Governance, Risk, & Compliance (GRC) Analyst (Senior or Lead)
$130,900–$233,450 year
Hybrid · Chicago, Illinois, United States or San Francisco, California, United States
Job Summary
Governance, Risk, & Compliance (GRC) Analyst will lead the development, maintenance, and continuous improvement of enterprise policies, standards, controls, and implementation procedures across applications, infrastructure, cloud environments, databases, shared resources, and information systems. Translate regulatory, contractual, and cybersecurity requirements into actionable governance and control requirements. Design, maintain, and optimize the enterprise control framework, including control rationalization, consolidation, and framework alignment activities. Partner with cybersecurity, infrastructure, engineering, cloud, application, data governance, privacy, and compliance teams to ensure governance requirements are practical, feasible, and align with business and operational needs. Provide subject matter expertise related to control intent, implementation expectations, regulatory interpretation, and governance best practices. Support governance modernization initiatives, ServiceNow IRM policy management, and control automation efforts to improve scalability, consistency, and efficiency. Develop and support control policies and strategies, prepare governance reporting, and communicate program status, priorities, and progress to stakeholders and leadership.
Required Qualifications
- Bachelor’s degree in Cybersecurity, information Technology, Risk Management, Computer Science, or related field
- 5+ years of experience in Governance, Risk and Compliance (GRC), IT Audit, Information Security, Vulnerability Management, and Compliance
- 5+ years experience supporting enterprise technology environments including applications, infrastructure, cloud services, databases, networks, or identity and access management platforms
- 3+ years experience writing enterprise policies, standards, controls and implementation procedures
- 3+ years of experience leading governance transformation or enterprise control framework initiatives
- 3+ years of experience in cybersecurity and regulatory frameworks including NIST 800-53, NIST 800-171, CMMC, ISO, GDPR, ITAR or similar frameworks
- Experience mapping controls to enterprise technology assets and environments
- Bachelor’s degree in Cybersecurity, information Technology, Risk Management, Computer Science, or related field
- Professional certifications such as CISSP, CGRC, CISA, CRISC
Apply with one swipe on Sorce. We auto-fill applications and apply on your behalf — no cover letters, no 40-minute forms.
Hiring someone like this?
Get your role in front of qualified candidates on Sorce.