Share this Job

Senior Analyst - Governance, Risk, Compliance, & Privacy

Date:  Oct 12, 2021

Broomfield, CO, US

Company:  Vail Resorts
Shift Type:  Year Round

We offer a variety of career opportunities at our world-class resorts and corporate headquarters near Boulder, Colorado in fields like Finance & Accounting, Human Resources, Information Technology, Legal, Public Affairs & Sustainability, Marketing, Sales & Communications and more. Our corporate team shares both a passion for the outdoors and a drive to re-imagine the mountain resort experience around the world. Learn more at www.vailresortscareers.com


As of Nov. 15, 2021, Vail Resorts will be requiring all employees across North America to be vaccinated for COVID-19.

As a Senior Analyst of Governance, Risk, Compliance, and Privacy (GRC&P) you will be responsible for partnering with IT and Business personnel to ensure we meet our Information Security, GRC, and Privacy objectives. This talented individual will work cross-functionally to establish guidelines and standards, ensure they are implemented to mitigate risk, and create a security aware culture through education and enablement of our employees.


The Senior Analyst’s day-to-day activities include implementation and maintenance of our technology GRC&P program, including but not limited to the following program components:

  • Primary
    • Governance (Policies/Procedures, Security Awareness, Education, Training, Program Oversight & Measurement, etc.)
    • Risk Management (Risk Assessment/Management, 3rd Party Risk Management, Security Testing, Project Support, DR/BCP, etc.)
  • Secondary
    • Compliance (Internal Audit Support, Policy Enforcement, PCI, SOX, etc.)
    • Data Privacy (CCPA, etc.)

The ideal candidate will have prior experience working in effective GRC&P programs and demonstrated capabilities to partner with a broad set of stakeholders.


As a key addition to the Information Security Team, reporting to the Director of GRC&P, this Senior Analyst will play a critical role in sustaining excellence and nurturing a security engaged culture across the organization.



  • Drive:  Develop and drive the ownership and accountability of GRC&P objectives and supporting IT and Business initiatives.
    • Be a strong self-starter and step up when and where the team and organization needs you.
    • Hold teams accountable for their Information Security Risk, Governance, Compliance, and Privacy obligations and escalate issues in a timely fashion.
    • Demonstrate strong, clear and concise communications skills.
  • Connect:  Inspire trust and build strong, authentic, productive relationships within the organization and with key stakeholders. 
    • Acts as a role model for developing and maintaining positive, collaborative relationships with all constituents including business and IT peers and leaders.
    • Be empathetic and partner with stakeholders to understand their drivers and needs, and use that knowledge and those relationships to incorporate Information Security Risk, Governance, Compliance, and Privacy requirements.
  • Develop:   Create an environment of continual improvement both inside and outside of direct team.
    • Be open to seeking and providing feedback creating a culture of candor and positive intent.
    • Demonstrate the ability to learn and develop as a self-starter requiring little direction.  We are looking for someone who shows the potential to do more and is a natural leader.
    • Be a Producer of Talent by enabling and educating employees across the organization on Information Security Risk, Governance, Compliance, and Privacy objectives.
  • Out Front: Anticipate the needs of the business and facilitate as well as motivate those around you to identify solutions that both improve the security of our environment and advance business objectives.
    • Maintain an external network to ensure our organization continuously analyzes new threats, trends, innovations, etc. and ensures our strategy and priorities stay appropriately aligned.
    • Be curious about our business and seek to understand our strategy, business practices, and projects so we can support our business strategy AND ensure we meet our Information Security, Technology Risk, Compliance, and Privacy objectives.
    • Assist in the development and execution of education, standards and guidelines that will seamlessly incorporate GRC&P objectives into business initiatives enabling us to continue to grow and scale.
  • Re-Imagine: Bring new ideas, methods, and approaches to Vail Resorts and this role.  Leverage own expertise to challenge the status quo and drive decisions and actions necessary to improve our business processes and related technology.
    • Evolve current GRC&P practices to align with recent growth and ensure future scalability.
    • Thoughtfully analyze all potential options and outcomes to drive the best possible solutions and recommendations.
  • Passion: Demonstrate an unyielding passion for the employee and guest experience, culture, mission and vision.  Lead by example and inspire others to follow.




  • Bachelor’s degree in Business, Technology or related field
  • 5+ years of relevant work experience including proven ability to successfully lead and oversee critical projects and cross functional efforts
  • Strong working knowledge and understanding of key concepts in Information Security, Risk Management, and Compliance
  • Successful regular partnership with IT and Business teams
  • Understanding of corporate Information Security Governance, Risk, Compliance, and Privacy functions
  • Consistently demonstrated growth in their own skills and leadership
  • Technology advocate and proficient in project management tools


  • Applies critical thinking to generate new thoughts and opportunities; has ability to collaborate and build on innovative thoughts/ideas.
  • Informed on industry standards and practices, and a forward thinker on new and innovative approaches.

Project Management:

  • Ability to manage assigned initiatives and tasks on time, on budget, and meeting all requirements.
  • Willingness to escalate issues and concerns
  • Manage operational business impacts as well as technical components of the program or project.


  • Provide input to the annual expense and capital budgeting processes and cycles for their areas.

Vendor Management:

  • Provide leadership and guidance to external vendors.



  • Experience with large, complex compliance programs.
  • Experience driving Information Security standards and practices across a large IT organization
  • Experience executing Information Security risk assessment and management programs


The budgeted range starts at $80,000 - $97,700 + annual bonus.  Actual pay will be adjusted based on experience.


The perks include a free ski pass, and a set of benefits including... 

  • Medical, Dental, Vision insurance, and a 401(k) retirement plan  
  • Hourly employees are generally eligible for accrued Paid Time Off (PTO), Extra Time Off (ETO) and Sick Time.  Salaried employees are generally eligible for Flexible Time Off (FTO) 
  • Paid Parental Leave for eligible mothers and fathers  
  • Healthcare & Dependent Care Flexible Spending Accounts  
  • Life, AD&D, and disability insurance 


Reach Your Peak at Vail Resorts.  As a community of adventurers and discoverers, Vail Resorts delivers an experience of a lifetime to our guests and our employees. Our team is made whole by the brave, passionate individuals who ambitiously push boundaries and challenge the status quo. Whether you’re looking for seasonal work or the career of a lifetime, join us today to reach your peak. 


Vail Resorts is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, protected veteran status or any other status protected by applicable law.

Requisition ID 360867

Nearest Major Market: Denver