1

Cybersecurity Grc Jobs (NOW HIRING)

Cybersecurity Senior GRC Analyst

Denver, PA

$96K - $123K/yr

The GRC Cybersecurity Senior Analyst will report directly to the Global Cybersecurity Risk Manager. This role involves collaborating with cross-functional teams to design, implement, and maintain ...

Cybersecurity Senior GRC Analyst

Denver, PA · On-site

$96K - $123K/yr

The GRC Cybersecurity Senior Analyst will report directly to the Global Cybersecurity Risk Manager. This role involves collaborating with cross-functional teams to design, implement, and maintain ...

Cybersecurity, IT GRC Practice Lead

Coral Gables, FL · On-site

$105K - $142K/yr

Are you a passionate about growing an IT Cybersecurity and IT GRC Compliance advisory practice? Elevate is looking for a dynamic, hard charging IT Service Delivery Practice Lead who thrives on ...

Apply Early

Cyber GRC Transformation Manager

Ashburn, VA · On-site

$113K - $153K/yr

As the Manager of Cybersecurity GRC Transformation, you will lead two critical, high-impact pillars: driving the business integration of a massive enterprise Archer migration and architecting the ...

Cyber GRC Transformation Manager

Concord, NC · On-site

$103K - $139K/yr

As the Manager of Cybersecurity GRC Transformation, you will lead two critical, high-impact pillars: driving the business integration of a massive enterprise Archer migration and architecting the ...

next page

Showing results 1-20

Cybersecurity Grc information

See salary details

$38.5K

$58.2K

$87K

How much do cybersecurity grc jobs pay per year?

As of Jul 7, 2026, the average yearly pay for cybersecurity grc in the United States is $58,171.00, according to ZipRecruiter salary data. Most workers in this role earn between $48,000.00 and $64,500.00 per year, depending on experience, location, and employer.

What are some common challenges faced by professionals in Cybersecurity GRC roles, and how can they be addressed?

Professionals in Cybersecurity GRC (Governance, Risk, and Compliance) often encounter challenges such as keeping up with evolving regulatory requirements, balancing business objectives with security mandates, and fostering collaboration between IT, legal, and business teams. These challenges can be addressed by staying current with industry standards, utilizing automated tools for compliance tracking, and building strong communication channels across departments. Proactively engaging stakeholders and fostering a culture of security awareness also play a crucial role in overcoming these obstacles and ensuring effective risk management.

What is Cybersecurity GRC?

Cybersecurity GRC stands for Governance, Risk, and Compliance in the context of cybersecurity. It involves establishing frameworks and processes to ensure an organization's information security aligns with business objectives, regulatory requirements, and risk management strategies. Professionals in this field help identify and manage security risks, create policies and controls, and ensure compliance with laws and standards such as GDPR, HIPAA, or ISO 27001. The goal of Cybersecurity GRC is to protect the organization’s digital assets while enabling responsible growth and innovation.

What are the key skills and qualifications needed to thrive as a Cybersecurity GRC (Governance, Risk, and Compliance) professional, and why are they important?

To thrive as a Cybersecurity GRC professional, you need a solid understanding of cybersecurity frameworks, risk management principles, and regulatory compliance, often supported by a degree in information security or a related field. Familiarity with tools like GRC platforms (e.g., RSA Archer, ServiceNow), as well as certifications such as CISSP, CISM, or CRISC, is typically required. Strong analytical skills, attention to detail, and effective communication are crucial soft skills for collaborating with stakeholders and translating technical risks into business implications. These competencies ensure organizations can proactively manage cyber risks, meet regulatory requirements, and maintain trust with clients and partners.

Is GRC in high demand?

Cybersecurity GRC (Governance, Risk, and Compliance) professionals are in high demand due to increasing cybersecurity regulations and the need for organizations to manage risks effectively. Employers seek candidates with knowledge of compliance frameworks, risk management, and security policies, often requiring certifications like CISA or CISSP. The role offers strong job growth prospects across various industries as cybersecurity threats continue to evolve.

What is the difference between Cybersecurity Grc vs Cybersecurity Analyst?

AspectCybersecurity GrcCybersecurity Analyst
CertificationsISO 27001, CISSP, CISACompTIA Security+, CEH, CISSP
Work EnvironmentPolicy development, risk management, complianceThreat detection, incident response, vulnerability assessment
Employer & Industry UsageOrganizations focusing on governance and complianceSecurity operations centers, IT departments

Cybersecurity Grc professionals focus on establishing policies, managing risks, and ensuring compliance with regulations. In contrast, Cybersecurity Analysts primarily monitor security systems, analyze threats, and respond to incidents. While both roles require similar certifications and work within the cybersecurity field, Grc roles are more strategic and policy-oriented, whereas Analysts are more technical and operational.

