1

Compliance Risk Analyst Jobs in California (NOW HIRING)

Third-Party Risk Analyst I (IT/Technology Department) Location/Map ๐Ÿ“ : Los Angeles, CA (90071 ... Experience reviewing vendor compliance documentation, including SOC 2 Type II reports, ISO 27001 ...

Our culture in Risk Management and Compliance is all about thinking outside the box, challenging the status quo and striving to be best-in-class. Are you passionate about data and analytics? Do you ...

Director, Compliance Risk

Irvine, CA ยท On-site +1

$145K - $195K/yr

RESPONSIBILITIES Compliance Program Leadership * Lead the design, enhancement, and ongoing ... Powerful analytical, problem-solving, risk assessment and critical thinking skills with excellent ...

Director, Compliance Risk

Irvine, CA ยท On-site

$145K - $195K/yr

RESPONSIBILITIES Compliance Program Leadership * Lead the design, enhancement, and ongoing ... Powerful analytical, problem-solving, risk assessment and critical thinking skills with excellent ...

Director, Compliance Risk

Santa Clara, CA ยท On-site

$145K - $195K/yr

RESPONSIBILITIES Compliance Program Leadership * Lead the design, enhancement, and ongoing ... Powerful analytical, problem-solving, risk assessment and critical thinking skills with excellent ...

Director, Compliance Risk

San Francisco, CA ยท On-site +1

$145K - $195K/yr

RESPONSIBILITIES Compliance Program Leadership * Lead the design, enhancement, and ongoing ... Powerful analytical, problem-solving, risk assessment and critical thinking skills with excellent ...

Director, Compliance Risk

San Francisco, CA ยท On-site

$145K - $195K/yr

RESPONSIBILITIES Compliance Program Leadership * Lead the design, enhancement, and ongoing ... Powerful analytical, problem-solving, risk assessment and critical thinking skills with excellent ...

Director, Compliance Risk

Santa Clara, CA ยท On-site +1

$145K - $195K/yr

RESPONSIBILITIES Compliance Program Leadership * Lead the design, enhancement, and ongoing ... Powerful analytical, problem-solving, risk assessment and critical thinking skills with excellent ...

Risk Analyst

San Diego, CA ยท On-site

$70K - $88K/yr

Provide independent analysis and reporting of commodity positions and market price exposures to ensure compliance with company policy/guidelines and alignment with management risk appetite.

Risk Analyst

San Diego, CA ยท On-site

$70K - $88K/yr

Provide independent analysis and reporting of commodity positions and market price exposures to ensure compliance with company policy/guidelines and alignment with management risk appetite.

The Compliance Assessor of IT Risk & Compliance Management performs Security Risk Assessments on DIRECTV's 3rd party vendors. An assesment would typically involve the following tasks: Communicating ...

Sr. Risk Analyst

Vacaville, CA ยท On-site

$98K - $121K/yr

The Risk Analyst works cross functionally with a diverse set of stakeholders from the business as well as shared services functions ensuring compliance with regulatory standards while improving fraud ...

IT Risk Analyst

San Diego, CA ยท On-site

$79K - $102K/yr

Position Summary The position of IT Risk Analyst is responsible for participating in IT compliance and risk management initiatives. The candidate should demonstrate a basic understanding of IT risk, ...

Model Risk Analyst

Irvine, CA ยท On-site

$85K - $95K/yr

Sunflower Bank is seeking a Model Risk Analyst to join its Enterprise Risk Management Department ... policy, and compliant with regulatory standards (e.g., SR 26-2). Primary Responsibilities

Model Risk Analyst

Irvine, CA ยท On-site

$85K - $95K/yr

Sunflower Bank is seeking a Model Risk Analyst to join its Enterprise Risk Management Department ... policy, and compliant with regulatory standards (e.g., SR 26-2). Primary Responsibilities

Model Risk Analyst

Irvine, CA ยท Hybrid

$85K - $95K/yr

Sunflower Bank is seeking a Model Risk Analyst to join its Enterprise Risk Management Department ... policy, and compliant with regulatory standards (e.g., SR 26-2). Primary Responsibilities

next page

Showing results 1-20

Compliance Risk Analyst information

What are the key skills and qualifications needed to thrive as a Compliance Risk Analyst, and why are they important?

To excel as a Compliance Risk Analyst, you need a solid understanding of regulatory frameworks, risk assessment methodologies, and a degree in finance, law, or a related field. Familiarity with compliance management software, data analytics tools, and industry certifications such as CRCM or CAMS is often required. Strong analytical thinking, attention to detail, and effective communication skills help distinguish top performers in this role. These competencies are vital for identifying, mitigating, and reporting risks to ensure an organization operates within legal and regulatory boundaries.

What qualifications do I need to be a compliance analyst?

A compliance risk analyst typically needs a bachelor's degree in finance, law, business, or a related field. Relevant skills include knowledge of regulations, risk assessment, and data analysis, often supported by certifications such as Certified Compliance & Ethics Professional (CCEP) or Certified Regulatory Compliance Manager (CRCM). Experience in auditing, legal compliance, or financial services can also be beneficial.

