1

Contract Grc Analyst Jobs (NOW HIRING)

Senior GRC Analyst

Palo Alto, CA · On-site

$103K - $136K/yr

... experienced Senior GRC Analyst to strengthen and advance its security governance, risk, and ... Review contracts to ensure security and compliance requirements - including FedRAMP flow-down ...

Protingent Staffing has an exciting contract Senior Cybersecurity GRC Analystwith our client ... Analyze access trends and "over-privileged" accounts to recommend Least Privilege improvements and ...

Experienced or Senior GRC Analyst

Fort Worth, TX · Remote

$84K - $111K/yr

This is a full-time, remote, contract-to-hire position. Top performers move into permanent roles within 6 months. What You Will Do As an Experienced or Senior GRC Analyst at Hotman Group you will ...

OR

$87K - $116K/yr

And whether these firms call them a contract within the government contracting space, an engagement within professional services firms or refer to them as a project within the AEC space, these ...

next page

Showing results 1-20

Contract Grc Analyst information

See salary details

$36.5K

$97.7K

$228.5K

How much do contract grc analyst jobs pay per year?

As of Jul 3, 2026, the average yearly pay for contract grc analyst in the United States is $97,659.00, according to ZipRecruiter salary data. Most workers in this role earn between $55,000.00 and $111,000.00 per year, depending on experience, location, and employer.

What is a Contract GRC Analyst?

A Contract GRC (Governance, Risk, and Compliance) Analyst is a professional who specializes in evaluating, managing, and ensuring compliance with contractual obligations within an organization. They focus on identifying risks, implementing controls, and maintaining adherence to regulatory standards related to contracts. Their work helps organizations avoid legal issues, reduce risk exposure, and maintain good governance practices. Contract GRC Analysts often collaborate with legal, procurement, and compliance teams to ensure contracts meet all internal and external requirements.

What is the difference between Contract Grc Analyst vs Contract Risk Analyst?

AspectContract Grc AnalystContract Risk Analyst
Required CertificationsGRC certifications, such as CISA or CRISCRisk management certifications, like FRM or CRM
Work EnvironmentCorporate compliance, audit, and governance teamsRisk assessment, mitigation, and analysis teams
Employer & Industry UsageFinancial services, healthcare, and tech companiesFinancial institutions, consulting firms, and corporations

Contract Grc Analysts focus on governance, risk, and compliance frameworks within organizations, ensuring adherence to policies and regulations. Contract Risk Analysts primarily evaluate and mitigate potential risks affecting business operations. While both roles involve risk assessment, GRC Analysts emphasize compliance and governance, whereas Risk Analysts concentrate on identifying and managing specific risks. Both roles often require similar certifications and are used across industries like finance and healthcare.

What are some common challenges faced by Contract GRC Analysts when managing third-party risk assessments?

Contract GRC Analysts often encounter challenges such as incomplete or inconsistent documentation from vendors, varying compliance standards, and tight deadlines for contract reviews. Collaborating with cross-functional teams—including legal, procurement, and IT security—can also require strong communication skills to ensure all risk factors are addressed. Staying updated on regulatory requirements and adapting assessment frameworks accordingly is essential for success in this dynamic role.

What are the key skills and qualifications needed to thrive as a Contract GRC Analyst, and why are they important?

To thrive as a Contract GRC Analyst, you need expertise in governance, risk management, and compliance processes, often supported by a bachelor's degree in a related field and experience with contract review. Familiarity with GRC tools like RSA Archer, compliance management systems, and certifications such as CISA or CRISC are highly valued. Strong analytical thinking, attention to detail, and effective communication skills help you interpret complex regulations and collaborate with cross-functional teams. These skills and qualifications ensure robust risk mitigation, regulatory adherence, and efficient contract management within organizations.
More about Contract Grc Analyst jobs
What cities are hiring for Contract Grc Analyst jobs? Cities with the most Contract Grc Analyst job openings:
What are the most commonly searched types of Grc Analyst jobs? The most popular types of Grc Analyst jobs are:
What states have the most Contract Grc Analyst jobs? States with the most job openings for Contract Grc Analyst jobs include:
Infographic showing various Contract Grc Analyst job openings in the United States as of June 2026, with employment types broken down into 96% Full Time, and 4% Contract. Highlights an 76% Physical, 7% Hybrid, and 17% Remote job distribution, with an average salary of $97,659 per year, or $47 per hour.
Senior GRC Analyst

Senior GRC Analyst

Workato

Palo Alto, CA • On-site

$103K - $136K/yr

Full-time

Posted 14 days ago


Job description

About Workato
Workato delivers enterprise infrastructure for the agentic era, redefining iPaaS and helping enterprises unify data, applications, processes, and AI into a single, governed platform. A leader in Enterprise MCP and trusted by 50% of the Fortune 500, Workato's cloud-native architecture connects every application, data source, and process to power real-time orchestration at scale. With enterprise-grade security and continuous innovation at its core, Workato provides the trusted foundation for organizations to automate with confidence and operationalize AI across the business. To learn more, visit www.workato.com
Why join us?
Ultimately, Workato believes in fostering a flexible, trust-oriented culture that empowers everyone to take full ownership of their roles. We are driven by innovation and looking for team players who want to actively build our company.
But, we also believe in balancing productivity with self-care. That's why we offer all of our employees a vibrant and dynamic work environment along with a multitude of benefits they can enjoy inside and outside of their work lives.
If this sounds right up your alley, please submit an application. We look forward to getting to know you!
Also, feel free to check out why:
  • Business Insider named us an "enterprise startup to bet your career on"
  • Forbes' Cloud 100 recognized us as one of the top 100 private cloud companies in the world
  • Deloitte Tech Fast 500 ranked us as the 17th fastest growing tech company in the Bay Area, and 96th in North America
  • Quartz ranked us the #1 best company for remote workers

