ZipRecruiter

Log In

1

Cybersecurity Grc Jobs (NOW HIRING)

OSG

GRC Cybersecurity Lead

Carol Stream, IL · On-site

OSG is growing its Governance, Risk, and Compliance function and is seeking an experienced GRC Cybersecurity Lead to take ownership of the cybersecurity GRC program. This high-visibility role ...

Northern Trust

Cybersecurity GRC Compliance Lead

Chicago, IL · On-site

$114K - $154K/yr

The Cybersecurity GRC Compliance Lead will act as a subject matter expert in delivering compliance and assurance initiatives, coordinating cyber controls information, and engaging with stakeholders ...

UGI

Cybersecurity Senior GRC Analyst

Denver, PA

$96K - $123K/yr

The GRC Cybersecurity Senior Analyst will report directly to the Global Cybersecurity Risk Manager. This role involves collaborating with cross-functional teams to design, implement, and maintain ...

next page

Showing results 1-20

All JobsCybersecurity Grc Jobs

Cybersecurity Grc information

See salary details

$38.5K

$58.2K

$87K

How much do cybersecurity grc jobs pay per year?

As of Jun 15, 2026, the average yearly pay for cybersecurity grc in the United States is $58,171.00, according to ZipRecruiter salary data. Most workers in this role earn between $48,000.00 and $64,500.00 per year, depending on experience, location, and employer.

What are some common challenges faced by professionals in Cybersecurity GRC roles, and how can they be addressed?

Professionals in Cybersecurity GRC (Governance, Risk, and Compliance) often encounter challenges such as keeping up with evolving regulatory requirements, balancing business objectives with security mandates, and fostering collaboration between IT, legal, and business teams. These challenges can be addressed by staying current with industry standards, utilizing automated tools for compliance tracking, and building strong communication channels across departments. Proactively engaging stakeholders and fostering a culture of security awareness also play a crucial role in overcoming these obstacles and ensuring effective risk management.

What is Cybersecurity GRC?

Cybersecurity GRC stands for Governance, Risk, and Compliance in the context of cybersecurity. It involves establishing frameworks and processes to ensure an organization's information security aligns with business objectives, regulatory requirements, and risk management strategies. Professionals in this field help identify and manage security risks, create policies and controls, and ensure compliance with laws and standards such as GDPR, HIPAA, or ISO 27001. The goal of Cybersecurity GRC is to protect the organization’s digital assets while enabling responsible growth and innovation.

What are the key skills and qualifications needed to thrive as a Cybersecurity GRC (Governance, Risk, and Compliance) professional, and why are they important?

To thrive as a Cybersecurity GRC professional, you need a solid understanding of cybersecurity frameworks, risk management principles, and regulatory compliance, often supported by a degree in information security or a related field. Familiarity with tools like GRC platforms (e.g., RSA Archer, ServiceNow), as well as certifications such as CISSP, CISM, or CRISC, is typically required. Strong analytical skills, attention to detail, and effective communication are crucial soft skills for collaborating with stakeholders and translating technical risks into business implications. These competencies ensure organizations can proactively manage cyber risks, meet regulatory requirements, and maintain trust with clients and partners.

Is GRC in high demand?

Cybersecurity GRC (Governance, Risk, and Compliance) professionals are in high demand due to increasing cybersecurity regulations and the need for organizations to manage risk effectively. Employers seek candidates with knowledge of compliance frameworks, risk management, and security policies, often requiring certifications like CISA or CISSP. The role offers strong job growth prospects across various industries as cybersecurity threats continue to evolve.

What is the difference between Cybersecurity Grc vs Cybersecurity Analyst?

AspectCybersecurity GrcCybersecurity Analyst
CertificationsISO 27001, CISSP, CISACompTIA Security+, CEH, CISSP
Work EnvironmentPolicy development, risk management, complianceThreat detection, incident response, vulnerability assessment
Employer & Industry UsageOrganizations focusing on governance and complianceSecurity operations centers, IT departments

Cybersecurity Grc professionals focus on establishing policies, managing risks, and ensuring compliance with regulations. In contrast, Cybersecurity Analysts primarily monitor security systems, analyze threats, and respond to incidents. While both roles require similar certifications and work within the cybersecurity field, Grc roles are more strategic and policy-oriented, whereas Analysts are more technical and operational.

