2

Entry Level Governance Risk Compliance Jobs (NOW HIRING)

Governance & Risk Analyst

Chicago, IL · On-site

$85K - $95K/yr

The GRC Analyst will support the organization's Governance, Risk & Compliance function with a primary focus on Third-Party Risk Management (TPRM) and Vendor Risk Assessments (VRA). This role is ...

This role executes governance, risk, and compliance activities aligned with regulatory frameworks and internal policies. Core responsibilities include ensuring operational alignment with frameworks ...

next page

Showing results 1-20

Entry Level Governance Risk Compliance information

Is governance risk and compliance a good career?

Governance, Risk, and Compliance (GRC) is a growing field that offers opportunities in risk management, regulatory adherence, and organizational governance. Entry-level roles often require knowledge of industry standards, compliance frameworks, and analytical skills, making it a stable career choice with potential for advancement in various industries.

What is an entry level governance, risk, and compliance (GRC) role?

An entry level governance, risk, and compliance (GRC) role involves helping organizations ensure they are following laws, regulations, and internal policies. In this position, you may assist with risk assessments, monitor compliance activities, prepare reports, and support audits. Entry level GRC professionals often work under supervision to learn about regulatory frameworks, company procedures, and best practices in risk management. This role is a great starting point for a career in corporate compliance, risk analysis, or internal audit.

How to get into governance risk and compliance?

To enter an entry-level governance, risk, and compliance (GRC) role, candidates typically need a bachelor's degree in fields like business, law, or cybersecurity. Gaining knowledge of regulations, risk management principles, and compliance frameworks such as ISO or GDPR, along with developing skills in auditing and using GRC tools, can improve job prospects. Certifications like CISA or CRISC can also enhance qualifications for these roles.

What are some common challenges faced by entry-level professionals in Governance, Risk, and Compliance (GRC) roles?

Entry-level GRC professionals often encounter challenges such as understanding complex regulatory frameworks and adapting to frequent changes in compliance requirements. They may also need to quickly learn how to analyze risk data and communicate findings to both technical and non-technical stakeholders. Collaborating with various departments—such as IT, legal, and operations—can be challenging at first, but it offers valuable experience in cross-functional teamwork. With time and mentorship, entry-level employees can develop a strong foundation in regulatory research, risk assessment, and policy implementation.

What is the salary of governance risk compliance?

Entry-level Governance, Risk, and Compliance (GRC) analysts typically earn between $50,000 and $70,000 annually, depending on location, industry, and certifications. Salaries can increase with experience, additional skills in compliance frameworks, and relevant certifications like CISA or CRISC.

What are the key skills and qualifications needed to thrive as an Entry Level Governance Risk Compliance professional, and why are they important?

To thrive as an Entry Level Governance Risk Compliance professional, you need a foundational understanding of risk management, internal controls, regulatory frameworks, and typically a bachelor's degree in a related field such as business, finance, or accounting. Familiarity with GRC software platforms (like RSA Archer or SAP GRC), data analysis tools, and relevant certifications (such as CRISC or CISA) can be beneficial. Strong attention to detail, analytical thinking, and effective communication skills help you interpret regulations and collaborate across departments. These competencies are crucial for ensuring organizations meet compliance standards, mitigate risks, and maintain operational integrity.

What is the difference between Entry Level Governance Risk Compliance vs Entry Level Internal Auditor?

AspectEntry Level Governance Risk ComplianceEntry Level Internal Auditor
CertificationsCompliance certifications (e.g., CCEP, CCRO)CPA, CIA (preferred but not always required)
Work EnvironmentCorporate compliance departments, risk management teamsInternal audit departments across various industries
Employer & Industry UsageFinancial services, healthcare, manufacturingFinancial institutions, government agencies, corporations
Search & Comparison IntentUnderstanding compliance roles and career pathsEvaluating internal audit responsibilities and career options

While both roles focus on organizational integrity, Governance Risk Compliance professionals primarily ensure adherence to laws and regulations, managing risks proactively. Internal Auditors evaluate internal controls and processes through audits. Entry Level GRC roles are more compliance and risk management-oriented, whereas Internal Auditors focus on assessing and improving internal controls.

Is GRC an entry level job?