Can you make $200,000 in cyber security?

Cybersecurity GRC (Governance, Risk, and Compliance) professionals can potentially earn $200,000 or more annually, especially with extensive experience, advanced certifications like CISSP or CISA, and leadership roles such as security managers or directors. Salary levels vary based on industry, location, and company size, with senior positions often reaching or exceeding this threshold.

What is the role of GRC in cybersecurity?

In cybersecurity, GRC (Governance, Risk Management, and Compliance) professionals develop and implement policies to ensure organizations meet security standards, manage risks, and comply with regulations. They use frameworks like ISO 27001 and tools such as risk assessments and audits to protect information assets and support security strategies.

How much do cyber GRC specialists make?

Cybersecurity GRC (Governance, Risk, and Compliance) specialists typically earn between $70,000 and $130,000 annually, depending on experience, certifications, and location. Senior roles or those with advanced certifications like CISSP or CISA can earn higher salaries, especially in larger organizations or high-demand markets.
More about Cybersecurity Grc jobs
What cities are hiring for Cybersecurity Grc jobs? Cities with the most Cybersecurity Grc job openings:
What are the most commonly searched types of Cybersecurity Grc jobs? The most popular types of Cybersecurity Grc jobs are:
What states have the most Cybersecurity Grc jobs? States with the most job openings for Cybersecurity Grc jobs include:
Infographic showing various Cybersecurity Grc job openings in the United States as of July 2026, with employment types broken down into 92% Full Time, 5% Part Time, and 3% Contract. Highlights an 79% Physical, 5% Hybrid, and 16% Remote job distribution, with an average salary of $58,171 per year, or $28 per hour.
Cybersecurity GRC Manager, FCH - IT - SECURITY

Cybersecurity GRC Manager, FCH - IT - SECURITY

Froedtert

Menomonee Falls, WI • Remote

$111K - $150K/yr

Full-time

Medical, Dental, Vision, Life, Retirement, PTO

Posted 9 days ago


Job description

Discover. Achieve. Succeed. #BeHere

Location: US:WI:MENOMONEE FALLS at our WOODLAND PRIME 400 facility.

This job is REMOTE.

FTE: 1.000000

Standard Hours: 40.00

Shift: Flexible 1st shift between 7 am and 5 pm

Shift Details: Holidays: Weekends:

Job Summary:

Healthcare security isn't a compliance checkbox problem - it's a patient safety problem. At Froedtert ThedaCare, the Cybersecurity GRC Manager owns the program that connects our governance posture to real-world risk outcomes for patients, clinicians, and the communities we serve across Wisconsin.

This is a high-visibility, high-autonomy leadership role inside a Cybersecurity & Infrastructure team that operates with strategic intent and operational rigor. You will build and run a team of 5+ GRC professionals, serve as the internal subject matter authority on compliance and risk, and translate complex regulatory requirements into actionable programs that the broader organization can execute against.

If you've built GRC programs from scratch (or rebuilt ones that needed it), know your way around a HIPAA gap analysis and a third-party risk assessment in equal measure, are people-focused, and lead with clarity rather than bureaucracy - this is the role for you

People Leadership

Lead, mentor, and grow a team of 5+ GRC analysts and specialists across compliance, risk, policy, and awareness domains

Establish clear role expectations, development pathways, and performance standards for each team member

Foster a team culture that balances rigor with pragmatism - we care about outcomes, not just documentation

HIPAA & Healthcare Compliance

Serve as the organization's functional lead for HIPAA Privacy and Security Rule compliance, including ongoing gap assessment and remediation tracking

Coordinate with Legal, Privacy, and Clinical Operations to ensure compliance obligations are understood and operationalized across the enterprise

Oversee preparation for and response to regulatory inquiries, OCR investigations, and audit activity

Risk Management & Third-Party Risk

Own the enterprise cybersecurity risk register, ensuring risks are identified, assessed, prioritized, and tracked to resolution

Lead the third-party risk management program, including vendor onboarding assessments, ongoing monitoring, and risk-tiering across the supply chain

Develop risk reporting for executive and board audiences, translating technical risk into business impact language

Policy & Controls Frameworks

Own the cybersecurity policy lifecycle: authorship, review cadence, version control, approval workflows, and exception management

Maintain alignment to NIST CSF, managing control mapping, evidence collection, and control effectiveness measurement

Drive continuous improvement of the controls environment based on assessment findings, threat intelligence inputs, and regulatory changes

Audit & Assessment Management

Serve as the primary point of contact and program lead for internal and external cybersecurity audits and assessments

Coordinate evidence collection, manage stakeholder readiness, and oversee finding remediation tracking through to closure

Develop and maintain audit-ready documentation across all GRC domains

Security Awareness & Phishing Simulation

Own the enterprise security awareness program, including curriculum development, delivery scheduling, and effectiveness measurement

Manage the phishing simulation program end-to-end: scenario design, cadence, metrics, and targeted follow-up training for at-risk populations

Tailor awareness content for diverse audiences - from clinical staff to executive leadership - with a voice that educates rather than shames

EXPERIENCE DESCRIPTION:

A minimum of six year experience in a related field.

