Senior GRC Analyst
Phoenix, AZ · On-site
The Sr. GRC Analyst will also assume ownership of Human Risk Management (HRM) including the ... timing of cyber awareness communications, events, and content delivery * Conducts regular ...
Senior GRC Analyst
Phoenix, AZ · On-site
The Sr. GRC Analyst will also assume ownership of Human Risk Management (HRM) including the ... timing of cyber awareness communications, events, and content delivery * Conducts regular ...
The Sr. GRC Analyst will also assume ownership of Human Risk Management (HRM) including the ... timing of cyber awareness communications, events, and content delivery * Conducts regular ...
The Sr. GRC Analyst will also assume ownership of Human Risk Management (HRM) including the ... timing of cyber awareness communications, events, and content delivery * Conducts regular ...
Senior GRC Analyst
Phoenix, AZ · On-site
The Sr. GRC Analyst will also assume ownership of Human Risk Management (HRM) including the ... timing of cyber awareness communications, events, and content delivery * Conducts regular ...
Senior GRC Analyst
Phoenix, AZ · On-site
The Sr. GRC Analyst will also assume ownership of Human Risk Management (HRM) including the ... timing of cyber awareness communications, events, and content delivery * Conducts regular ...
The Sr. GRC Analyst will also assume ownership of Human Risk Management (HRM) including the ... timing of cyber awareness communications, events, and content delivery * Conducts regular ...
The Sr. GRC Analyst will also assume ownership of Human Risk Management (HRM) including the ... timing of cyber awareness communications, events, and content delivery * Conducts regular ...
Senior GRC Analyst
Saint Louis, MO · On-site
The Sr. GRC Analyst will also assume ownership of Human Risk Management (HRM) including the ... timing of cyber awareness communications, events, and content delivery * Conducts regular ...
Senior GRC Analyst
Saint Louis, MO · On-site
The Sr. GRC Analyst will also assume ownership of Human Risk Management (HRM) including the ... timing of cyber awareness communications, events, and content delivery * Conducts regular ...
The Sr. GRC Analyst will also assume ownership of Human Risk Management (HRM) including the ... timing of cyber awareness communications, events, and content delivery * Conducts regular ...
The Sr. GRC Analyst will also assume ownership of Human Risk Management (HRM) including the ... timing of cyber awareness communications, events, and content delivery * Conducts regular ...
The Sr. GRC Analyst will also assume ownership of Human Risk Management (HRM) including the ... timing of cyber awareness communications, events, and content delivery * Conducts regular ...
The Sr. GRC Analyst will also assume ownership of Human Risk Management (HRM) including the ... timing of cyber awareness communications, events, and content delivery * Conducts regular ...
Cyber GRC Risk Analyst At BNY, our culture allows us to run our company better and enables employees' growth and success. As a leading global financial services company at the heart of the global ...
Cyber GRC Risk Analyst At BNY, our culture allows us to run our company better and enables employees' growth and success. As a leading global financial services company at the heart of the global ...
GRC Analyst
New York, NY · On-site
The Role Rogo is hiring a GRC Analyst to support our customer trust, security assurance, and ... AI Act, UK Cyber Essentials, and GDPR, including evidence collection and audit readiness.
GRC Analyst
New York, NY · On-site
The Role Rogo is hiring a GRC Analyst to support our customer trust, security assurance, and ... AI Act, UK Cyber Essentials, and GDPR, including evidence collection and audit readiness.
GRC Analyst
$62K - $87K/yr
Position Summary The GRC Analyst is responsible for ensuring that Busey Bank implements, manages ... Security (CIS), Cyber Risk Institute (CRI), or NIST. * Document risks, recommend mitigation ...
GRC Analyst
$62K - $87K/yr
Position Summary The GRC Analyst is responsible for ensuring that Busey Bank implements, manages ... Security (CIS), Cyber Risk Institute (CRI), or NIST. * Document risks, recommend mitigation ...
GRC Analyst
$62K - $87K/yr
Position Summary The GRC Analyst is responsible for ensuring that Busey Bank implements, manages ... Security (CIS), Cyber Risk Institute (CRI), or NIST. * Document risks, recommend mitigation ...
