1

Compliance And Risk Analyst Jobs (NOW HIRING)

Third-Party Risk Analyst I (IT/Technology Department) Location/Map 📍 : Los Angeles, CA (90071 ... Experience reviewing vendor compliance documentation, including SOC 2 Type II reports, ISO 27001 ...

Overview The Compliance and Risk Analyst assists the IT Program Manager in the registration of all Application and Database Management Systems (DADMS) for inclusion into the investment portfolio.

Administer and manage TDX task tracking workflows. 5% - Office of Audit, Risk, and Compliance ... The Risk Analyst works directly with the Insurance and Risk Management Director and others to ...

Solid understanding and demonstrable experience in self assessments and compliance monitoring ... Risk Management principles and governance framework * Excellent reasoning and analytical skills

The Risk Analyst administers critical elements of insurance programs including day-to-day ... to ensure contractual compliance. Notify appropriate parties of deficiencies as appropriate

The Risk Analyst is responsible for reconciling, analyzing, and reporting the middle office P&L and ... ensures compliance of control policies and procedures · Fields and responds to inquiries from ...

The Risk Analyst is responsible for reconciling, analyzing, and reporting the middle office P&L and ... ensures compliance of control policies and procedures • Fields and responds to inquiries from ...

Background as a Compliance Analyst, Risk Analyst, Legal Operations professional, or Paralegal preferred. * Experience managing projects and driving process improvements. * Strong analytical ...

... document Basel compliant methodologies, keeping recent regulatory capital rules and business ... risk data and metrics - Quantitative/analytical background (e.g. finance, accounting, mathematics ...

Risk Analyst

New York, NY · On-site

$75K - $95K/yr

... document Basel compliant methodologies, keeping recent regulatory capital rules and business ... risk data and metrics - Quantitative/analytical background (e.g. finance, accounting, mathematics ...

The Risk Analyst administers critical elements of insurance programs including day-to-day ... to ensure contractual compliance. Notify appropriate parties of deficiencies as appropriate

next page

Showing results 1-20

Compliance And Risk Analyst information

See salary details

$15

$35

$56

How much do compliance and risk analyst jobs pay per hour?

As of Jul 7, 2026, the average hourly pay for compliance and risk analyst in the United States is $35.03, according to ZipRecruiter salary data. Most workers in this role earn between $27.64 and $39.42 per hour, depending on experience, location, and employer.

Will compliance be replaced by AI?

Compliance and Risk Analysts use AI tools to automate routine tasks like data analysis and monitoring, but AI is not expected to fully replace the role. Human judgment remains essential for interpreting complex regulations and making nuanced decisions. Professionals in this field often need skills in data analysis, regulatory knowledge, and familiarity with compliance software.

Is risk and compliance a good career?

A career as a Compliance and Risk Analyst offers opportunities in industries such as finance, healthcare, and technology, focusing on regulatory adherence and risk management. It typically requires strong analytical skills, attention to detail, and knowledge of relevant laws and standards, with certifications like CRCM or CFE often beneficial. The role can provide stable employment and advancement prospects in organizations prioritizing compliance.

How does a Compliance and Risk Analyst typically collaborate with other departments within an organization?

A Compliance and Risk Analyst regularly works with teams such as Legal, Finance, Operations, and IT to ensure that company policies and procedures comply with regulations and manage potential risks. This collaboration often involves conducting risk assessments, reviewing new business initiatives, and helping to develop and implement internal controls. Open communication and cross-functional teamwork are crucial, as the analyst must gather information, address potential compliance issues, and provide training or guidance across various departments. These interactions help foster a culture of compliance and proactive risk management throughout the organization.

How much does risk and compliance make?

The average salary for a Compliance and Risk Analyst typically ranges from $60,000 to $90,000 annually, depending on experience, location, and industry. Professionals with certifications like CRCM or CCEP and strong analytical skills tend to earn higher salaries, especially in financial services and regulated industries.

What does a risk compliance analyst do?

A risk compliance analyst evaluates an organization's adherence to laws, regulations, and internal policies to identify potential risks and ensure compliance. They analyze data, prepare reports, and recommend corrective actions, often using compliance management tools and industry standards to mitigate legal and financial risks.

What are Compliance and Risk Analysts?

Compliance and Risk Analysts are professionals who help organizations ensure they are following laws, regulations, and internal policies. They identify potential risks that could affect the company’s reputation, finances, or operations and develop strategies to minimize those risks. Their work often includes monitoring activities, conducting audits, and providing recommendations to improve compliance and risk management. Compliance and Risk Analysts play a crucial role in protecting organizations from legal issues and financial losses.

