Job Summary and Mission This role supports Starbucks Technology by driving compliance programs—including SOX, PCI, SWIFT, and emerging regulations—through effective risk‑to‑control alignment and scalable compliance operations. The cybersecurity analyst senior partners across GCS, ST, and business teams to develop and improve enterprise compliance services, requiring strong interpersonal skills and clear communication. The role designs and maintains GRC capabilities across policies, standards, controls, assessments, and automation. The ideal candidate brings deep IT compliance expertise and hands‑on experience with GRC/IRM platforms, enabling continuous control monitoring, evidence automation, and actionable risk insights. This position operates with significant independence, proactively identifying requirements, improving processes, and leading cross‑functional change. Summary of Key Responsibilities Leadership – - Serve as a subject-matter expert across key technology compliance domains (e.g., SOX ITGC, PCI DSS, SWIFT, ISO/IEC 27001, NIST CSF/800-53, SOC 2), navigating cross-functional dependencies and translating regulatory obligations into actionable, risk-based controls. - Partners with managers, engineers, and cross-functional teams to drive compliance within technology products and solutions, build strong working relationships, and provide advisory support that aligns requirements, policies, standards, and controls that reduce risk and strengthen operational resilience - Develop training and reusable templates to help compliance scale across the enterprise - Operate in a largely self-directed manner; escalate risks and decisions appropriately. Solution Design and Automation – - Lead compliance automation initiatives to streamline control execution, validation, evidence collection, and monitoring through scalable, technology-driven workflows. - Design and configure Governance Risk Compliance (GRC)/Integrated Risk Management (IRM) capabilities (e.g. control libraries, issues and risk management, assessments, evidence orchestration), integrating with enterprise systems to automate data flows, control testing, and compliance reporting. - Enable continuous control monitoring by defining data models, automation patterns (APIs, eventing, scripting), with an increasing focus on AI-assisted detection, testing, and anomaly identification to reduce manual effort and expand assurance coverage. - Build intelligent dashboards and metrics that visualize control health, risk posture, findings, exceptions, and remediation progress, incorporating role-based experiences and leveraging AI/ML insights to surface emerging risks and control degradation trends. - Continuously identify and implement automation, standardization, and reuse opportunities to improve productivity, quality, and cost efficiency. Compliance Program Operations – - Design risk and control matrices that support regulatory requirements and internal standards. - Provide consulting and guidance to ensure effective use of compliance and risk‑management tools and processes. - Develop budget recommendations to support compliance initiatives and program maturity. - Own multiple compliance products and maintain deep knowledge of relevant Starbucks and industry domain areas. - Apply LEAN and user‑centered design techniques to simplify compliance processes and improve partner experience. - Administer and support GRC tools and integrations, including triaging requests, managing queues against SLAs, and coordinating with vendors and cross‑functional teams. - Develop and maintain documentation (wikis, knowledge articles, runbooks) and deliver training on compliance services, tooling, and governance processes. - Coordinate and execute control assessments, readiness reviews, and walkthroughs, collecting and validating evidence for internal and external audits. - Perform root‑cause analysis and drive durable remediation through control improvements, process changes, or automation. - Track and report remediation status, risk acceptance, and exceptions in partnership with control owners and audit stakeholders. Agile Delivery – - Own and refine the compliance services backlog by creating user stories, defining acceptance criteria, and driving delivery within agile sprint cadences. - Manage GRC/compliance products and services, applying continuous improvement to mature capabilities over time. - Collaborate with stakeholders to define requirements, assess business value, prioritize backlog items, and maintain user personas that support the compliance program. - Define controls and compliance goals, KPIs, and measurement plans to evaluate program effectiveness with minimal oversight. - Balance scope, capacity, and timelines to deliver small feature sets and enhancements aligned to business and compliance outcomes. - Develop strategic and operational plans for compliance services, ensuring effective execution and measurable results. Basic Qualifications - Bachelor's degree in computer science or related field or 3+ years of relevant experience. - Apply knowledge of business principles and technology practices to achieve successful outcomes in cross-functional activities. - Excellent analytical and problem-solving skills. - Generate comprehensive documentation in support of systems. - Exhibit