GRC Analyst
$62K - $87K/yr
Position Summary The GRC Analyst is responsible for ensuring that Busey Bank implements, manages ... Security (CIS), Cyber Risk Institute (CRI), or NIST. * Document risks, recommend mitigation ...
Senior GRC Analyst
Phoenix, AZ · On-site
The Senior GRC Analyst will focus on identifying and managing human and third-party risks, ensuring ... timing of cyber awareness communications, events, and content delivery • Conducts regular ...
Senior GRC Analyst
Phoenix, AZ · On-site
The Senior GRC Analyst will focus on identifying and managing human and third-party risks, ensuring ... timing of cyber awareness communications, events, and content delivery • Conducts regular ...
The IT GRC Analyst operates within the enterprise Cybersecurity Operations function and supports ... Serve as liaison between internal IT/IS/Cyber teams and Enterprise Risk and Audit to facilitate ...
The IT GRC Analyst operates within the enterprise Cybersecurity Operations function and supports ... Serve as liaison between internal IT/IS/Cyber teams and Enterprise Risk and Audit to facilitate ...
Overview The IT GRC Analyst operates within the enterprise Cybersecurity Operations function and ... Serve as liaison between internal IT/IS/Cyber teams and Enterprise Risk and Audit to facilitate ...
New
Overview The IT GRC Analyst operates within the enterprise Cybersecurity Operations function and ... Serve as liaison between internal IT/IS/Cyber teams and Enterprise Risk and Audit to facilitate ...
New
Overview The IT GRC Analyst operates within the enterprise Cybersecurity Operations function and ... Serve as liaison between internal IT/IS/Cyber teams and Enterprise Risk and Audit to facilitate ...
Overview The IT GRC Analyst operates within the enterprise Cybersecurity Operations function and ... Serve as liaison between internal IT/IS/Cyber teams and Enterprise Risk and Audit to facilitate ...
Overview The IT GRC Analyst operates within the enterprise Cybersecurity Operations function and ... Serve as liaison between internal IT/IS/Cyber teams and Enterprise Risk and Audit to facilitate ...
Overview The IT GRC Analyst operates within the enterprise Cybersecurity Operations function and ... Serve as liaison between internal IT/IS/Cyber teams and Enterprise Risk and Audit to facilitate ...
Security GRC Analyst
San Francisco, CA · On-site
$137K - $183K/yr
Have a working proficiency with at least one enterprise GRC or TPRM platform: AuditBoard, Vanta ... Experience with standard cyber controls frameworks, including CIS Controls v8, NIST Cyber Security ...
Security GRC Analyst
San Francisco, CA · On-site
$137K - $183K/yr
Have a working proficiency with at least one enterprise GRC or TPRM platform: AuditBoard, Vanta ... Experience with standard cyber controls frameworks, including CIS Controls v8, NIST Cyber Security ...
Governance, Risk & Compliance Analyst II
$85K - $100K/yr
The GRC Analyst role(s) will be responsible for the implementation, operation, and maintenance of ... Reports directly to the Director - Cyber Risk and Privacy SUPERVISION EXERCISED: N/A ESSENTIAL ...
Governance, Risk & Compliance Analyst II
$85K - $100K/yr
The GRC Analyst role(s) will be responsible for the implementation, operation, and maintenance of ... Reports directly to the Director - Cyber Risk and Privacy SUPERVISION EXERCISED: N/A ESSENTIAL ...
Governance, Risk & Compliance Analyst II
$85K - $100K/yr
The GRC Analyst role(s) will be responsible for the implementation, operation, and maintenance of ... Reports directly to the Director - Cyber Risk and Privacy SUPERVISION EXERCISED: N/A ESSENTIAL ...
Quick apply
Governance, Risk & Compliance Analyst II
$85K - $100K/yr
The GRC Analyst role(s) will be responsible for the implementation, operation, and maintenance of ... Reports directly to the Director - Cyber Risk and Privacy SUPERVISION EXERCISED: N/A ESSENTIAL ...
