ZipRecruiter

Log In

1

Cyber Security Grc Jobs (NOW HIRING)

OSG

GRC Cybersecurity Lead

Carol Stream, IL ยท On-site

OSG is growing its Governance, Risk, and Compliance function and is seeking an experienced GRC Cybersecurity Lead to take ownership of the cybersecurity GRC program. This high-visibility role ...

New

Northern Trust

Cybersecurity GRC Compliance Lead

Chicago, IL ยท On-site

$114K - $154K/yr

The Cybersecurity GRC Compliance Lead will act as a subject matter expert in delivering compliance and assurance initiatives, coordinating cyber controls information, and engaging with stakeholders ...

UGI

Cybersecurity Senior GRC Analyst

Denver, PA

$96K - $123K/yr

The GRC Cybersecurity Senior Analyst will report directly to the Global Cybersecurity Risk Manager. This role involves collaborating with cross-functional teams to design, implement, and maintain ...

next page

Showing results 1-20

All JobsCyber Security Grc Jobs

Cyber Security GRC information

See salary details

$40.5K

$122.9K

$180K

How much do cyber security grc jobs pay per year?

As of Jun 14, 2026, the average yearly pay for cyber security grc in the United States is $122,890.00, according to ZipRecruiter salary data. Most workers in this role earn between $102,000.00 and $142,000.00 per year, depending on experience, location, and employer.

What are some common challenges faced by Cyber Security GRC professionals, and how do they typically overcome them?

Cyber Security GRC professionals often face the challenge of keeping up with evolving regulations, adapting controls for new technologies, and coordinating between security teams and business units. To overcome these challenges, professionals stay current with industry standards, participate in ongoing training, and actively communicate policy changes and risk assessments to stakeholders across the organization. They also leverage robust GRC tools to streamline compliance processes and documentation. Working collaboratively with IT, legal, and compliance teams allows them to better identify risks and implement effective, practical security controls. This approach ensures a well-integrated and proactive risk management posture for the organization.

What is a GRC in cyber security?

In cybersecurity, GRC stands for Governance, Risk Management, and Compliance, and it refers to the framework that helps organizations align security strategies with business objectives, manage risks, and ensure regulatory compliance. Cybersecurity GRC professionals implement policies, conduct audits, and use tools like risk assessments and compliance frameworks to protect information assets.

Is GRC in high demand?

Cyber Security GRC (Governance, Risk, and Compliance) roles are in high demand due to increasing cybersecurity threats and regulatory requirements. Organizations seek professionals with skills in risk management, compliance frameworks, and security policies, often requiring certifications like CISA or CISSP. The demand is expected to grow as cybersecurity becomes a strategic priority across industries.

What is a Cyber Security GRC job?

A Cyber Security GRC (Governance, Risk, and Compliance) job focuses on ensuring an organization's security policies, risk management strategies, and regulatory compliance. Professionals in this role develop and enforce security policies, assess risks, and ensure adherence to industry regulations like GDPR, HIPAA, or ISO 27001. They collaborate with different teams to mitigate cybersecurity threats while aligning security practices with business goals. This role is critical for maintaining an organization's security posture and reducing potential risks.

Is GRC an entry level job?

A Cyber Security GRC (Governance, Risk, and Compliance) role is typically not entry-level and usually requires prior experience or knowledge of cybersecurity principles, risk management, and compliance frameworks. Entry-level positions in cybersecurity may involve supporting GRC functions but often require foundational certifications like CompTIA Security+ or similar skills. Advancing in GRC roles generally involves gaining relevant certifications and experience in security policies, audits, and regulatory standards.

What are the key skills and qualifications needed to thrive in the Cyber Security Grc position, and why are they important?

To thrive as a Cyber Security GRC professional, a solid understanding of information security frameworks, risk management, and regulatory compliance is essential, often supported by a degree in information security or a related field. Familiarity with GRC platforms (such as Archer, ServiceNow, or LogicGate), and certifications like CISSP, CISM, or CRISC, are highly valued. Excellent analytical skills, attention to detail, and the ability to communicate complex risks to non-technical stakeholders are critical soft skills. These capabilities ensure organizations remain secure, compliant, and able to effectively manage evolving cyber risks.

Can you make $500,000 a year in cyber security?

Cyber Security GRC professionals can potentially earn $500,000 annually, especially at senior levels or in executive roles such as Chief Information Security Officer (CISO). Achieving this salary typically requires extensive experience, advanced certifications like CISSP or CISM, and working in high-demand industries or large organizations. Salary varies based on location, company size, and individual expertise.
More about Cyber Security GRC jobs
What cities are hiring for Cyber Security Grc jobs? Cities with the most Cyber Security Grc job openings:
What are the most commonly searched types of Cyber Security Grc jobs? The most popular types of Cyber Security Grc jobs are:
What states have the most Cyber Security Grc jobs? States with the most job openings for Cyber Security Grc jobs include:
What job categories do people searching Cyber Security Grc jobs look for? The top searched job categories for Cyber Security Grc jobs are:
Cyber Security GRC jobs near you
Infographic showing various Cyber Security Grc job openings in the United States as of June 2026, with employment types broken down into 100% Full Time. Highlights an 100% In-person job distribution, with an average salary of $122,890 per year, or $59.1 per hour.
Cybersecurity GRC Analyst II

