Governance Risk and Compliance Analyst

A Governance Risk and Compliance (GRC) Analyst manages risks related to security, privacy, and compliance.

Role overview

Governance Risk and Compliance Analysts ensure that an organization’s operations and procedures meet government and industry compliance standards. They research regulations and policies on behalf of the enterprise, communicate the necessary requirements, apply for certifications, and serve as a subject matter expert on all compliance-related matters.

Governance Risk & Compliance Analyst Job Titles
may also be referred to as:
3rd Party Compliance Analyst
Certification And Accreditation Auditor
Cloud Compliance Security Engineer
Compliance Security Strategist
Cyber Compliance Analyst
Cyber Governance Metrics And Resolution Analyst
Cybersecurity Audit Analyst
Cybersecurity Auditor
Cybersecurity Compliance Advisor
Cybersecurity Compliance Analyst
Cybersecurity Compliance Engineer
Governance And Policy Analyst
GRC Analyst
Identity And Access Management Audit Analyst
Security And Compliance Analyst
Security And Compliance Engineer
Security Auditor
Security Compliance Administrator
Security Compliance Analyst
Security Compliance Assessor
Security Compliance Engineer
Security Compliance Specialist
Vulnerability Compliance Administrator

Career Path

Map your career path by understanding role relationships

Average Salary

Based upon experience, salary for this role ranges from:
$110,000
National Average
$128,750
$147,500
* based upon those with two plus years of cybersecurity experience

Responsibilities

Managing risks related to the use of Information Technology, Information Security, Privacy, Regulatory Compliance and Governance.
Ensuring and monitoring compliance with industry and government rules and regulations at all levels.
Conducting gap analysis and implementing frameworks and standards such as ISO 27001, GDPR, NIST, and SOX.
Developing and revising policies, standards, processes, and guidelines for the organization.
Conducting vendor risk assessments against organizational security requirements.
Continually testing and monitoring the effectiveness of security controls.
Conducting research to aid threat assessment or risk mitigation activities.
Developing mechanisms to align with the adoption and usage of current and emerging technologies.

GRC Analyst’s play a pivotal role in assessing and prioritizing information, security, and cybersecurity risk across an organization. A GRC Analyst’s technical skills, combined with their ability to manage risks and ensure compliance, make them key players in any organization's cybersecurity strategy.

Tools & Environment

Governance Risk and Compliance Analysts need experience working with governance, risk, and compliance (GRC) tools such as ServiceNow, Archer, or MetricStream, and should be familiar with national and international regulatory frameworks like NIST, ISO, SOX, EU DPD, HIPAA, PCI DSS, and GDPR. These cybersecurity professionals also work with risk analytics tools, risk assessments, and reporting tools.

Certifications

Category Organization Certification
Compliance (ISC)2 HCISPP
Compliance APMG ISO/IEC 27001-P ISO
Compliance APMG ISO/IEC 27001-F
Compliance APMG NCSP-P
Compliance APMG NCSP-F
Compliance Crypto Consortium CCSSA
Compliance EXIN PDP-P
Compliance EXIN PDP-E
Compliance EXIN PDP-F
Compliance EXIN ISO/IEC 27001-F
Organization

[cyber_job_role_count] Governance Risk and Compliance Analyst jobs

Resources

Videos

Watch our latest videos, talks an recorded events
Watch

White Papers

Download our whitepapers and printed resources
Learn

Free Courses

Browse our training courses and educational resources
See All

Podcasts

Listen to our podcast features and recorded roundtables
Listen

Get our latest insights. Subscribe to our newsletter.