Athene is seeking a Sr. Governance, Risk & Compliance (GRC) Analyst to help strengthen and evolve ... Coordinate and facilitate cyber incident response exercises, disaster recovery activities, and ...
Athene is seeking a Sr. Governance, Risk & Compliance (GRC) Analyst to help strengthen and evolve ... Coordinate and facilitate cyber incident response exercises, disaster recovery activities, and ...
Cyber Grc Analyst information
See salary details
$34K - $46.9K
4% of jobs
$46.9K - $59.8K
0% of jobs
$59.8K - $72.7K
4% of jobs
$72.7K - $85.6K
7% of jobs
$96.2K is the 25th percentile. Wages below this are outliers.
$85.6K - $98.5K
11% of jobs
$98.5K - $111.5K
5% of jobs
The median wage is $116.7K / yr.
$111.5K - $124.4K
44% of jobs
$124.4K - $137.3K
10% of jobs
$137.3K - $150.2K
11% of jobs
$150.2K - $163.1K
2% of jobs
$163.1K - $176K
0% of jobs
$34K
$112.9K
$176K
How much do cyber grc analyst jobs pay per year?
As of Jun 11, 2026, the average yearly pay for cyber grc analyst in the United States is $112,871.00, according to ZipRecruiter salary data. Most workers in this role earn between $91,500.00 and $130,000.00 per year, depending on experience, location, and employer.
What is a Cyber GRC Analyst?
A Cyber GRC (Governance, Risk, and Compliance) Analyst is a cybersecurity professional who helps organizations manage and reduce information security risks while ensuring adherence to regulatory and industry standards. They are responsible for developing, implementing, and maintaining security policies, conducting risk assessments, monitoring compliance, and preparing reports for management or auditors. Their work ensures the organization’s data and systems are protected, and that the company meets requirements such as GDPR, HIPAA, or ISO 27001.
What are the key skills and qualifications needed to thrive as a Cyber GRC Analyst, and why are they important?
To thrive as a Cyber GRC Analyst, you need a solid understanding of risk management, cybersecurity frameworks (like NIST, ISO 27001), and compliance requirements, often supported by a degree in IT, cybersecurity, or related fields. Familiarity with GRC tools (such as Archer or ServiceNow), security monitoring systems, and certifications like CISSP, CISA, or CRISC is typically expected. Strong analytical thinking, attention to detail, and communication skills help you identify risks and effectively report findings to stakeholders. These competencies ensure organizations can proactively manage cyber risks, maintain regulatory compliance, and protect critical assets.
What is the difference between Cyber Grc Analyst vs Cyber Security Analyst?
| Aspect | Cyber Grc Analyst | Cyber Security Analyst |
|---|---|---|
| Certifications | ISO 27001, CISSP, CISA | CISSP, CEH, Security+ |
| Work Environment | Policy, compliance, risk management | Threat detection, incident response |
| Employer & Industry Usage | Financial, healthcare, government | Tech, finance, retail |
Cyber Grc Analysts focus on governance, risk, and compliance, ensuring organizations meet security standards. Cyber Security Analysts primarily handle threat detection and incident response. While both roles require security certifications and work in related environments, their core responsibilities differ, with GRC analysts emphasizing policies and compliance, and security analysts focusing on technical security measures.
How does a Cyber GRC Analyst typically collaborate with other departments to manage organizational risk?
As a Cyber GRC Analyst, collaboration with other departments is a key aspect of the role. Analysts often work closely with IT, legal, compliance, and business units to assess risks, implement controls, and ensure adherence to regulations and policies. This involves facilitating risk assessments, coordinating audits, and communicating findings or recommendations in a clear, actionable way. Effective teamwork and communication skills are essential to bridge technical and non-technical stakeholders and foster a culture of security and compliance across the organization.