Can you make $500,000 a year in cyber security?

Cybersecurity GRC (Governance, Risk, and Compliance) professionals can potentially earn $500,000 annually at senior levels or in executive roles such as Chief Information Security Officer (CISO), especially with extensive experience, certifications like CISSP or CISA, and leadership responsibilities. Achieving this income typically requires a combination of advanced skills, strategic oversight, and working in high-demand industries or organizations with large security budgets.

Is GRC an entry level job?

Cybersecurity GRC (Governance, Risk, and Compliance) roles can be entry-level, especially for positions focused on policy, documentation, and compliance tasks. However, more advanced GRC roles often require prior experience, certifications like CISA or CISSP, and knowledge of security frameworks. Entry-level positions typically involve supporting senior staff and learning industry standards.

How much does a cyber GRC specialist make?

A cybersecurity GRC (Governance, Risk, and Compliance) specialist typically earns between $70,000 and $130,000 annually, depending on experience, certifications, and location. Entry-level roles may start lower, while experienced professionals with certifications like CISSP or CISA can earn higher salaries, often with opportunities for bonuses and benefits.
More about Cybersecurity Grc jobs
What cities are hiring for Cybersecurity Grc jobs? Cities with the most Cybersecurity Grc job openings:
What are the most commonly searched types of Cybersecurity Grc jobs? The most popular types of Cybersecurity Grc jobs are:
What states have the most Cybersecurity Grc jobs? States with the most job openings for Cybersecurity Grc jobs include:
What job categories do people searching Cybersecurity Grc jobs look for? The top searched job categories for Cybersecurity Grc jobs are:
Cybersecurity Grc jobs near you
Infographic showing various Cybersecurity Grc job openings in the United States as of June 2026, with employment types broken down into 95% Full Time, 3% Part Time, and 2% Contract. Highlights an 77% Physical, 9% Hybrid, and 14% Remote job distribution, with an average salary of $58,171 per year, or $28 per hour.
Cybersecurity GRC Analyst II

Cybersecurity GRC Analyst II

New American Funding

Santa Ana, CA • On-site

$100K/yr

Full-time

Medical, Dental, Vision, Retirement, PTO

Posted 23 days ago

New American Funding rating

8.4

Company rating: 8.4 out of 10

Based on 10 frontline employees who took The Breakroom Quiz

Job description

Overview
Position: IT GRC Analyst II
Location: On-Site role in Santa Ana, CA.
Compensation: starting at $100K+ DOE
*Actual compensation may vary from posting based on geographic location, work experience, education, and/or skill level.
Position Summary: The Cybersecurity GRC Analyst II will be a key member of our fast-paced, growing Cybersecurity Services team. This role is intensely focused on Governance, Risk, and Compliance (GRC) and serves as a primary point of contact for responding to external audits. The Analyst will be responsible for day-to-day IT compliance, data governance, and IT risk management functions. This role is critical in defining, creating, and managing IT policies and standards to meet legal and regulatory requirements.
Responsibilities
  • External Audit Management: Lead the coordination and response to all external IT audits and regulatory examinations. Act as the primary liaison for external auditors, managing evidence collection, interviews, and formal responses to findings.
  • Compliance & Controls Testing: Design, lead, and perform comprehensive IT control reviews and compliance testing aligned with regulatory and industry frameworks (e.g., SOC 2, NIST, NY DFS, CCPA/CPRA). Identify control weaknesses and recommend remediation strategies.
  • Audit Strategy & Execution: Collaborate with senior IT leadership and Governance teams to develop audit plans and testing strategies based on enterprise risk assessments. Lead high-impact audits across infrastructure, cloud, applications, and cybersecurity domains.
  • Controls & Risk Evaluation: Independently evaluate the design and operating effectiveness of IT controls, including access management, change management, data protection, network security, business continuity, and disaster recovery.
  • Technology & Evidence Review: Assess automated evidence gathered by NAF's Next Gen GRC/IRM platform. Partner with control owners to validate effectiveness and drive continuous improvement in evidence quality and timeliness for both internal and external audits.
  • Reporting & Recommendations: Prepare executive-level audit reports that clearly articulate testing performed, risk exposure, control gaps, and actionable recommendations. Present findings to leadership, governance bodies, and external auditors.
  • Remediation Oversight: Guide and monitor the implementation of remediation plans for audit findings, ensuring timely and effective resolution of identified issues. Conduct follow-up reviews to validate remediation efforts.
  • Risk Management: Support ongoing IT risk assessment efforts to identify areas of heightened risk. Recommend enhancements to control coverage and risk mitigation practices based on audit results and industry trends.
  • Stakeholder Engagement: Serve as a trusted advisor between IT, business units, and external auditors. Ensure strong collaboration and alignment of controls testing and audit evidence across the organization.
  • Regulatory & Industry Expertise: Stay informed on emerging regulatory requirements, auditing standards, and technology trends. Interpret and apply requirements to improve NAF's IT risk and compliance posture.