exception oral and written interpersonal and communication skills. - Experience with Microsoft Office products such as Word, Excel, and PowerPoint proficiently. - Apply a deep understanding of business processes and process improvement initiatives. - Provide top-tier customer service. - Implement system development concepts effectively. - Proven working knowledge of system development lifecycle and IT operations. - Ability to use business knowledge, sound judgement, and resourcefulness to design and deploy highly reliable and sustainable technology solutions. - Ability to balance multiple priorities and meet deadlines. - Configuration knowledge of relevant applications/modules/platforms. Preferred Qualifications - 3+ years of progressive industry experience in Information Risk Management, IT Governance, IT Compliance, Data Privacy or Internal/External - Technology Audit disciplines, with at least two of those years in an IT or a software development setting. - Exposure to Common Control Framework (CCF) practices with knowledge and ability to track common control requirements across numerous security and regulatory standards - Ability to work within large organizations to collaborate and drive cross-functional efforts, and build partnerships to secure the resources necessary to achieve goals - Certifications such as CISA, CISSP, CISM, CIPM or others focused on controls assurance, information security, data privacy or information risk management is a strong plus - Detailed and results-oriented, able to analyze data to justify product decisions and apply key learnings. - Strong verbal and written communications skills - Consistently uses communications skills to influence outcomes within a known skill set - Ability to balance multiple priorities and meet deadlines - Ability to thoroughly understand complex business and technical issues and influence decision making - Hands on experience in developing roadmaps, story outlines, writing user stories, refining product backlogs, and coordinating/prioritizing conflicting requirements across teams in a fast-paced, changing environment - Ability to apply knowledge of multidisciplinary business principles and practices to achieve successful outcomes in cross-functional projects and activities - Experience in engineering and/or platform role for GRC solutions and/or cybersecurity risk management solutions. As a Starbucks partner, you (and your family) will have access to medical, dental, vision, basic and supplemental life insurance, and other voluntary insurance benefits. Partners have access to short-term and long-term disability, paid parental leave, family expansion reimbursement, paid vacation from date of hire*, sick time (accrued at 1 hour for every 25 hours worked), eight paid holidays, and two personal days per year. Starbucks also offers eligible partners participation in a 401(k) retirement plan with employer match, a discounted company stock program (S.I.P.), Starbucks equity program (Bean Stock), incentivized emergency savings, and financial well-being tools. Additionally, Starbucks offers 100% upfront tuition coverage for a first-time bachelor’s degree through Arizona State University’s online program via the Starbucks College Achievement Plan, student loan management resources, and access to other educational opportunities. You will also have access to backup care and DACA reimbursement. Starbucks will comply with any applicable state and local laws regarding employee leave benefits, including, but not limited to providing time off pursuant to the Colorado Healthy Families and Workplaces Act, and in accordance with its plans and policies. This list is subject to change depending on collective bargaining in locations where partners have a certified bargaining representative. For additional information regarding partner perks and more detailed information about benefits, go to starbucksbenefits.com. *If you are working in CA, CO, IL, LA, ME, MA, NE, ND or RI, you will accrue vacation up to a maximum of 120 hours (190 in CA) for roles below director and 200 hours (316 in CA) for roles at director or above. For roles in other states, you will be granted vacation time starting at 120 hours annually for roles below director and 200 hours annually for roles director and above. The actual base pay offered to the successful candidate will be based on multiple factors, including but not limited to job-related knowledge/skills, experience, geographical location, and internal equity.  At Starbucks, it is not typical for an individual to be hired at the high end of the range for their role, and compensation decisions are dependent upon the facts and circumstances of each position and candidate. Join us and inspire with every cup. Apply today! Starbucks Coffee Company is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, or protected veteran status, or any other characteristic protected by law. Qualified applicants with criminal histories will be considered for employment in a manner consistent with all federal, state and local ordinances.   Starbucks Coffee Company is committed to offering reasonable accommodations to job applicants with disabilities. If you need assistance or an accommodation due to a disability, please contact us at applicantaccommodation@starbucks.com or 1(888) 611-2258.