What are the key skills and qualifications needed to thrive as a Compliance and Risk Analyst, and why are they important?

To thrive as a Compliance and Risk Analyst, you need a solid understanding of regulatory frameworks, risk management principles, and data analysis, often supported by a relevant degree such as finance, law, or business. Familiarity with compliance management software, risk assessment tools, and certifications like CRCM or CAMS is highly valuable. Attention to detail, critical thinking, and strong communication skills help you effectively identify issues and collaborate with various stakeholders. These skills ensure organizations remain compliant, mitigate risks, and maintain integrity in a constantly evolving regulatory environment.

What is the difference between Compliance And Risk Analyst vs Compliance Officer?

AspectCompliance And Risk AnalystCompliance Officer
CertificationsCertified Risk and Compliance Management Professional (CRCMP), Certified Compliance & Ethics Professional (CCEP)CRCMP, CCEP, Certified Regulatory Compliance Manager (CRCM)
Work EnvironmentFinancial institutions, corporations, consulting firmsFinancial services, healthcare, corporate compliance departments
Primary FocusIdentifying and analyzing risks, developing risk mitigation strategiesEnsuring organizational compliance with laws and regulations
Common TasksRisk assessments, policy development, compliance reportingPolicy implementation, audits, training staff

While both roles focus on compliance, the Compliance And Risk Analyst emphasizes risk assessment and mitigation strategies, whereas the Compliance Officer concentrates on ensuring adherence to regulations and policies. Both roles often collaborate but serve distinct functions within organizations.

More about Compliance And Risk Analyst jobs
What cities are hiring for Compliance And Risk Analyst jobs? Cities with the most Compliance And Risk Analyst job openings:
What states have the most Compliance And Risk Analyst jobs? States with the most job openings for Compliance And Risk Analyst jobs include:
What job categories do people searching Compliance And Risk Analyst jobs look for? The top searched job categories for Compliance And Risk Analyst jobs are:
Infographic showing various Compliance And Risk Analyst job openings in the United States as of July 2026, with employment types broken down into 1% Locum Tenens, 1% Internship, 86% Full Time, 6% Part Time, 1% Temporary, and 5% Contract. Highlights an 82% Physical, 5% Hybrid, and 13% Remote job distribution, with an average salary of $72,853 per year, or $35 per hour.

Risk Analyst

D3 Search

Los Angeles, CA • On-site

Other

Medical, PTO

Posted 5 days ago


Job description

D3 Search is seeking a Third-Party Risk Analyst I (IT/Technology Dept.) on behalf of a highly respected AMLAW ranked global law practice located in downtown Los Angeles, CA (90071).


Position Title🎯:

Third-Party Risk Analyst I (IT/Technology Department)


Location/Map📍:

Los Angeles, CA (90071)


Employer Work Model:

100% fully remote work model.

  • IMPORTANT NOTE: Must reside within a commutable distance to downtown Los Angeles, CA (90071).


Position Summary📒:

The Third-Party Risk Analyst I is a member of the IT/Technology Security Team responsible for conducting technical security assessments of the firm’s third-party vendors, with a focus on SaaS security, cloud security configurations, API security, DevSecOps maturity, and encryption management. The Analyst shall ensure that the firm’s third-party vendors meet or exceed the firm’s security requirements, client obligations, and industry best practices for modern cloud-based and software-driven environments. The position is also responsible for helping the IT Security Team protect the confidentiality, integrity, and availability of firm systems and data.


Key Duties & Responsibilities🗝:

