privacy at The RealReal reinforces customer trust and is core to the business. We guide organizational security risk decisions and partner with technology and business teams. We bring integrity, knowledge, and a passion for technology.

We are seeking an Information Security Risk & Compliance Analyst to join our Information Security Team. This role will support Governance, Risk, and Compliance (GRC) initiatives. The Analyst will help mature our security and compliance programs, such as SOX, NIST CSF, PCI DSS, and Privacy.

The ideal candidate has hands-on experience with compliance frameworks, conducting risk assessments, conducting vendor risk assessments, supporting audits, and developing policies and procedures.

• States Not Eligible: AK, AR, DE, KS, MS, ND, SD, WY
  
  

What You Get To Do Every Day

• Compliance & Audit Support – Assist with internal and external audits (SOX, PCI DSS, Privacy), including evidence collection, process documentation, and remediation tracking.
• Policy & Procedure Management – Draft, update, and maintain security and compliance policies to align with regulatory requirements and industry best practices.
• Change Management Security Reviews – Collaborate with Product, Engineering, and Privacy teams to assess security and compliance risks in new product features, infrastructure changes, and business processes.
• Third-Party Risk Management (TPRM) – Conduct vendor risk assessments, evaluate security controls, and support contract security reviews.
• Risk Management – Perform risk assessments, track remediation efforts, and collaborate with stakeholders to mitigate security and compliance risks, following industry best practices (NIST CSF, ISO27001, CIS).
• Access & Security Reviews – Conduct user access audits, support user access review process, and improve onboarding/offboarding access controls.
• Security Awareness and Training – Coordinate and conduct regular security awareness including simulated phishing campaigns. Monitor and report on key performance indicators (KPIs) to track the security awareness program's effectiveness.
  
  

What You Bring To The Role

Minimum Requirements:

• 2 years in GRC, IT compliance, security, or risk management.
• Working knowledge of various frameworks, such as NIST CSF, ISO27001, CIS, SOX, PCI DSS, COBIT, and related frameworks.
• Familiarity with IT environments, cloud environments, security controls, and compliance tooling (e.g., change management, access and identity, and other related GRC tools).
• Hands-on experience conducting risk assessments, supporting audits, and supporting compliance reporting.
• Ability to translate compliance requirements into actionable policies and procedures.
  
  

Preferred Requirements:

• Bachelor’s degree or equivalent work experience.
• GRC experience in the retail, e-commerce, or marketplace industries.
• Hands-on experience supporting SOX audits
• Hands-on experience designing and assessing SOX controls (ITGC, ITAC)
• Experience with Service Organization Controls (SOC1, SOC2) reviews.
• Certifications (Preferred): CGRC, CISA, CRISC, CISSP, or equivalent.
  
  

Compensation, Benefits, + Perks

The expected salary range for this role is $96,872.00-$114,485.00. To determine starting pay we carefully consider a variety of factors, including primary work location and an evaluation of a candidate’s skills, experience, market demands, and internal parity. Additionally, salary is just one component of TRR’s total rewards package. Depending on role, employees may also be eligible for a bonus program, incentive pay and benefits.

The RealReal is the world’s largest online marketplace for authenticated, resale luxury goods, with 37 million members. With a rigorous authentication process overseen by experts, The RealReal provides a safe and reliable platform for consumers to buy and sell their luxury items. We have hundreds of in-house gemologists, horologists, and brand authenticators who inspect thousands of items each day. As a sustainable company, we give new life to pieces by thousands of brands across numerous categories—including women's and men's fashion, fine jewelry and watches, art, and home—in support of the circular economy. We make selling effortless with free virtual appointments, in-home pickup, drop-off, and direct shipping. We handle all of the work for consignors, including authenticating, using AI and machine learning to determine optimal pricing, photographing and listing their items, as well as shipping and customer service.

The RealReal is committed to providing an equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or expression, or Veteran status. We will consider qualified applicants for a position regardless of arrest or conviction records. At TRR, People Come First. That’s why diversity and inclusion are vital to our priorities as an equal opportunity employer. You can read about our Diversity Equity and Inclusion program here.

Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. The employee is regularly required to sit; use hands to finger, handle, or feel and talk or hear. The employee is occasionally required to stand; walk; reach with hands and arms; climb or balance; stoop, kneel, crouch, or crawl; and taste or smell. The employee must occasionally lift and/or move up to 10 pounds. Specific vision abilities required by this job include close vision. The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.