Now Brewing – cybersecurity engineer senior, CSOC (Cybersecurity Operations Center)! #tobeapartner From the beginning, Starbucks set out to be a different kind of company. One that not only celebrated coffee and the rich tradition, but that also brought a feeling of connection. We are known for developing extraordinary leaders who share this passion and are guided by their service to others. This position contributes to Starbucks success by utilizing a variety of tools to investigate alerts and indicators of compromise, review log data, and assess operational health for the Starbucks Security platforms. You should have strong problem-solving skills, excellent communication skills, a deep technical understanding of modern cybersecurity threats, and a validated track record of a hands-on approach to maturing defense capabilities in highly targeted environment at scale. Success for the role will be by contributing to the delivery of a world class cybersecurity program that is positioned to address, contain, and drive successful resolution to any cybersecurity situation. As a cybersecurity engineer senior, CSOC (Cybersecurity Operations Center) , you will... - Detect, assess and respond to alerts and incidents - Perform rapid triage to determine severity, validity, and urgency of alerts - Follow SOC playbooks and SOPs to ensure consistent triage and decision-making - Creates custom detections aligned to the MITRE ATT&CK Framework - Review and audit available logging to determine potential gaps in detection capabilities - Reviews threat intel reports and feeds, makes recommendations for profile or toolset changes based on reviews - Hunts for new threats and perform data analytics to surface activity not seen within the environment - Performs in-depth investigations on Windows, Linux, and MacOS hosts - Write stories for engineers to improve our SOAR environment - Support the improvement of SOC processes through feedback and operation observations - Acts as a mentor and escalation point for SOC engineers - Tune security tool configuration to minimize false positives - Collaborate with security leadership, engineering, and compliance to execute security strategies - Assess our current cloud security and propose improvements or solutions - Serve as a subject matter expert for security tools, applications, and processes We’d love to hear from people with: - 5+ years of experience working in an information technology discipline - 4+ years of security operations experience - Deep technical understanding of modern Cybersecurity threats - Ability to quickly learn new cybersecurity concepts - Understanding of the MITRE ATT&CK framework and the ability to create detections based on analysis of attacker tools & techniques using this framework - Proficient in programming with at least one modern language such as Python, Powershell, C#, Ruby, Java, Rust, Go - Experience with the following technologies: SIEMs, WAFs, IDS/IPS, EPP, EDR, FIM, DLP, Cloud Security, Container Security - Basic understanding of compliance and regulatory requirements such as SOX and PCI. - Ability to balance multiple priorities and meet deadlines - Excellent problem-solving abilities - Passionate about cybersecurity and self-driven to become an expert Preferred Qualifications - Proficiency in two or more of the following technologies: SIEMs, WAFs, IDS/IPS, EPP, EDR, FIM, DLP, Cloud Security, Container Security - Proficiency in two or more of the following pillars: Phishing, DLP, Compliance, Networking, Forensics, Big Data, Threat Intel, Operating Systems, Reverse Engineering - Contributes back to the cybersecurity community through teaching or through code - Certifications such as CISSP, SSCP, GCIH or others focused on cybersecurity As a Starbucks partner, you (and your family) will have access to medical, dental, vision, basic and supplemental life insurance, and other voluntary insurance benefits. Partners have access to short-term and long-term disability, paid parental leave, family expansion reimbursement, paid vacation from date of hire*, sick time (accrued at 1 hour for every 25 hours worked), eight paid holidays, and two personal days per year. Starbucks also offers eligible partners participation in a 401(k) retirement plan with employer match, a discounted company stock program (S.I.P.), Starbucks equity program (Bean Stock), incentivized emergency savings, and financial well-being tools. Additionally, Starbucks offers 100% upfront tuition coverage for a first-time bachelor’s degree through Arizona State University’s online program via the Starbucks College Achievement Plan, student loan management resources, and access to other educational opportunities. You will also have access to backup care and DACA reimbursement. Starbucks will comply with any applicable state and local laws regarding employee leave benefits, including, but not limited to providing time off pursuant to the Colorado Healthy Families and Workplaces Act, and in accordance with its plans and policies. This list is subject to change depending on collective bargaining in locations where partners have a certified bargaining representative. For additional information regarding partner perks and more detailed information about benefits, go to starbucksbenefits.com. *If you are working in CA, CO, IL, LA, ME, MA, NE, ND or RI, you will accrue vacation up to a maximum of 120 hours (190 in CA) for roles below director and 200 hours (316 in CA) for roles at director or above. For roles in other states, you will be granted vacation time starting at 120 hours annually for roles below director and 200 hours annually for roles director and above. The actual base pay offered to the successful candidate will be based on multiple factors, including but not limited to job-related knowledge/skills, experience, geographical location, and internal equity.  At Starbucks, it is not typical for an individual to be hired at the high end of the range for their role, and compensation decisions are dependent upon the facts and circumstances of each position and candidate. Join us and inspire with every cup. Apply today! Starbucks Coffee Company is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, or protected veteran status, or any other characteristic protected by law. Qualified applicants with criminal histories will be considered for employment in a manner consistent with all federal, state and local ordinances.   Starbucks Coffee Company is committed to offering reasonable accommodations to job applicants with disabilities. If you need assistance or an accommodation due to a disability, please contact us at applicantaccommodation@starbucks.com or 1(888) 611-2258.