  • Conduct in-depth technical security assessments of third-party SaaS platforms, cloud infrastructure (AWS, Azure, GCP), and hosted services, evaluating architecture, access controls, data segregation, and encryption implementation.
  • Review and assess vendor security documentation against industry frameworks (CIS Benchmarks, NIST, ISO 27001) and assurance reports (e.g., SOC 2 Type II), aligning findings to the firm's internal security requirements.
  • Evaluate and triage vendor security findings from external risk rating platforms, distinguishing true risks from false positives to support informed, risk-based decisions.
  • Evaluate vendor IAM configurations, including SSO/SAML integration, SCIM provisioning, role-based access controls, and privileged access management.
  • Evaluate vendor API security practices, including authentication mechanisms (OAuth2.0, mutual TLS), rate limiting, input validation, and secure data transmission protocols.
  • Review vendor encryption management practices, including key management lifecycle, encryption at rest and in transit standards, certificate management, and cryptographic algorithm compliance.
  • Assess vendor data residency, sovereignty, and cross-border transfer mechanisms to ensure compliance with applicable regulatory frameworks (GDPR, CCPA, PIPEDA).
  • Analyze vendor penetration test reports, vulnerability scan results, and bug bounty program outcomes to identify residual risk exposure.
  • Assess vendor DevSecOps maturity, including secure SDLC practices, CI/CD pipeline security controls, container security, infrastructure-as-code scanning, and software composition analysis.
  • Review vendor incident response capabilities, including detection and response SLAs, breach notification commitments, and forensic investigation support.
  • Monitor and track issued findings, gaps, exceptions, and mitigation plans through to timely remediation.
  • Track and analyze third-party risk metrics and technical risk indicators to determine vendor risk rankings and potential risk exposure.
  • Prepare technical risk reports and presentations for firm leadership on significant third-party security risks and trends.
  • Investigate and respond to third-party security incidents, following established incident handling playbooks.
  • Review and provide technical input on security and data protection terms in third-party vendor and client contracts, with emphasis on technical security requirements and SLAs.
  • Review and respond to client security questionnaires with technical specificity.
  • Support the IT Security Team in responding to client security audits.
  • Review and advise firm stakeholders on client outside counsel guidelines and manage client special data handling provisions.
  • Collaborate with IT Security Engineers on technical validation of vendor security claims and configurations.
  • Continually improve the firm's vendor risk assessment methodology and processes, tools, and procedures to address emerging cloud and SaaS threat vectors and industry best practices.
  • Stay current on cloud security trends, SaaS security frameworks, API threat landscapes, and evolving third-party risk management standards.


Background/Requirements💡:

  • Bachelor’s Degree in Computer Science, Information Technology, Cybersecurity, or a related field, or at least 3 years of work experience in a technical security role within a large enterprise or professional services firm.
  • Demonstrated hands-on experience evaluating cloud security architectures (AWS, Azure, or GCP), including infrastructure configurations, network segmentation, and identity management.
  • Experience assessing SaaS application security, including multi-tenancy isolation, data encryption, and integration security.
  • Working knowledge of API security principles, including REST/GraphQL security, authentication protocols, and secure data exchange patterns.
  • Familiarity with DevSecOps concepts, including CI/CD pipeline security, container orchestration security, and software supply chain risk.
  • Experience reviewing vendor compliance documentation, including SOC 2 Type II reports, ISO 27001 certificates, and penetration test summaries.
  • CCSP, CCSK, Security+, CISSP, CISA, CTPRP,CRISC, CIPP or other equivalent certifications.
  • Demonstrated hands-on experience evaluating cloud security architectures (AWS, Azure, or GCP), including infrastructure configurations, network segmentation, and identity management.
  • CISA, CTPRP, CISSP or other equivalent security certifications.
  • Experience in third party vendor management process.
  • Experience in contract and compliance documentation review.
  • Experience in managing client security relationships.
  • Ability to communicate complex technical information to non-technical, technical, and managerial audiences both written and orally.
  • Ability to perform due diligence and act with due care in support of the firm’s Information Security Program.
  • Ability to quickly respond and act when faced with high pressure situations.
  • Skill in customer relations with vendors and internal users, critically reviewing statements of work, contracts, and ability to negotiate pricing and agreements optimal to the firm.
  • Excellent communication and organizational skills, including the ability to interact effectively with a diverse range of personnel in a calm and professional manner at all times, particularly under pressure.
  • Excellent time management, prioritization and organizational skills, including the ability to manage multiple assignments simultaneously, take ownership, and effectively execute deliverables in a fast-paced and high-pressure environment.


Salary💰/Compensation/Benefits:

Yearly salary is up to 140K ~ DOQ including a and a comprehensive and robust health benefits package, generous PTO, fully remote work model, annual salary reviews/increases and lucrative bonuses, and many other notable employee-centered perks, etc.


If interested in this Third-Party Risk Analyst I (IT/Technology Dept.) role located in downtown Los Angeles, CA (90071), and you meet the above qualifications/requirements, please contact the following D3 rep.:


Domenic Ferrante ~ D3 Search

📬domenic@d3search.com | ☎️ 213-785-2485

📡 www.d3search.com


D3 Legal Search LLC (aka D3 Search), and its clients are equal opportunity employers. Pursuant to local ordinances, we will consider qualified applicants with criminal histories in a manner consistent with the requirements of the Fair Chance Initiative for Hiring Ordinance.