Prefer 3+ years leading or managing a team in a GRC, compliance, or risk management capacity

Prefer experience in a healthcare or other highly regulated industry, with direct exposure to HIPAA compliance obligations

Demonstrated experience managing a third-party risk program, including vendor assessments and risk tiering

Prefer prior experience building or significantly maturing a GRC program, not just maintaining one

Prefer experience managing external audits or assessments (SOC 2, HITRUST, OCR, internal audit, etc.)

EDUCATION DESCRIPTION:

A Bachelors degree is required.

Bachelors in Computer Science or similar degree is preferred.

SPECIAL SKILLS DESCRIPTION:

In-depth knowledge of cybersecurity frameworks including but not limited to NIST CF, HITRUST CSF, ISO 27001.

Experience in managing or leading security organizations responsible for GRC, Cybersecurity, Medical Device Security, Security Operations Centers.

Understanding of general security concepts including but not limited to cryptography, DLP, Security Operations Center, Security Managed Services, SEM, FW, Audit.

Demonstrated record of managing third party security services, preferably with the cloud providers.

Experience in Healthcare industry is preferred.

Ability to communicate and represent IT Security organization with all business partners and third party vendors.

Strong oral, presentation, writing skills. and demonstrated record to deliver results.

Ability to build relationships with business stakeholders of the IT Security program

Familiarity with HIPAA Privacy and Security Rules and their operational implications for a large health system

Ability to develop and present executive-level risk reporting that communicates risk in business impact terms

Comfort operating in a matrixed environment with multiple stakeholder groups including Legal, HR, IT, Clinical Operations, and executive leadership

Certifications

Prefer CISSP, CISM, CRISC, HCISPP, or equivalent certification

Prefer Certified in Healthcare Privacy and Security (CHPS) or equivalent

Compensation, Benefits & Perks at Froedtert Health

Pay is expected to be between: (expressed as hourly) $49.15 - $84.07. Final compensation is based on experience and will be discussed with you by the recruiter during the interview process.

Froedtert Health Offers a variety of perks & benefits to staff, depending on your role you may be eligible for the following:

  • Paid time off
  • Growth opportunity- Career Pathways & Career Tuition Assistance, CEU opportunities
  • Academic Partnership with the Medical College of Wisconsin
  • Referral bonuses
  • Retirement plan - 403b
  • Medical, Dental, Vision, Life Insurance, Short & Long Term Disability, Free Workplace Clinics
  • Employee Assistance Programs, Adoption Assistance, Healthy Contributions, Care@Work, Moving Assistance, Discounts on gym memberships, travel and other work life benefits available


The Froedtert & the Medical College of Wisconsin regional health network is a partnership between Froedtert Health and the Medical College of Wisconsin supporting a shared mission of patient care, innovation, medical research and education. Our health network operates eastern Wisconsin's only academic medical center and adult Level I Trauma center engaged in thousands of clinical trials and studies. The Froedtert & MCW health network, which includes ten hospitals, nearly 2,000 physicians and more than 45 health centers and clinics draw patients from throughout the Midwest and the nation.

We are proud to be an Equal Opportunity Employer who values and maintains an environment that attracts, recruits, engages and retains a diverse workforce. We welcome protected veterans to share their priority consideration status with us at 262-439-1961. We maintain a drug-free workplace and perform pre-employment substance abuse testing. During your application and interview process, if you have a need that requires an accommodation, please contact us at 262-439-1961. We will attempt to fulfill all reasonable accommodation requests.

Employment Type: FULL_TIME

Froedtert logo

About Froedtert

Sourced by ZipRecruiter

Froedtert is a world-class healthcare organization based in Milwaukee, WI, United States. The company operates within the healthcare and wellness industry, providing a broad spectrum of medical services to the residents of southeastern Wisconsin and beyond. Froedtert was founded in 1980 and is an academic health network, which ripples an integrated affiliation with the Medical College of Wisconsin. The company prides itself on its cutting-edge treatments, sophisticated technology, and groundbreaking research. Froedtert’s mission is to advance health in the communities they serve, with a profound commitment towards patient care, education, research and community outreach.

Industry

Health care and social assistance

Company size

1,001 - 5,000 Employees

Headquarters location

Milwaukee, WI, US

Year founded

1980