Entry level Governance, Risk, and Compliance (GRC) roles are available and typically require minimal prior experience, focusing on foundational knowledge of compliance standards and risk management processes. These positions often serve as starting points for careers in GRC, with opportunities to develop skills in tools like audit software and certifications such as CISA or CRISC. Advancement usually involves gaining experience and additional certifications.
More about Entry Level Governance Risk Compliance jobs
What cities are hiring for Entry Level Governance Risk Compliance jobs? Cities with the most Entry Level Governance Risk Compliance job openings:
What are the most commonly searched types of Governance Risk Compliance jobs? The most popular types of Governance Risk Compliance jobs are:
What states have the most Entry Level Governance Risk Compliance jobs? States with the most job openings for Entry Level Governance Risk Compliance jobs include:
Infographic showing various Entry Level Governance Risk Compliance job openings in the United States as of June 2026, with employment types broken down into 3% As Needed, 70% Full Time, 23% Part Time, 1% Temporary, 2% Contract, and 1% Nights. Highlights an 94% Physical, 2% Hybrid, and 4% Remote job distribution.
Governance Risk & Compliance (GRC) Analyst

Governance Risk & Compliance (GRC) Analyst

Judge Group, Inc.

Lakewood, CO • On-site

$50 - $70/hr

Other

Posted 6 days ago


Job description

Location: Lakewood, CO Salary: $50.00 USD Hourly - $70.00 USD Hourly Description: Title: Governance Risk & Compliance (GRC) Analyst
Location: Lakewood, CO
Remote: No, Hybrid OK
Convert to Perm: Yes
Full Time Salary After Conversion: 120-130K
Contact: Brian Merin; ;
Main focus for this position is Security Audits to prepare for ISO 27001 Certification
Remote candidate are good if in Denver need to be onsite Tuesday through Thursday
Current Software being used is BitSite
Soft Skills:
Strong Communication skills as they will be interacting with PP from around the globe
ability to take after hours meeting again due to Global team
Team make up
1 in Belgum
1 in Japan
2 in US ( looking to add two more this year
1 Europe
Governance Risk & Compliance (GRC) Analyst
JOB DESCRIPTION:
The GRC Analyst is a member of the Governance, Risk & Compliance function within the Global Information Security Office and supports the implementation of company-wide security governance, risk management, and compliance programs. Under the direction of the GRC Functional Leader, the analyst contributes to policy development, risk oversight, and continuous improvement of the organization's security posture. The role also works closely with regional Information Security Officers (ISOs) and cross-functional teams to support the deployment of global standards and local regulatory requirements.
ESSENTIAL DUTIES:
Company-wide risk assessment and audit response: Support information security risk assessments for new projects, systems, and business processes. Assist in conducting internal control reviews (e.g., J-SOX), preparing audit materials, and coordinating responses to internal and external auditors. Track and follow up on remediation actions to ensure timely closure of identified risks.
Policy Development and Management: Contribute to drafting, updating, and maintaining global information security policies, standards, and procedures. Review relevant laws, regulations, and industry frameworks (e.g., ISO 27001, NIS2) and incorporate stakeholder feedback into documentation. Support the rollout and implementation of policies across regions.
Maintain compliance and certification: Monitor adherence to security and regulatory requirements, including ISO 27001, NIS2, and GDPR. Collect and organize compliance evidence, track corrective actions, and support certification and regulatory readiness efforts such as ISO 27001/42001 and NIS2 programs.
Supplier Risk Management: Conduct third-party security risk assessments by distributing questionnaires, analyzing responses, verifying controls, and documenting results in the GRC tracking systems. Identify and escalate high-risk findings to the GRC Functional Leader and support follow-up mitigation activities.
Security Awareness and Training: Participate in the planning and implementation of security awareness programs for all Terumo associates. Specifically, help to improve the security literacy of associates by creating e-learning materials and training materials, conducting phishing email exercises, and distributing disseminated content on internal portals. The GRC Analyst will help foster a culture in line with the company-wide security strategy promoted by the GRC functional leader.
Cybersecurity Regulatory Monitoring (Industrial Systems, IT Systems, and Critical Infrastructure): Monitor and analyze global regulatory developments related to cybersecurity with a focus on industrial control systems (ICS), IT environments, and critical infrastructure. Assist in evaluating how new or updated regulations (e.g., NIS2, FDA cybersecurity expectations, industrial cybersecurity standards, or country-specific critical infrastructure laws) impact company operations. Track emerging obligations, document requirements, and support gap assessments to ensure timely compliance.
CISO Dashboard: Assist in the preparation, maintenance, and continuous improvement of the CISO Dashboard by collecting, validating, and analyzing security metrics across the Global GRC function. Compile key performance indicators (KPIs) and key risk indicators (KRIs) related to compliance status, audit findings, supplier risk, incident trends, training completion, regulatory readiness, and other relevant security domains. Support the visualization and communication of security posture to senior leadership by ensuring data accuracy, timely updates, and clarity in reporting, enabling informed decision-making across the cybersecurity program.
AI Security Oversight: Support the development and enforcement of governance controls for the secure use of artificial intelligence technologies across the organization. Assist in identifying risks related to AI systems-such as model security, algorithmic integrity, and misuse-and contribute to risk assessments and mitigation plans. The GRC Analyst will also help evaluate third-party AI tools.
OTHER DUTIES AND RESPONSIBILITIES
  • Support the development and improvement of GRC processes, tools, and documentation to enhance operational efficiency and standardization.
  • Assist in preparing reports, presentations, and materials for leadership reviews, steering committees, and cross-functional meetings.
  • Participate in internal security projects and initiatives, including process automation, metrics development, and enhancements to governance workflows.
  • Provide coordination and administrative support for security committees, working groups, and regional GRC activities.
  • Perform additional duties as assigned to support the Global Information Security Office and the broader GRC program.

