Principal Analyst of Governance, Risk, Compliance (Remote)

Date:  Sep 14, 2023

Remote, Remote, US

Company:  Vail Resorts
Shift Type:  Year Round


As a leading mountain resort operator with over 40 resorts in sixteen states and four countries. We exist to create an Experience of a Lifetime for our employees, so they can, in turn, provide and Experience of a Lifetime for our guests. We are looking for leaders, innovators, creators, and ambitious professionals to join our talented team. If you’re ready to pursue your fullest potential, we want to get to know you!


Many of our Corporate function teams can now live and work in any of the states in which Vail Resorts currently operates* – enabling flexible remote work alongside a commitment to building and maintaining strong culture both in person and virtually. If you’re ready to pursue your fullest potential, we want to get to know you. Find your purpose with us at


Job Summary:

As a Principal Analyst of Governance, Risk, Compliance (GRC) you will be responsible for collaborating with IT and Business personnel to ensure we meet our Information Security and GRC objectives. This talented individual will work cross-functionally to establish guidelines and standards to mature the effectiveness of our compliance posture, ensure controls are effectively implemented to mitigate risk, and create a security aware culture through education and enablement of our employees.


Job Specifications:

  • Outlet: Corporate, Remote
  • Expected Pay Range: $99,900.00 - $135,120.00 + annual bonus 
  • Shift & Schedule Availability: Full Time / Year Round
  • Skill Level: Advanced


Job Responsibilities:

The Principal Analyst’s day-to-day activities include implementation and maintenance of our technology GRC&P program, including but not limited to the following program components:

  • Primary
    • Sarbanes Oxley (SOX) Compliance: This individual will provide thought leadership across the IT organization in effectively and efficiently meeting our SOX compliance requirements. This will include assisting IT teams in meeting current control execution requirements as well as driving our teams to mature our current control environment.
    • Payment Card Industry (PCI) Compliance: This individual will be the primary contact for our QSA and project manager for our annual PCI Compliance audit.
    • GRC Platform Administration: This role functions as the primary administrator for our internal GRC platform, utilized to orchestrate many of our compliance and risk management processes.
    • Policy Enforcement: Through these various compliance leadership responsibilities, you will be responsible for enforcing policy, as well as maturing our existing inventory of policies to best meet the needs of the company.
  • Secondary
    • Drive maturity across all IT Governance processes (Policies/Procedures, Security Awareness, Education, Training, Program Oversight & Measurement, etc.)
    • Assist in the completion of annual and recurring Risk Management activities (Risk Assessment/Management, 3rd Party Risk Management, Security Testing, Project Support, DR/BCP, etc.)
    • Support our existing Data Privacy team (CCPA, etc.).
  • Other duties as assigned


The ideal candidate will have prior experience leading effective GRC programs and demonstrated capabilities to collaborate with a broadset of stakeholders across both IT and the business. As a key leader on the Information Security Team, reporting to the Director of GRC&P, this Principal Analyst will play a critical role in sustaining our existing environment, strive for excellence and additional maturity throughout our processes, and nurturing a security engaged culture across the organization.


Essential Leadership Responsibilities:

  • Drive: Develop and drive the ownership and accountability of GRC and IT Compliance objectives, supporting IT and Business initiatives.
    • Partner with Information Security, IT application teams, Business Leadership in execution of roadmaps driving increased maturity into our compliance ecosystem.
    • Be a strong self-starter and step up when and where the team and organization needs you.
    • Hold teams accountable for their Information Security and Compliance obligations and escalate issues in a timely fashion.
    • Demonstrate strong, clear, and concise communications skills.
  • Connect: Inspire trust and build strong, authentic, productive relationships within the organization and with key stakeholders.
    • Acts as a role model for developing and maintaining positive, collaborative relationships with all constituents including business and IT peers and leaders.
    • Engage broadly and deeply across the organization to quickly connect information and people to drive enterprise projects, programs, and initiatives.
    • Partner with stakeholders to understand their drivers and needs and use that knowledge and those relationships to drive effective prioritization and roadmaps for delivery.
  • Develop: Create an environment of continual improvement both inside and outside of direct team.
    • Be open to seeking and providing feedback creating a culture of candor and positive intent.
    • Demonstrate the ability to learn and develop as a self-starter requiring little direction. We are looking for someone whoshows the potential to do more and is a natural leader.
    • Be a Producer of Talent by enabling and educating employees across the organization on Information Security Risk, Governance, Compliance, and Privacy objectives.
  • Out Front: Anticipate the needs of the business and facilitate as well as motivate those around you to identify solutions that both improve the security of our environment and advance business objectives.
    • Maintain an external network to ensure our organization continuously analyzes new threats, trends, innovations, etc. and ensures our strategy and priorities stay appropriately aligned.
    • Be curious about our business and seek to understand our strategy, business practices, and projects so we can support our business strategy AND ensure we meet our Information Security, Technology Risk, Compliance, and Privacy objectives.
    • Assist in the development and execution of education, standards and guidelines that will seamlessly incorporate GRC objectives into repeatable business initiatives enabling us to continue to grow and scale.
  • Re-Imagine: Bring new ideas, methods, and approaches to Vail Resorts and this role. Leverage personal expertise to challenge the status quo and drive decisions and actions necessary to improve our business processes and related technology.
    • Evolve current GRC practices to align with recent growth and ensure repeatability and scalability.
    • Thoughtfully analyze all potential options and outcomes to drive the best possible solutions and recommendations.
  • Passion: Demonstrate an unyielding passion for the employee and guest experience, culture, mission and vision. Lead by example and inspire others to follow.


Job Qualifications:

  • 7+ years of relevant work experience including proven ability to successfully lead and oversee critical IT compliance related programs.
  • Bachelor’s degree or equivalent experience in Business, Technology, or related field.
  • Strong working knowledge and understanding of key concepts in Technology Compliance, Information Security, Risk Management,and Privacy requirements.
  • Successful regular partnership with IT leadership teams, process owners, and Business teams
  • Understanding of corporate Information Security Governance, Risk, Compliance, and Privacy functions
  • Consistently demonstrated growth in their own skills and leadership.
  • Applies critical thinking to generate new thoughts and opportunities; has ability to collaborate and build on innovativethoughts/ideas.
  • Informed on industry standards and practices, and a forward thinker on new and innovative approaches.



  • Strong understanding of Enterprise and Operational technologies (Networking, Server Management, End Point Management,Wireless Access, Telecom, Cellular Access, POS (Point of Sale), Mobile Device Management, including handheld scanners)
  • Experience driving Information Security standards and practices across a large IT organization
  • Strong vendor and contract management leadership.
  • Provide input to the annual expense and capital budgeting processes and cycles for their



The expected Total Compensation for this role is $99,900.00 - $135,120.00 + annual bonus.  Individual compensation decisions are based on a variety of factors.

The perks include a free ski pass, and a set of benefits including... 

  • Medical, Dental, Vision insurance, and a 401(k) retirement plan  
  • Hourly employees are generally eligible for accrued Paid Time Off (PTO) and Sick Time.  Salaried employees are generally eligible for Flexible Time Off (FTO) 
  • Paid Parental Leave for eligible mothers and fathers  
  • Healthcare & Dependent Care Flexible Spending Accounts  
  • Life, AD&D, and disability insurance 


Reach Your Peak at Vail Resorts.  At Vail Resorts, our team is made whole by the brave, passionate individuals who ambitiously push boundaries and challenge the status quo. Whether you’re looking for seasonal work or the career of a lifetime, join us today to reach your peak.  

*Remote work is currently permitted from British Columbia and the 16 U.S. states in which we currently operate. This includes: California, Colorado, Indiana, Michigan, Minnesota, Missouri, New Hampshire, New York, Nevada, Ohio, Pennsylvania, Utah, Vermont, Washington State, Wisconsin, and Wyoming. Please note that the ability to work remotely, and the particulars related to such work, are subject to change at any time; and, accordingly, the Company reserves the right to change its policies and/or require in-person/in-office work at any time in its sole discretion.   


Vail Resorts is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, protected veteran status or any other status protected by applicable law.


Requisition ID  498012
Reference Date: 09/14/2023 
Job Code Function: IT Security