More about Cyber Grc Analyst jobs
What cities are hiring for Cyber Grc Analyst jobs? Cities with the most Cyber Grc Analyst job openings:
What states have the most Cyber Grc Analyst jobs? States with the most job openings for Cyber Grc Analyst jobs include:
What job categories do people searching Cyber Grc Analyst jobs look for? The top searched job categories for Cyber Grc Analyst jobs are:
Full-time
Medical, Dental, Vision, Life, Retirement, PTO
Posted 25 days ago
Job description
About Us
Clayco is a full-service, turnkey real estate development, master planning, architecture, engineering, and construction firm that safely delivers clients across North America the highest quality solutions on time, on budget, and above and beyond expectations. With $8.1 billion in revenue for 2025, Clayco specializes in the "art and science of building," providing fast track, efficient solutions for mission critical, industrial, life sciences, power & energy, aviation, commercial, institutional, residential and sports & entertainment related building projects.
The Role We Want You For
Under the direction of and in collaboration with the GRC Manager, the Sr. GRC Analyst, Third-Party & Human Risk Management (TPHRM) is a Risk focused, highly analytical role that ensures all Human and Third-Party risk to Clayco is identified, quantified, documented, and treated to an acceptable level across the Clayco organization. This role will assume ownership of the Third-Party Risk Management (TPRM) process to gather details on the security practices and compliance levels for each third-party being considered or contracted for a solution or services to assess the potential for compromise due to a control gap or exploitable misconfiguration as well as non-compliance with legal and regulatory requirements.. Additional contribution will be expected for internal assessments and 3rd Party audits to gather and submit discovery and transactional responses and artifacts.The Sr. GRC Analyst will also assume ownership of Human Risk Management (HRM) including the delivery of comprehensive security awareness education, the end-to-end execution of phishing simulation programs, and the technical maintenance and life-cycle management of security awareness platforms. Beyond simple training, the position focuses on Human Risk Management (HRM), using data-driven insights to identify high-risk user groups and implementing targeted interventions to proactively mitigate human-centric threats to cultivate a security-first culture internally through education and behavioral change. Additional responsibilities will be assigned as deemed necessary. Any travel is usually planned in advance, but issues may arise which warrant immediate travel to one or more satellite locations.
The Specifics of the Role
Requirements
Some Things You Should Know.
Why Clayco?
Benefits
Compensation
Clayco is a full-service, turnkey real estate development, master planning, architecture, engineering, and construction firm that safely delivers clients across North America the highest quality solutions on time, on budget, and above and beyond expectations. With $8.1 billion in revenue for 2025, Clayco specializes in the "art and science of building," providing fast track, efficient solutions for mission critical, industrial, life sciences, power & energy, aviation, commercial, institutional, residential and sports & entertainment related building projects.
The Role We Want You For
Under the direction of and in collaboration with the GRC Manager, the Sr. GRC Analyst, Third-Party & Human Risk Management (TPHRM) is a Risk focused, highly analytical role that ensures all Human and Third-Party risk to Clayco is identified, quantified, documented, and treated to an acceptable level across the Clayco organization. This role will assume ownership of the Third-Party Risk Management (TPRM) process to gather details on the security practices and compliance levels for each third-party being considered or contracted for a solution or services to assess the potential for compromise due to a control gap or exploitable misconfiguration as well as non-compliance with legal and regulatory requirements.. Additional contribution will be expected for internal assessments and 3rd Party audits to gather and submit discovery and transactional responses and artifacts.The Sr. GRC Analyst will also assume ownership of Human Risk Management (HRM) including the delivery of comprehensive security awareness education, the end-to-end execution of phishing simulation programs, and the technical maintenance and life-cycle management of security awareness platforms. Beyond simple training, the position focuses on Human Risk Management (HRM), using data-driven insights to identify high-risk user groups and implementing targeted interventions to proactively mitigate human-centric threats to cultivate a security-first culture internally through education and behavioral change. Additional responsibilities will be assigned as deemed necessary. Any travel is usually planned in advance, but issues may arise which warrant immediate travel to one or more satellite locations.