REQUIRED SKILLS AND QUALIFICATIONS:
Knowledge of Security Policies, Standards, and Regulations: Understanding of global and regional information security regulations (e.g., data protection laws, cybersecurity requirements) and familiarity with security frameworks such as ISO 27001. Knowledge of internal control frameworks (e.g., J-SOX) and IT governance practices is highly desirable. Experience supporting audit activities is preferred.
Risk Management and Audit: Experience with risk assessment methodologies, control evaluation, and vulnerability or issue management processes. Strong analytical and problem-solving skills, with the ability to identify risks, assess impacts, and support the development and tracking of corrective actions.
Communication and Collaboration: Ability to communicate security requirements, policies, and audit findings clearly and persuasively with stakeholders across regions and business units. Strong coordination skills to build consensus and drive compliance.
Professional Certifications (Preferred): Industry certifications such as CISSP, CISA, CISM, ISO 27001 Lead Implementer/Auditor, or similar are preferred but not required.
PREFERRED SKILLS
  • Experience with GRC Platforms:
    Familiarity with governance, risk, and compliance tools (e.g., BitSight, Drata, OneTrust, Archer, or similar) for managing risks, audits, and compliance workflows.
  • Understanding of Technical Security Domains:
    Working knowledge of cybersecurity concepts such as identity and access management, endpoint protection, vulnerability management, cloud security, and secure system design.
  • Project Coordination Skills:
    Experience supporting cross-functional security or compliance initiatives, including requirements gathering, documentation, and progress tracking.
  • Analytical and Data Skills:
    Ability to interpret risk metrics, compliance data, and audit results. Experience with dashboards, KPI/KRI reporting, or data visualization tools is a plus.
  • Regulatory Awareness:
    Awareness of emerging cybersecurity regulations (e.g., NIS2, AI governance frameworks, critical infrastructure rules) and their potential impact on enterprise operations.
  • Cross-Cultural Collaboration:
    Comfort working with global teams across different regions, time zones, and cultural contexts.

EDUCATION AND EXPERIENCE
  • Education:
    Bachelor's degree in information security, Cybersecurity, Information Systems, Computer Science, or a related field; or equivalent professional experience.
  • Experience:
    3 to 5+ years of experience in information security, governance, risk management, compliance, IT audit, or a related discipline. Experience supporting security programs in global or regulated environments is a plus.

By providing your phone number, you consent to: (1) receive automated text messages and calls from the Judge Group, Inc. and its affiliates (collectively "Judge") to such phone number regarding job opportunities, your job application, and for other related purposes. Message & data rates apply and message frequency may vary. Consistent with Judge's Privacy Policy, information obtained from your consent will not be shared with third parties for marketing/promotional purposes. Reply STOP to opt out of receiving telephone calls and text messages from Judge and HELP for help.
Contact:
This job and many more are available through The Judge Group. Please apply with us today!