Governance Risk & Compliance Analyst, Information Technology

Governance Risk & Compliance Analyst, Information Technology

Job Locations

US

ID

2025-8245

Type

REG - Regular Employee

Overview

Location : Remote

Are you passionate about risk management, regulatory compliance, and building strong frameworks that protect enterprise systems? Join our team as a Governance, Risk & Compliance (GRC) Analyst and play a vital role in safeguarding our organization's information security and compliance posture.

In this role, you'll lead internal and third-party risk assessments, maintain our enterprise risk register, oversee vendor due diligence, and collaborate with cross-functional teams to strengthen our risk and compliance programs.

What We Offer :

Salary : Competitive range of $87,000 - $100,000 per year . This range reflects the budgeted compensation for this role. The final offer will depend on experience, skills, and location.

• Bonus : This role offers a competitive bonus opportunity, awarded at the company's discretion and based on both overall business performance and your individual contributions.
• Tuition Waiver : Enjoy a tuition waiver after 6 months of employment for you AND your immediate family offered at UTI and Concorde campuses
• Paid Time Off : Competitive paid time off programs for employees (Vacation, Sick, Flexible)
• Retirement Matching : 50% match on the first 6% of your contributions after 90 days
• Paid Parental Leave : 4 weeks of paid leave for both birthing and non-birthing parents to bond with a new baby
• Competitive Insurance : Health, vision, and dental coverage for you and your dependents
• Pet Insurance : Competitive coverage for your furry family members through ASPCA
• Health Plan Enrollment : Eligibility starts first of the month following completing one full month of employment

Responsibilities

Conduct internal and external risk reviews , ensuring alignment with frameworks like NIST, GLBA, PCI, HIPAA, and SOX

Perform third-party risk assessments during onboarding and throughout vendor lifecycle

Maintain and update the enterprise risk register and third-party inventory

Collaborate with stakeholders on risk mitigation strategies and track remediation progress

Support audits, security control testing, and policy exception reviews

Contribute to the ongoing improvement of GRC programs, policies, and processes

Develop and track KPIs and metrics for risk and compliance performance

Leverage GRC platforms and tools to streamline workflows and enhance reporting

Qualifications

Requirements

4+ years of experience in GRC, risk management, cybersecurity compliance, or a related field

Demonstrated experience performing internal and external risk assessments

Hands-on experience with GRC tools / platforms (implementation experience a plus)

Working knowledge of key frameworks and regulations : NIST, GLBA, PCI, HIPAA, FERPA, SOX

Strong communication and analytical skills with the ability to influence cross-functional teams

Preferred Qualifications

Bachelor's degree in InfoSec, Computer Science, or a related field

Experience developing and reporting on risk and compliance KPIs

Familiarity with cloud security (Azure, AWS, O365) and third-party risk tiering

#LI-Remote