Qualifications
  • Deep understanding of IT governance, compliance, and risk management principles.
  • Proven experience managing and responding to external IT audits.
  • Strong knowledge of frameworks and standards such as SOC 2, NIST CSF/800-53, CIS Controls, NY DFS, and CCPA/CPRA.
  • Experience with IT GRC/IRM platforms (e.g., Archer, ServiceNow, OneTrust, or similar).
  • Familiarity with cloud environments (Azure, AWS, GCP) and modern IT infrastructures.
  • Proven ability to adapt to rapidly changing technology landscapes and compliance requirements.
  • Excellent analytical, problem-solving, and critical thinking skills.
  • Strong interpersonal, written, and verbal communication abilities, with experience presenting to senior leadership and cross-functional teams.

Education, Experience & Certification:
  • Education: Bachelor's degree in Computer Science, Information Systems, Cybersecurity, or a related field.
  • Experience: Minimum 5-7 years of progressive experience in IT audit, IT risk management, cybersecurity, or compliance in a complex enterprise environment.
  • Certifications: Professional certifications are highly preferred: CISA, CISSP, CRISC, CISM, CGRC (formerly CAP), CDPSE, CGEIT, CIA.

Work Authorization:
Must be able to verify identity and employment eligibility to work in the U.S. This position does not offer visa sponsorship.
Other Duties:
This job profile is not intended to be an all-inclusive list of job duties and responsibilities, as one may perform additional related duties as assigned in order to meet the needs of the organization.
Physical Demands:
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions. Must be able to lift up to ten pounds. Primary functions require sufficient physical ability and mobility to work in an office setting; to stand or sit for prolonged periods of time; to occasionally stoop, bend, kneel, crouch, reach, and twist; to lift, carry, push, and/or pull light to moderate amounts of weight; to operate office equipment requiring repetitive hand movement and fine coordination including use of a keyboard; and to verbally communicate to exchange information. VISION: See in the normal visual range with or without correction. HEARING: Hear in the normal audio range with or without correction.
Pay Transparency Disclosure: If based in New American Funding's offices, this role has the annual base salary range stated below.
Job level and actual compensation will be decided based on factors including, but not limited to, individual qualifications objectively assessed during the interview process (including skills and prior relevant experience, potential impact, and scope of role), market demands, and specific work location. The listed range is a guideline, and the range for this role may be modified. For roles that are available to be filled remotely, the pay range is localized according to employee work location by a factor of between 80% and 100% of range. Please discuss your specific work location with your recruiter for more information.
New American Funding offers competitive package of additional benefits, including health, dental & vision, retirement with company contribution, parental leave , mental health & wellness benefits, and generous PTO. New American Funding also offers sales incentive pay for most sales roles and an annual bonus plan for eligible non-sales roles. New American Funding's compensation and benefits are subject to change and may be modified in the future.
[EOE/M/F/D/V. Drug-free workplace.]
#LI-JS3

What New American Funding employees say

Workplace

Get the full story on Breakroom

Apply