The Specifics of the Role
- Assumes operational ownership of the 3rd Party Vendor Risk Management program identifying, assessing, and mitigating risks associated with external vendors, suppliers, and service providers
- Conducts due diligence on new and existing vendors by reviewing security questionnaires, SOC reports, compliance certifications, and other supporting attestations
- Captures, analyzes, and recommends treatment, assignment, and tracking of identified issues
- Collaborates with legal and stakeholder teams to ensure contracts include specific clauses for data protection, service-level agreements (SLAs), and AI governance
- Documents and communicates all relevant findings and recommendations to stakeholders
- Tracks, monitors, and reports on execution of remediation action plans and escalates inadequate responses or progress
- Assumes ownership of the Security Awareness program determining appropriate topics, themes, scopes, and timing of cyber awareness communications, events, and content delivery
- Conducts regular, simulated social engineering exercises to assess and improve employee recognition of real-world attacks
- Develops engaging, simple materials-such as infographics, newsletters, and videos-that translate complex technical risks into layman's terms
- Maintains Security Awareness training and simulation platforms to support content delivery and End User interaction, including support for any Client-side functionality (i.e., "Report Phish" button)
- Plans, coordinates, and executes activities for Cybersecurity month
- Partners with Employee Relations, Legal, and Marketing to ensure security messaging is integrated into the broader corporate culture
- Tracks Key Risk Indicators (KRI's) such as actual phishing click-through rates, failed simulations, and missed training as well as Key Performance Indicators (KPIs) like suspicious email reporting, passed simulations, and successful training completion status to measure program effectiveness for leadership
Requirements
- 6-8+ years' experience in Risk & Compliance Assessment, Audit & Reporting, or similar functions, preferably within the Information Security or Technology fields
- 3-4+ years working specifically in Information Security roles involving Risk Analysis, Information System Security Assessment, and/or Security Awareness and Human Risk Management
- Bachelor's degree in Information Technology or related field, or equivalent experience
- Required Certifications: Certified in Risk & Information Systems Control (CRISC), SANS Security Awareness Professional (SSAP), and Certified Third-party Risk Professional Certification (CTPRP) (Current status, or obtained within 9 months of assuming role)
- Strong experience leveraging auditing principles and methods to evaluate policies, processes, systems, and vendors to identify business risks and control gaps
- Strong knowledge of Regulations, Frameworks, and Standards such as NIST 800-171/CSF/RMF, ISO27001, CIS Critical Security Controls, etc.
- Strong, technical knowledge of modern Systems, Services, Cloud Applications/Platforms, Identity Services, and Data Storage/Handling and their areas of Risk and Threat exposure
- Experience with administering, maintaining, and leveraging a Risk Register to track and communicate identified Risk and its required remediation
- Knowledge of statistics, reporting and analytical tools to analyze and solve complex problems
- Proficiency in necessary productivity tools (i.e., Microsoft Excel, PowerPoint, Word etc.) for analytics and presentations
- Operate with strong integrity with ability to manage projects of a confidential nature
- Ability to translate technical or abstract concepts into a narrative that is easily understood
- Ability to thrive in fast-paced environment.
Some Things You Should Know.
- No other builder can offer the collaborative design-build approach that Clayco does.
- We work on creative, complex, award-winning, high-profile jobs.
- The pace is fast!
- This position is classified as a safety-sensitive role in accordance with applicable state and federal laws. Candidates selected for this position will be subject to a comprehensive background check, which includes mandatory drug testing.
Why Clayco?
- 2025 Best Places to Work - St. Louis Business Journal, Los Angeles Business Journal, and Phoenix Business Journal.
- 2025 ENR Top 400 - Top Data Center Contractor (Top 3).
- 2025 ENR Top 100 Design-Build Firms - Design-Build Contractor (Top 5).
- 2025 ENR Top 100 Green Contractors - Green Contractor (Top 3).
Benefits
- Discretionary Annual Bonus: Subject to company and individual performance.
- Comprehensive Benefits Package Including: Medical, dental and vision plans, 401k, generous PTO and paid company holidays, employee assistance program, flexible spending accounts, life insurance, disability coverage, learning & development programs and more!
Compensation
- The salary range for this position considers a wide range of factors in making compensation decisions including but not limited to: Education, qualifications, skills, training, experience, certifications, internal equity, and location. Compensation decisions are dependent on the facts and circumstances of each case.
About Clayco
Sourced by ZipRecruiter
Industry
Construction
Company size
1,001 - 5,000 Employees
Headquarters location
Chicago, IL, US
Year founded
1984