What are some common challenges Compliance Risk Analysts face when working with cross-functional teams?

Compliance Risk Analysts often collaborate with departments like legal, finance, and operations to ensure organizational policies align with regulatory requirements. A common challenge is bridging knowledge gaps, as not all team members may be familiar with compliance regulations or risk assessment methodologies. Effective communication and the ability to translate complex compliance concepts into practical guidance are essential. Building strong relationships and fostering a culture of compliance across teams helps overcome these challenges and supports successful risk mitigation.

What are Compliance Risk Analysts?

Compliance Risk Analysts are professionals who help organizations identify, assess, and manage regulatory and compliance risks. They monitor business activities to ensure adherence to laws, regulations, and internal policies, and they conduct risk assessments to identify areas of potential non-compliance. Their role often involves developing and implementing compliance programs, providing training for staff, and preparing reports for management and regulatory agencies. By proactively managing compliance risks, they help protect organizations from legal penalties and reputational damage.

Will compliance be replaced by AI?

Compliance Risk Analysts use AI tools to automate routine tasks like data analysis and monitoring, but AI is unlikely to fully replace the role due to the need for human judgment, ethical considerations, and understanding complex regulations. Professionals in this field will continue to interpret AI outputs and ensure regulatory adherence, often requiring certifications and strong analytical skills.

Is risk analyst an entry-level job?

A risk analyst position can be entry-level or require some experience, depending on the company and industry. Entry-level risk analyst roles typically require a bachelor's degree in finance, economics, or a related field, and may involve training on risk assessment tools and data analysis. More advanced roles may require prior experience or professional certifications such as FRM or CRM.

What is the difference between Compliance Risk Analyst vs Compliance Analyst?

AspectCompliance Risk AnalystCompliance Analyst
Required CredentialsBachelor's degree, certifications like CRCM or CCEP often preferredBachelor's degree, similar certifications may be advantageous
Work EnvironmentFinancial institutions, healthcare, or regulated industriesCorporate compliance departments across various industries
Employer & Industry UsageUsed in banking, finance, healthcare, and legal sectorsCommon in corporate, legal, and regulatory compliance roles

The Compliance Risk Analyst focuses on identifying and managing compliance risks within organizations, often involving risk assessments and mitigation strategies. In contrast, the Compliance Analyst primarily ensures adherence to regulations and policies. While both roles require similar credentials and work in regulated environments, the Compliance Risk Analyst emphasizes risk management, whereas the Compliance Analyst concentrates on compliance monitoring and reporting.

What does a risk compliance analyst do?

A risk compliance analyst evaluates an organization's adherence to laws, regulations, and internal policies to identify potential compliance risks. They review policies, conduct audits, and recommend corrective actions, often using tools like compliance management software. Strong analytical skills and knowledge of industry regulations are essential for this role.
What job categories do people searching Compliance Risk Analyst jobs in California look for? The top searched job categories for Compliance Risk Analyst jobs in California are:
Infographic showing various Compliance Risk Analyst job openings in California as of July 2026, with employment types broken down into 1% Locum Tenens, 1% Internship, 83% Full Time, 8% Part Time, 2% Temporary, and 5% Contract. Highlights an 82% Physical, 5% Hybrid, and 13% Remote job distribution.

Risk Analyst

D3 Search

Los Angeles, CA โ€ข On-site

Other

Medical, PTO

Posted 13 days ago


Job description

D3 Search is seeking a Third-Party Risk Analyst I (IT/Technology Dept.) on behalf of a highly respected AMLAW ranked global law practice located in downtown Los Angeles, CA (90071).


Position Title๐ŸŽฏ:

Third-Party Risk Analyst I (IT/Technology Department)


Location/Map๐Ÿ“:

Los Angeles, CA (90071)


Employer Work Model:

100% fully remote work model.

  • IMPORTANT NOTE: Must reside within a commutable distance to downtown Los Angeles, CA (90071).


Position Summary๐Ÿ“’:

The Third-Party Risk Analyst I is a member of the IT/Technology Security Team responsible for conducting technical security assessments of the firmโ€™s third-party vendors, with a focus on SaaS security, cloud security configurations, API security, DevSecOps maturity, and encryption management. The Analyst shall ensure that the firmโ€™s third-party vendors meet or exceed the firmโ€™s security requirements, client obligations, and industry best practices for modern cloud-based and software-driven environments. The position is also responsible for helping the IT Security Team protect the confidentiality, integrity, and availability of firm systems and data.


