Governance and Compliance Analyst

A Governance and Compliance Analyst manages risks related to security, privacy, and compliance.

Role overview

Governance and Compliance Analysts ensure that an organization’s operations and procedures meet government and industry compliance standards. They research regulations and policies on behalf of the enterprise, communicate the necessary requirements, apply for certifications, and serve as a subject matter expert on all compliance-related matters.

Governance and Compliance Analysts
may also be referred to as:
3rd Party Compliance Analyst
Certification And Accreditation Auditor
Cloud Compliance Security Engineer
Compliance Security Strategist
Cyber Compliance Analyst
Cyber Governance Metrics And Resolution Analyst
Cybersecurity Audit Analyst
Cybersecurity Auditor
Cybersecurity Compliance Advisor
Cybersecurity Compliance Analyst
Cybersecurity Compliance Engineer
Governance And Policy Analyst
GRC Analyst
Identity And Access Management Audit Analyst
Security And Compliance Analyst
Security And Compliance Engineer
Security Auditor
Security Compliance Administrator
Security Compliance Analyst
Security Compliance Assessor
Security Compliance Engineer
Security Compliance Specialist
Vulnerability Compliance Administrator

Career Path

Map your career path by understanding role relationships

Average Salary

Based upon experience, salary for this role ranges from:
National Average
* based upon those with two plus years of cybersecurity experience


Managing risks related to the use of Information Technology, Information Security, Privacy, Regulatory Compliance and Governance.
Ensuring and monitoring compliance with industry and government rules and regulations at all levels.
Conducting gap analysis and implementing frameworks and standards such as ISO 27001, GDPR, NIST, and SOX.
Developing and revising policies, standards, processes, and guidelines for the organization.
Conducting vendor risk assessments against organizational security requirements.
Continually testing and monitoring the effectiveness of security controls.
Conducting research to aid threat assessment or risk mitigation activities.
Developing mechanisms to align with the adoption and usage of current and emerging technologies.

Tools & Environment

Governance and Compliance Analysts need experience working with governance, risk, and compliance (GRC) tools such as ServiceNow, Archer, or MetricStream, and should be familiar with national and international regulatory frameworks like NIST, ISO, SOX, EU DPD, HIPAA, PCI DSS, and GDPR. These professionals also work with risk analytics tools, risk assessments, and reporting tools.


[cyber_job_role_count] Governance and Compliance Analyst jobs



Watch our latest videos, talks an recorded events

White Papers

Download our whitepapers and printed resources

Free Courses

Browse our training courses and educational resources
See All


Listen to our podcast features and recorded roundtables

The CyberSN™ Provider Exchange

The training courses, services, products, and DEI providers you need to take control and accelerate your success.
Cybersecurity Training Made Affordable and Accessible


Cybrary’s industry-leading platform provides guided pathways, threat-informed training, and certification preparation to fully equip cybersecurity professionals at every stage in their careers to skill up and confidently mitigate threats.


Get in touch to see your product, training course, service, or DEI support on our provider exchange.
CyberSecurity For Beginners

Security Sorceress

A course designed to bring a learner from knowing nothing about cybersecurity to knowing the foundations of security. Career advice and group coaching. Prepare for the Security + exam. Financing available.
Career Acceleration and Training Community Hub

Cyber Leadership Institute

Join the Cyber Leadership Institute Community Hub and benefit from the shared knowledge and experience of a global community of cyber leaders.
A game-changing personal branding program for technical professionals

Stand Out From the Crowd With a Strong Personal Brand (EPB)

The Elevate Your Personal Brand (EPB) program helps technical professionals develop a strong personal brand quickly. This short, intensive, and self-paced course will help you develop, monetize, and sustain an outstanding personal brand
For executives in charge of cyber-resilience strategies

Cyber Strategy and Transformational Leadership Skills (CSTP)

The Cyber Strategy and Transformation Program (CSTP) is the ultimate course for senior leaders and project managers responsible for leading cyber strategies and transformation programs across their organizations.

Get our latest insights. Subscribe to our newsletter.