Governance And Compliance Analyst

A Governance and Compliance Analyst manages risks related to security, privacy, and compliance.

Role overview

Governance and Compliance Analysts ensure that an organization’s operations and procedures meet government and industry compliance standards. They research regulations and policies on behalf of the enterprise, communicate the necessary requirements, apply for certifications, and serve as a subject matter expert on all compliance-related matters.

Governance and Compliance Analysts
may also be referred to as:
3rd Party Compliance Analyst
Certification And Accreditation Auditor
Cloud Compliance Security Engineer
Compliance Security Strategist
Cyber Compliance Analyst
Cyber Governance Metrics And Resolution Analyst
Cybersecurity Audit Analyst
Cybersecurity Auditor
Cybersecurity Compliance Advisor
Cybersecurity Compliance Analyst
Cybersecurity Compliance Engineer
Governance And Policy Analyst
GRC Analyst
Identity And Access Management Audit Analyst
Security And Compliance Analyst
Security And Compliance Engineer
Security Auditor
Security Compliance Administrator
Security Compliance Analyst
Security Compliance Assessor
Security Compliance Engineer
Security Compliance Specialist
Vulnerability Compliance Administrator

Career Path

Map your career path by understanding role relationships

Average Salary

Based upon experience, salary for this role ranges from:
National Average


Managing risks related to the use of Information Technology, Information Security, Privacy, Regulatory Compliance and Governance.
Ensuring and monitoring compliance with industry and government rules and regulations at all levels.
Conducting gap analysis and implementing frameworks and standards such as ISO 27001, GDPR, NIST, and SOX.
Developing and revising policies, standards, processes, and guidelines for the organization.
Conducting vendor risk assessments against organizational security requirements.
Continually testing and monitoring the effectiveness of security controls.
Conducting research to aid threat assessment or risk mitigation activities.
Developing mechanisms to align with the adoption and usage of current and emerging technologies.

Tools & Environment

Governance and Compliance Analysts need experience working with governance, risk, and compliance (GRC) tools such as ServiceNow, Archer, or MetricStream, and should be familiar with national and international regulatory frameworks like NIST, ISO, SOX, EU DPD, HIPAA, PCI DSS, and GDPR. These professionals also work with risk analytics tools, risk assessments, and reporting tools.


[cyber_job_role_count] Governance And Compliance Analyst jobs



Watch our latest videos, talks an recorded events

White Papers

Download our whitepapers and printed resources

Free Courses

Browse our training courses and educational resources
See All


Listen to our podcast features and recorded roundtables

The CyberSN™ Provider Exchange

The training courses, services, products, and DEI providers you need to take control and accelerate your success.


Get in touch to see your product, training course, service, or DEI support on our provider exchange.

Cyber Security Cloud & SaaS Solutions Outfitter

Invest in Turbo Charging Cyber Security Solutions – Faster Incident Detection, Response and Recovery Times – Get Access To Over 100 New and Emerging Cloud and Cyber Security Software Solutions

Cybersecurity, Risk Management, Continuity of Operations, and Data Protection & Governance

You need expertise to help you manage risk and protect your data from cyber attacks. Whether it’s strategy, cloud security, compliance, or anything in between, Vertex11 is your ultimate resource for getting the job done.
ESCALATE | Point3 Security

Identify Highly Skilled Individuals with ESCALATE Talent Screening

Traditional hiring has a couple of flaws. Human biases prevent good hires. Over-reliance on certifications and years of experience & HR Software and AI often removes top performers. With ESCALATE Talent Screening, your candidates physically demonstrate necessary skills, informing your hiring process far beyond certs or years of experience.
Rapid Ascent, Inc

Ascend with a Career in Cybersecurity

Hands-on, on-the-job training using state-of-the-art AI, gamified live-fire threats with real-world projects, and coaching from industry experts.

A Cybersecurity SaaS Ecosystem

CYRISMA combines Data Discovery/Data Loss Prevention, Vulnerability Scanning, Configuration Hardening, Score Card Evaluation, Various Reporting and Mitigation planning and Mitigation Execution in a single web-based platform generating Monthly Recurring Revenue for the MSSP.

Get our latest insights. Subscribe to our newsletter.