About the Team OpenAI’s mission is to ensure that general-purpose artificial intelligence benefits all of humanity. We believe that achieving our goal requires real world deployment and iteratively updating based on what we learn. The Intelligence and Investigations team supports this by identifying and investigating misuses of our products – especially new types of abuse. This enables our partner teams to develop data-backed product policies and build scaled safety mitigations. Precisely understanding abuse allows us to safely enable users to build useful things with our products. About the Role As an Abuse Investigator on the Intelligence and Investigations team, you will be responsible for detecting and/or reviewing malicious uses and activities of our platform and disrupting actors that abuse our policies and other harmful behavior. This will require expert understanding of our products and data and experience investigating threat actors. You will also respond to time sensitive escalations, especially those that are not caught by our existing tools and safeguards. This role requires deep domain-specific expertise in identifying, understanding, and mitigating risk from violent attacks and behavior, and terrorist-related activity. You’ll need experience investigating sophisticated and harmful threats and the ability to navigate ambiguous signals in a complex and adversarial threat environment. You’ll need a proven ability to quickly learn new processes, systems and team dynamics while thriving in ambiguous, rapidly changing, and high-pressure environments. This role will work PST hours and is remote-friendly, though you’re welcome to work from our San Francisco, New York, or Washington, DC offices if desired. The role will include resolving urgent escalations outside of normal work hours and on-call shift work. Investigations will involve sensitive content, including sexual, violent, or otherwise-disturbing material, to include child safety-related content. As such, you should have strong resiliency in managing similar high stress environments in the past. In this role, you will: - Review leads, investigate activity and disrupt abusive operations in partnership with our policy, legal, and integrity teams focused on violent and terrorist activities, especially associated with time sensitive threat to life risks - Develop abuse signals and tracking strategies to help proactively detect harmful activity on our platform - Identify operational workflow improvements and processes that expedite work while still mitigating risk - Communicate investigation findings from your work with stakeholders internally and, at times, externally - Develop a categorical understanding of our products and data, and work with technical teams to improve our data and tooling - Support an on-call process and role that requires rapid threat triaging, investigation, mitigation, sound judgement and concise briefing to senior leadership - Be someone people enjoy working with and appreciate the opportunity to help others You might thrive in this role if you: - Have deep expertise in counterterrorism and violent activity mitigation, ideally developed through law enforcement, legal, government, crisis response, social work, behavioral analysis units, special operations or similar environments - Have strong familiarity with technical investigations, especially using SQL and Python, in a government/military, think tank setting, and/or tech company - Have at least 12+ years of experience tracking or assessing threat actors in counterterrorism and/or violent activity domains, or conducting professional casework involving violent offenders, extremist actors, or high-risk individuals (e.g., through law enforcement investigations, threat assessment, behavioral analysis, psychology, or licensed social work) or in handling - Have at least two years of experience helping to develop automated approaches to accomplishing your work - Experience in presenting analytic work in public or policy settings - Speak another language, in addition to English About OpenAI OpenAI is an AI research and deployment company dedicated to ensuring that general-purpose artificial intelligence benefits all of humanity. We push the boundaries of the capabilities of AI systems and seek to safely deploy them to the world through our products. AI is an extremely powerful tool that must be created with safety and human needs at its core, and to achieve our mission, we must encompass and value the many different perspectives, voices, and experiences that form the full spectrum of humanity. We are an equal opportunity employer, and we do not discriminate on the basis of race, religion, color, national origin, sex, sexual orientation, age, veteran status, disability, genetic information, or other applicable legally protected characteristic. For additional information, please see OpenAI’s Affirmative Action and Equal Employment Opportunity Policy Statement. Background checks for applicants will be administered in accordance with applicable law, and qualified applicants with arrest or conviction records will be considered for employment consistent with those laws, including the San Francisco Fair Chance Ordinance, the Los Angeles County Fair Chance Ordinance for Employers, and the California Fair Chance Act, for US-based candidates. For unincorporated Los Angeles County workers: we reasonably believe that criminal history may have a direct, adverse and negative relationship with the following job duties, potentially resulting in the withdrawal of a conditional offer of employment: protect computer hardware entrusted to you from theft, loss or damage; return all computer hardware in your possession (including the data contained therein) upon termination of employment or end of assignment; and maintain the confidentiality of proprietary, confidential, and non-public information. In addition, job duties require access to secure and protected information technology systems and related data security obligations. To notify OpenAI that you believe this job posting is non-compliant, please submit a report through this form. No response will be provided to inquiries unrelated to job posting compliance. We are committed to providing reasonable accommodations to applicants with disabilities, and requests can be made via this link. OpenAI Global Applicant Privacy Policy At OpenAI, we believe artificial intelligence has the potential to help people solve immense global challenges, and we want the upside of AI to be widely shared. Join us in shaping the future of technology.

• Physical installation and initial configuration of Nozomi equipment • Deployment of industrial IDS probes (e.g., NS1 250 and NS20 1000) • Technical support and knowledge transfer to operations teams