Responsibilities
Workato is seeking a detail-oriented, driven, and technically experienced Senior GRC Analyst to strengthen and advance its security governance, risk, and compliance (GRC) program - with a primary focus on FedRAMP authorization and ongoing federal compliance operations.
This role will lead FedRAMP readiness, authorization, and continuous monitoring activities in alignment with NIST 800-53 requirements, while also supporting broader compliance frameworks including ISO 27001, NIST 800-171, PCI-DSS, and IRAP. The ideal candidate will bring deep federal compliance expertise combined with strong analytical, communication, and problem-solving skills to evaluate controls, identify gaps, and drive improvements across security domains.
In this role, you will also be responsible for:
  • Leading FedRAMP authorization efforts - including System Security Plan (SSP) development, Security Assessment Report (SAR) review, Plan of Action & Milestones (POA&M) management, and preparation for Third Party Assessment Organization (3PAO) engagements
  • Owning continuous monitoring (ConMon) activities in accordance with FedRAMP requirements, including monthly vulnerability scanning, incident reporting, and annual assessments
  • Maintain and update FedRAMP authorization documentation, including SSP, CIS, CRM, and associated artifacts
  • Lead internal and external audits for frameworks including FedRAMP (NIST 800-53), ISO 27001/27701, PCI-DSS, NIST 800-171, and IRAP
  • Coordinate with process owners, control owners, 3PAOs, and federal agency stakeholders to ensure findings are tracked and remediated
  • Conduct risk assessments, security audits, and third-party/vendor risk reviews with a focus on FedRAMP boundary and supply chain risk
  • Review contracts to ensure security and compliance requirements - including FedRAMP flow-down clauses - are met
  • Identify control gaps and recommend improvements to enhance the organization's federal security posture
  • Communicate FedRAMP requirements, risks, and compliance status clearly to both technical and non-technical stakeholders, including federal agency customers
  • Perform regular user access reviews aligned to least-privilege and FedRAMP AC control requirements
  • Develop and track remediation plans for identified risks and POA&M items
  • Maintain and update the risk register with federal risk considerations
  • Oversee vendor and subservice provider security assurance processes relevant to the FedRAMP authorization boundary
  • Collaborate with engineering, infrastructure, and product teams to design and implement controls aligned with NIST 800-53 baselines
  • Support federal-facing sales and customer success discussions with compliance expertise
  • Explore and leverage AI/automation tools to enhance, streamline, or scale GRC and ConMon workflows
  • Build strong working relationships across departments and with federal agency AOs (Authorizing Officials)
  • Take on additional responsibilities as needed
Requirements
Qualifications / Experience / Technical Skills
  • 8+ years of experience in cybersecurity, audits, risk management, compliance, or remediation
  • Hands-on FedRAMP experience required - including direct involvement in FedRAMP authorization (Moderate or High baseline preferred), SSP authoring, POA&M management, or 3PAO coordination
  • Deep familiarity with NIST 800-53 Rev 5 control families and FedRAMP-specific overlays, guidance, and templates
  • Experience working with cloud platforms such as AWS GovCloud, Azure Government, or Google Cloud (government regions)
  • Proven ability to negotiate and prioritize risk remediation with internal and federal stakeholders
  • Bachelor's degree in Information Systems, Computer Science, Information Security, or a related field
  • Strong understanding of security controls in cloud environments, including boundary definition, encryption, access control, and vulnerability management
  • Familiarity with NIST 800-171 and CMMC as complementary federal frameworks
  • Experience auditing frameworks such as PCI-DSS, SOC 2, and ISO 27001/27701
  • Relevant certifications strongly preferred: CISSP, CISA, FedRAMP-specific training (e.g., FedRAMP PMO courses), or similar
  • Ability to manage multiple priorities independently with minimal supervision
Soft Skills / Personal Characteristics
  • Strong communication skills with the ability to translate federal compliance requirements into technical actions and executive-level summaries
  • High energy and adaptability in a fast-paced, high-stakes compliance environment
  • Strong collaboration and knowledge-sharing mindset across engineering, legal, and customer-facing teams
  • Excellent time management and organizational skills - particularly for managing concurrent ConMon and audit cycles
  • High attention to detail, integrity, and ethical standards consistent with handling federal data and programs
  • Willingness to learn and take on new challenges as Workato's federal footprint grows
Nice to Have
  • This position requires overlap with U.S. Pacific Time (PST) working hours.
  • Strong hands-on experience with FedRAMP, NIST 800-53, ISO 27001, NIST 800-171, PCI-DSS, SOC 2, and potentially IRAP is required.
  • May involve some international travel.
  • Must be eligible to work on U.S. federal government-related programs; ability to obtain or support federal security clearance processes is a plus.

(REQ ID: 2761)
#LI-NJ1