Governance and Compliance Analyst

A Governance and Compliance Analyst manages risks related to security, privacy, and compliance.

Role overview

Governance and Compliance Analysts ensure that an organization’s operations and procedures meet government and industry compliance standards. They research regulations and policies on behalf of the enterprise, communicate the necessary requirements, apply for certifications, and serve as a subject matter expert on all compliance-related matters.

Governance and Compliance Analysts
may also be referred to as:
3rd Party Compliance Analyst
Certification And Accreditation Auditor
Cloud Compliance Security Engineer
Compliance Security Strategist
Cyber Compliance Analyst
Cyber Governance Metrics And Resolution Analyst
Cybersecurity Audit Analyst
Cybersecurity Auditor
Cybersecurity Compliance Advisor
Cybersecurity Compliance Analyst
Cybersecurity Compliance Engineer
Governance And Policy Analyst
GRC Analyst
Identity And Access Management Audit Analyst
Security And Compliance Analyst
Security And Compliance Engineer
Security Auditor
Security Compliance Administrator
Security Compliance Analyst
Security Compliance Assessor
Security Compliance Engineer
Security Compliance Specialist
Vulnerability Compliance Administrator

Career Path

Map your career path by understanding role relationships

Average Salary

Based upon experience, salary for this role ranges from:
$110,000
National Average
$128,750
$147,500
* based upon those with two plus years of cybersecurity experience

Responsibilities

Managing risks related to the use of Information Technology, Information Security, Privacy, Regulatory Compliance and Governance.
Ensuring and monitoring compliance with industry and government rules and regulations at all levels.
Conducting gap analysis and implementing frameworks and standards such as ISO 27001, GDPR, NIST, and SOX.
Developing and revising policies, standards, processes, and guidelines for the organization.
Conducting vendor risk assessments against organizational security requirements.
Continually testing and monitoring the effectiveness of security controls.
Conducting research to aid threat assessment or risk mitigation activities.
Developing mechanisms to align with the adoption and usage of current and emerging technologies.

Tools & Environment

Governance and Compliance Analysts need experience working with governance, risk, and compliance (GRC) tools such as ServiceNow, Archer, or MetricStream, and should be familiar with national and international regulatory frameworks like NIST, ISO, SOX, EU DPD, HIPAA, PCI DSS, and GDPR. These professionals also work with risk analytics tools, risk assessments, and reporting tools.

Certifications

[cyber_job_role_count] Governance and Compliance Analyst jobs

Resources

Videos

Watch our latest videos, talks an recorded events
Watch

White Papers

Download our whitepapers and printed resources
Learn

Free Courses

Browse our training courses and educational resources
See All

Podcasts

Listen to our podcast features and recorded roundtables
Listen

The CyberSN™ Provider Exchange

The training courses, services, products, and DEI providers you need to take control and accelerate your success.

YOU COULD BE HERE

Get in touch to see your product, training course, service, or DEI support on our provider exchange.
Career Acceleration and Training Community Hub

Cyber Leadership Institute

Join the Cyber Leadership Institute Community Hub and benefit from the shared knowledge and experience of a global community of cyber leaders.
A game-changing personal branding program for technical professionals

Stand Out From the Crowd With a Strong Personal Brand (EPB)

The Elevate Your Personal Brand (EPB) program helps technical professionals develop a strong personal brand quickly. This short, intensive, and self-paced course will help you develop, monetize, and sustain an outstanding personal brand
Learn real-world cyber risk management and governance skills from renowned industry leaders

Cyber Skills for Non-Technical Business Leaders (ECRP)

The Executive Cyber Resilience Program (ECRP) has been designed to help non-technical business leaders better understand cyber risk and how it impacts their organization.
For executives in charge of cyber-resilience strategies

Cyber Strategy and Transformational Leadership Skills (CSTP)

The Cyber Strategy and Transformation Program (CSTP) is the ultimate course for senior leaders and project managers responsible for leading cyber strategies and transformation programs across their organizations.
A leadership program for current and aspiring CISOs

Cyber Leadership Program for Experienced Professionals (CLP)

The Cyber Leadership Program (CLP) is an advanced, executive-level program for experienced cyber professionals who want to develop their leadership, executive and board engagement skills and become a leading CISO.

Get our latest insights. Subscribe to our newsletter.