Lead Information Security Analyst

| Culver City
Apply now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.

Lead Information Security Analyst || Governance, Risk & Compliance

sweetgreen is hiring a lead information security analyst to help build our governance, risk and compliance (GRC) function  in order to keep our enterprise safe and enable our organization to scale on reliable, flexible, fast and--most importantly--trustworthy platforms. We’re accepting applications from now until we find the right candidate. 

We are building GRC as a functional competency within the larger cybersecurity program. As a lead information security analyst, you can expect to be focused on building frameworks and processes which allow us to measure compliance against our policies; understand the efficacy of countermeasures and controls; calibrate and articulate risk to the larger organization and; develop feedback loops to ensure continuous improvement in the organization’s security posture. What you build will be used in every part of the organization, from the stores, to the corporate environment (called the Treehouse) and even our digital products.

Top Outcome - Within one year, you will design and operationalize a GRC function through which we can consistently and scalably orchestrate core security processes and procedures appropriate to each business unit within the organization. The effect of this work is that you will have created a risk management framework which enables us to react appropriately to emergent threats, and plan accordingly to effectively mitigate vulnerabilities; you will have generated a comprehensive collection of all known accepted risks and will have the appropriate owners on a path to remediation; you will be able to articulate the effectiveness of established countermeasures and; you will be able to drive policy review and modernization to ensure it continues to reflect sweetgreen’s goals and values. 

Your Impact

  • Get to know the business: Through observation, engagement and interviews with stakeholders across the business including IT, engineering, supply-chain and restaurant systems, by day 21 you should have a good understanding of the core systems and platforms that sweetgreen operates upon and be able to articulate & document deficiencies in visibility, detection, alerting and processes which would prevent us from being able to achieve compliance with existing standards, such as PCI-DSS or new standards such as SOC 2. 
  • Drive Prioritization and Design Workstreams: Within 45 days, you should have a strong understanding of known deficiencies based upon existing standards as well as sweetgreen security policies. In cooperation with peers in Security as well as stakeholders across the business, you will need to design, document and socialize a risk management framework to prioritize the severity of those deficiencies, assign risk owners and work with those owners to develop a mitigation plan in accordance with an agreed-upon timeline.
  • Define the Path to SOC 2 Compliance: By 60 days in seat, you will have presented the risk management framework to the other stakeholders and developed a process to operationalize the framework. From there, using the prioritized list of deficiencies as well as the requirements stipulated in the SOC 2 framework, you should define & document realistic milestones and deliverables, down to the story-level, describing the core actions sweetgreen needs to take to achieve SOC 2 compliance.
  • Drive Implementation: No later than day 75, you should be wholly focused on working with stakeholders across the business to eliminate high risk deficiencies and build the processes necessary to achieve compliance confidently and consistently with minimal continuous manual intervention.
  • Documentation: In order to ease future teammate onboarding, debugging, and knowledge sharing of complex services while mitigating the risk of tribal knowledge, within 30 days in seat, you’ll contribute to our established information architecture within Confluence and put a plan in place to realize 100% documentation of the functions you own.
  • Monitoring Functional Health: By day 90, you will have a plan in place to implement KPIs and metrics to allow us to understand the overall health of the security program as well as track progress of resolutions of identified risks.

A successful candidate will be a seasoned information security analyst with deep familiarity with core security tenets and principles as well as have knowledge of common preventative technologies. You should be have expert-level knowledge of PCI-DSS, SOX-IT, ISO27001, NIST Cybersecurity Framework, CIS Top 20 and SOC2 compliance requirements. Additionally, you should be very comfortable identifying, calibrating and tracking 

what security means at sweetgreen

Fortune favors the bold, and nowhere is that more true than sweetgreen cybersecurity. We want you to help us reimagine what security means by turning old, antiquated traditions on their ears and challenging every assumption.  While our security program is rooted in the principles of the NIST Cybersecurity Framework, we recognize that delivering on those principles doesn’t look the same for everyone. 

We value fire prevention over fire fighting. Yes, you will have some fires to put out, including incident response and remediation, but your focus will be on building foundational processes and frameworks that are fault tolerant and scalable which allow us to orchestrate and govern the core security program.

Though there’s more work to do than people to do it, we always aim to achieve our objectives with people, processes and policies before we apply technology. We choose our tooling very carefully with an eye toward how it may be used to help other parts of the organization achieve their goals. To that end, we lean heavily on FOSS (free and open source software) capabilities to help us deliver on our outcomes. We welcome you to contribute to a FOSS community and, as you discover innovative ways to solve the challenges presented to you and promote sweetgreen’s contributions to the security, risk, compliance  and privacy communities.

We value the ideas and contributions from all of our teammates no matter their background or what part of the business they come from. We want people who are just as anxious to learn and experiment as they are to teach to technical and non-technical audiences. That said, we expect you to passionately defend ideas and principles which promote trust from our customers, our teammates and the communities we serve. 