Cybersecurity GRC Analyst II

New American Funding

Santa Ana, CA โ€ข On-site

$100K/yr

Full-time

Medical, Dental, Vision, Retirement, PTO

Posted 21 days ago

New American Funding rating

8.4

Company rating: 8.4 out of 10

Based on 10 frontline employees who took The Breakroom Quiz

Job description

Overview
Position: IT GRC Analyst II
Location: On-Site role in Santa Ana, CA.
Compensation: starting at $100K+ DOE
*Actual compensation may vary from posting based on geographic location, work experience, education, and/or skill level.
Position Summary: The Cybersecurity GRC Analyst II will be a key member of our fast-paced, growing Cybersecurity Services team. This role is intensely focused on Governance, Risk, and Compliance (GRC) and serves as a primary point of contact for responding to external audits. The Analyst will be responsible for day-to-day IT compliance, data governance, and IT risk management functions. This role is critical in defining, creating, and managing IT policies and standards to meet legal and regulatory requirements.
Responsibilities
  • External Audit Management: Lead the coordination and response to all external IT audits and regulatory examinations. Act as the primary liaison for external auditors, managing evidence collection, interviews, and formal responses to findings.
  • Compliance & Controls Testing: Design, lead, and perform comprehensive IT control reviews and compliance testing aligned with regulatory and industry frameworks (e.g., SOC 2, NIST, NY DFS, CCPA/CPRA). Identify control weaknesses and recommend remediation strategies.
  • Audit Strategy & Execution: Collaborate with senior IT leadership and Governance teams to develop audit plans and testing strategies based on enterprise risk assessments. Lead high-impact audits across infrastructure, cloud, applications, and cybersecurity domains.
  • Controls & Risk Evaluation: Independently evaluate the design and operating effectiveness of IT controls, including access management, change management, data protection, network security, business continuity, and disaster recovery.
  • Technology & Evidence Review: Assess automated evidence gathered by NAF's Next Gen GRC/IRM platform. Partner with control owners to validate effectiveness and drive continuous improvement in evidence quality and timeliness for both internal and external audits.
  • Reporting & Recommendations: Prepare executive-level audit reports that clearly articulate testing performed, risk exposure, control gaps, and actionable recommendations. Present findings to leadership, governance bodies, and external auditors.
  • Remediation Oversight: Guide and monitor the implementation of remediation plans for audit findings, ensuring timely and effective resolution of identified issues. Conduct follow-up reviews to validate remediation efforts.
  • Risk Management: Support ongoing IT risk assessment efforts to identify areas of heightened risk. Recommend enhancements to control coverage and risk mitigation practices based on audit results and industry trends.
  • Stakeholder Engagement: Serve as a trusted advisor between IT, business units, and external auditors. Ensure strong collaboration and alignment of controls testing and audit evidence across the organization.
  • Regulatory & Industry Expertise: Stay informed on emerging regulatory requirements, auditing standards, and technology trends. Interpret and apply requirements to improve NAF's IT risk and compliance posture.

Qualifications
  • Deep understanding of IT governance, compliance, and risk management principles.
  • Proven experience managing and responding to external IT audits.
  • Strong knowledge of frameworks and standards such as SOC 2, NIST CSF/800-53, CIS Controls, NY DFS, and CCPA/CPRA.
  • Experience with IT GRC/IRM platforms (e.g., Archer, ServiceNow, OneTrust, or similar).
  • Familiarity with cloud environments (Azure, AWS, GCP) and modern IT infrastructures.
  • Proven ability to adapt to rapidly changing technology landscapes and compliance requirements.
  • Excellent analytical, problem-solving, and critical thinking skills.
  • Strong interpersonal, written, and verbal communication abilities, with experience presenting to senior leadership and cross-functional teams.

Education, Experience & Certification:
  • Education: Bachelor's degree in Computer Science, Information Systems, Cybersecurity, or a related field.
  • Experience: Minimum 5-7 years of progressive experience in IT audit, IT risk management, cybersecurity, or compliance in a complex enterprise environment.
  • Certifications: Professional certifications are highly preferred: CISA, CISSP, CRISC, CISM, CGRC (formerly CAP), CDPSE, CGEIT, CIA.

Work Authorization:
Must be able to verify identity and employment eligibility to work in the U.S. This position does not offer visa sponsorship.
Other Duties:
This job profile is not intended to be an all-inclusive list of job duties and responsibilities, as one may perform additional related duties as assigned in order to meet the needs of the organization.
Physical Demands:
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions. Must be able to lift up to ten pounds. Primary functions require sufficient physical ability and mobility to work in an office setting; to stand or sit for prolonged periods of time; to occasionally stoop, bend, kneel, crouch, reach, and twist; to lift, carry, push, and/or pull light to moderate amounts of weight; to operate office equipment requiring repetitive hand movement and fine coordination including use of a keyboard; and to verbally communicate to exchange information. VISION: See in the normal visual range with or without correction. HEARING: Hear in the normal audio range with or without correction.
Pay Transparency Disclosure: If based in New American Funding's offices, this role has the annual base salary range stated below.
Job level and actual compensation will be decided based on factors including, but not limited to, individual qualifications objectively assessed during the interview process (including skills and prior relevant experience, potential impact, and scope of role), market demands, and specific work location. The listed range is a guideline, and the range for this role may be modified. For roles that are available to be filled remotely, the pay range is localized according to employee work location by a factor of between 80% and 100% of range. Please discuss your specific work location with your recruiter for more information.
New American Funding offers competitive package of additional benefits, including health, dental & vision, retirement with company contribution, parental leave , mental health & wellness benefits, and generous PTO. New American Funding also offers sales incentive pay for most sales roles and an annual bonus plan for eligible non-sales roles. New American Funding's compensation and benefits are subject to change and may be modified in the future.
[EOE/M/F/D/V. Drug-free workplace.]
#LI-JS3

What New American Funding employees say

Workplace

Get the full story on Breakroom

Apply