Key Duties & Responsibilities๐Ÿ—:

  • Conduct in-depth technical security assessments of third-party SaaS platforms, cloud infrastructure (AWS, Azure, GCP), and hosted services, evaluating architecture, access controls, data segregation, and encryption implementation.
  • Review and assess vendor security documentation against industry frameworks (CIS Benchmarks, NIST, ISO 27001) and assurance reports (e.g., SOC 2 Type II), aligning findings to the firm's internal security requirements.
  • Evaluate and triage vendor security findings from external risk rating platforms, distinguishing true risks from false positives to support informed, risk-based decisions.
  • Evaluate vendor IAM configurations, including SSO/SAML integration, SCIM provisioning, role-based access controls, and privileged access management.
  • Evaluate vendor API security practices, including authentication mechanisms (OAuth2.0, mutual TLS), rate limiting, input validation, and secure data transmission protocols.
  • Review vendor encryption management practices, including key management lifecycle, encryption at rest and in transit standards, certificate management, and cryptographic algorithm compliance.
  • Assess vendor data residency, sovereignty, and cross-border transfer mechanisms to ensure compliance with applicable regulatory frameworks (GDPR, CCPA, PIPEDA).
  • Analyze vendor penetration test reports, vulnerability scan results, and bug bounty program outcomes to identify residual risk exposure.
  • Assess vendor DevSecOps maturity, including secure SDLC practices, CI/CD pipeline security controls, container security, infrastructure-as-code scanning, and software composition analysis.
  • Review vendor incident response capabilities, including detection and response SLAs, breach notification commitments, and forensic investigation support.
  • Monitor and track issued findings, gaps, exceptions, and mitigation plans through to timely remediation.
  • Track and analyze third-party risk metrics and technical risk indicators to determine vendor risk rankings and potential risk exposure.
  • Prepare technical risk reports and presentations for firm leadership on significant third-party security risks and trends.
  • Investigate and respond to third-party security incidents, following established incident handling playbooks.
  • Review and provide technical input on security and data protection terms in third-party vendor and client contracts, with emphasis on technical security requirements and SLAs.
  • Review and respond to client security questionnaires with technical specificity.
  • Support the IT Security Team in responding to client security audits.
  • Review and advise firm stakeholders on client outside counsel guidelines and manage client special data handling provisions.
  • Collaborate with IT Security Engineers on technical validation of vendor security claims and configurations.
  • Continually improve the firm's vendor risk assessment methodology and processes, tools, and procedures to address emerging cloud and SaaS threat vectors and industry best practices.
  • Stay current on cloud security trends, SaaS security frameworks, API threat landscapes, and evolving third-party risk management standards.


Background/Requirements๐Ÿ’ก:

  • Bachelorโ€™s Degree in Computer Science, Information Technology, Cybersecurity, or a related field, or at least 3 years of work experience in a technical security role within a large enterprise or professional services firm.
  • Demonstrated hands-on experience evaluating cloud security architectures (AWS, Azure, or GCP), including infrastructure configurations, network segmentation, and identity management.
  • Experience assessing SaaS application security, including multi-tenancy isolation, data encryption, and integration security.
  • Working knowledge of API security principles, including REST/GraphQL security, authentication protocols, and secure data exchange patterns.
  • Familiarity with DevSecOps concepts, including CI/CD pipeline security, container orchestration security, and software supply chain risk.
  • Experience reviewing vendor compliance documentation, including SOC 2 Type II reports, ISO 27001 certificates, and penetration test summaries.
  • CCSP, CCSK, Security+, CISSP, CISA, CTPRP,CRISC, CIPP or other equivalent certifications.
  • Demonstrated hands-on experience evaluating cloud security architectures (AWS, Azure, or GCP), including infrastructure configurations, network segmentation, and identity management.
  • CISA, CTPRP, CISSP or other equivalent security certifications.
  • Experience in third party vendor management process.
  • Experience in contract and compliance documentation review.
  • Experience in managing client security relationships.
  • Ability to communicate complex technical information to non-technical, technical, and managerial audiences both written and orally.
  • Ability to perform due diligence and act with due care in support of the firmโ€™s Information Security Program.
  • Ability to quickly respond and act when faced with high pressure situations.
  • Skill in customer relations with vendors and internal users, critically reviewing statements of work, contracts, and ability to negotiate pricing and agreements optimal to the firm.
  • Excellent communication and organizational skills, including the ability to interact effectively with a diverse range of personnel in a calm and professional manner at all times, particularly under pressure.
  • Excellent time management, prioritization and organizational skills, including the ability to manage multiple assignments simultaneously, take ownership, and effectively execute deliverables in a fast-paced and high-pressure environment.


Salary๐Ÿ’ฐ/Compensation/Benefits:

Yearly salary is up to 140K ~ DOQ including a and a comprehensive and robust health benefits package, generous PTO, fully remote work model, annual salary reviews/increases and lucrative bonuses, and many other notable employee-centered perks, etc.


If interested in this Third-Party Risk Analyst I (IT/Technology Dept.) role located in downtown Los Angeles, CA (90071), and you meet the above qualifications/requirements, please contact the following D3 rep.:


Domenic Ferrante ~ D3 Search

๐Ÿ“ฌdomenic@d3search.com | โ˜Ž๏ธ 213-785-2485

๐Ÿ“ก www.d3search.com


D3 Legal Search LLC (aka D3 Search), and its clients are equal opportunity employers. Pursuant to local ordinances, we will consider qualified applicants with criminal histories in a manner consistent with the requirements of the Fair Chance Initiative for Hiring Ordinance.