We’re looking for builders. We’re looking for people who are excited to be on the ground floor, knowing that it will be their designs, their plans and their influence which shape the future of sweetgreen s security posture.  

The sweetlife awaits

As a member of team sweetgreen, you’ll enjoy competitive pay and be eligible for bonuses based upon your performance and experience. You’ll have the opportunity to take advantage of a comprehensive benefits plan, including medical, dental and vision  amongst other benefits. 

sweetgreen truly values feeding the whole person, that includes providing flexible time off in addition to continuous education and training opportunities. We know being successful in this role means keeping up with an ever evolving adversary—we want you to participate in the security community whether that be as a conference attendee or as a speaker. Furthermore, we will work together, along with our business partners on the people team to design a growth and progression plan aligned to your career goals and we will check in often to make sure you have the tools you need to succeed. 

about sweetgreen

sweetgreen is on a mission to build healthier communities by connecting people to real food. We passionately believe that real food should be convenient and accessible to everyone. Every day in each sweetgreen restaurant, our team members make food from scratch, using fresh ingredients and produce delivered that morning. And in our local communities, we’re committed to leaving people better than we found them. We’re in the business of feeding people, and we’re out to change what that means. Our people are our most valuable ingredient - the heart of our company, the face of our brand, and what truly makes the sweetgreen experience special and unique.

Read Full Job Description
Apply now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.

Technology we use

  • Engineering
    • GolangLanguages
    • JavascriptLanguages
    • PythonLanguages
    • RubyLanguages
    • SqlLanguages
    • GrailsLanguages
    • GraphQLLanguages
    • ReactLibraries
    • AngularJSFrameworks
    • DjangoFrameworks
    • Ember.jsFrameworks
    • Node.jsFrameworks
    • Ruby on RailsFrameworks


Our office is positioned in the centerpiece for LA's newest creative generation, PLATFORM and directly across the street from the Metro Station.

What are sweetgreen Perks + Benefits

sweetgreen Benefits Overview

sweetgreen is committed to offering a benefit package with flexibility and options to help you live your sweetlife. Our suite of benefits includes the core options of medical, dental, and vision as well as other voluntary benefit options to help you create the benefit package that best meets the needs of you and your family.

We believe that our employees are the most important ingredients in our restaurants and aim to support you throughout your journey at sweetgreen. FAMILY FUND

Volunteer in local community
Partners with Nonprofits
Friends outside of work
Eat lunch together
Open door policy
Team owned deliverables
Team based strategic planning
Group brainstorming sessions
Pair programming
Open office floor plan
Dedicated Diversity/Inclusion Staff
Unconscious bias training
Health Insurance & Wellness Benefits
Flexible Spending Account (FSA)
Disability Insurance
Dental Benefits
Vision Benefits
Health Insurance Benefits
Life Insurance
Pet Insurance
Wellness Programs
Retirement & Stock Options Benefits
401(K) Matching
Company Equity
Employee Stock Purchase Plan
Performance Bonus
Child Care & Parental Leave Benefits
Generous Parental Leave
We provide up to 5 months of parental leave for the primary caretaker. We believe in fully supporting new parents.
Flexible Work Schedule
sweetgreen provides employees with a flexible work schedule that includes flexible start and end times. Do what you love on *and* off the clock.
Return-to-work program post parental leave
Vacation & Time Off Benefits
Unlimited Vacation Policy
Paid Volunteer Time
Our employees Give back with 5 paid volunteering hours per year.
Perks & Discounts
Casual Dress
Commuter Benefits
Company Outings
Free Daily Meals
Stocked Kitchen
Some Meals Provided
Happy Hours
Pet Friendly
Fitness Subsidies
Sweetgreen has partnered with Classpass to offer a different kind of gym membership. All benefits-eligible employees receive a subsidy per month to use towards your membership.
Professional Development Benefits
Job Training & Conferences
Tuition Reimbursement
Diversity Program
Lunch and learns
sweetgreen hosts lunch and learn meetings once per month.
Cross functional training encouraged
Promote from within

Additional Perks + Benefits


The family fund provides emergency financial aid to employees experiencing financial hardship caused by catastrophic events outside of your control, like a natural disaster or life altering personal crisis.

Every person in the sweetgreen family can elect to donate part of their paycheck to the family fund pool of money. This is the money that will be distributed to individuals who apply for funds that will help them cope with an unfortunate situation.

With your continued support, we can truly make an impact in the lives of our sweetgreen family members who are experiencing hardship.

More Jobs at sweetgreen7 open jobs
All Jobs
HR + Recruiting
Project Mgmt
Culver City
Project Mgmt
Culver City
Los Angeles
HR + Recruiting
Culver City
Los Angeles
Culver City
Culver City
Apply now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.
Save jobView sweetgreen's full profileSee more sweetgreen jobs