2

Entrylevel Governance Risk Compliance Jobs (NOW HIRING)

next page

Showing results 1-20

Entrylevel Governance Risk Compliance information

What is the difference between Entrylevel Governance Risk Compliance vs Entrylevel Internal Auditor?

AspectEntrylevel Governance Risk ComplianceEntrylevel Internal Auditor
CertificationsISO 31000, CCPA, GDPR awarenessCPA, CIA, CISA
Work EnvironmentCorporate compliance departments, risk management teamsInternal audit departments, consulting firms
Employer & Industry UsageFinancial, healthcare, manufacturingFinancial services, government, consulting

While both roles focus on organizational integrity, Entrylevel Governance Risk Compliance professionals primarily ensure adherence to regulations and manage risks, whereas Entrylevel Internal Auditors evaluate internal controls and financial accuracy. The GRC role emphasizes compliance frameworks and risk mitigation, while Internal Auditors focus on audit processes and financial integrity.

More about Entrylevel Governance Risk Compliance jobs
What cities are hiring for Entrylevel Governance Risk Compliance jobs? Cities with the most Entrylevel Governance Risk Compliance job openings:
What states have the most Entrylevel Governance Risk Compliance jobs? States with the most job openings for Entrylevel Governance Risk Compliance jobs include:
Infographic showing various Entrylevel Governance Risk Compliance job openings in the United States as of July 2026, with employment types broken down into 67% Full Time, and 33% Contract. Highlights an 33% In-person, 34% Hybrid, and 33% Remote job distribution.
Information Security - Risk & Compliance Analyst

Information Security - Risk & Compliance Analyst

Victaulic

Easton, PA • Hybrid

Full-time

Re-posted 4 days ago


Victaulic rating

7.1

Company rating: 7.1 out of 10

Based on 34 frontline employees who took The Breakroom Quiz

372nd of 528 rated manufacturers


Job description

Job Description

The Security Risk & Compliance Analyst supports the organizations global information security program by assisting in the identification, assessment, and management of information security risks and compliance demands across Victaulic's entire organization. This position plays an integral role in ensuring the company meets its obligations under domestic and international regulatory frameworks, including but not limited to, NIST CSF, ISO27001, CMMC and the EU's NIS2 Directive. The analyst will work closely with internal stakeholders, external auditors, and third-party vendors to support a culture of security awareness and continuous compliance improvement.

The ideal candidate for this role will have knowledge of, if not actual experience, in the processes of obtaining and maintaining compliance with security frameworks as well as an understanding of industry standard Information Technology auditing.

Responsibilities

Risk Assessment & Management

Assist in conducting information security risk assessments across business units, systems, and processes in accordance with established methodologies.

Document risk findings, assign risk ratings, and track remediation activities through the risk register.

Support the development and maintenance of risk treatment plans in coordination with system owners and IT teams.

Participate in annual and ad hoc enterprise risk reviews, contributing analysis and supporting materials.

Compliance & Framework Management

Support compliance activities related to NIST Cybersecurity Framework (CSF), ISO/IEC 27001, CMMC (Cybersecurity Maturity Model Certification), and the EU NIS2 Directive.

Conduct gap analyses against applicable frameworks and assist in developing remediation roadmaps.

Maintain compliance documentation, including policies, procedures, control evidence, and assessment reports.

Monitor regulatory changes and emerging framework updates; summarize implications for the security program.

Third-Party & Audit Management

Coordinate and support third-party security audits and assessments, including scheduling, evidence collection, and stakeholder communication.

Assist in managing vendor risk assessments for new and existing third-party vendors and suppliers.

Track audit findings and corrective action plans, ensuring timely remediation and closure.

Serve as a liaison between internal teams and external auditors during certification audits.

Policy, Documentation & Awareness

Assist in drafting, reviewing, and updating information security policies, standards, and procedures.

Support the delivery of security awareness training and phishing simulation programs.

Maintain organized records of all compliance and risk management activities in the Governance, Risk & Compliance platform.

Collaboration & Reporting

Collaborate with IT, Legal, Operations, and other business functions to integrate security requirements into business processes.

Prepare regular status reports and metrics dashboards for management review.

Contribute to the continuous improvement of the information security program by identifying process gaps and recommending enhancements.

Qualifications

Technical Experience

Foundational understanding of information security principles, including confidentiality, integrity, and availability (CIA).

Basic understanding of risk assessment methodologies and risk management concepts.

Familiarity with third-party risk management and audit processes.

Strong analytical and problem-solving skills with attention to detail.

Capacity to understand legacy and progressive technology and security controls along with respective risk.

Working knowledge of technologies such as cloud computing, DevOps, and application security is required.

General Requirements

Analytical Thinking - applies structured reasoning to evaluate risk and compliance data objectively

Integrity & Accountability - Handles sensitive security information with discretion and professionalism.

Communication - Clearly translates security requirements and findings for varied audiences across the organization

Continuous Learning - Proactively keeps pace with evolving security frameworks, threats, and regulatory requirements

Collaboration - Builds effective working relationships across IT, operations, and business functions globablly

Detail Orientation - Produces thorough, accurate documentation and maintains meticulous records of compliance activities

Education & Certifications

0 - 2 years' experience in information security, IT audit, risk management, or a related field.

Bachelor's degree, cybersecurity certification, or equivalent experience in an information security or related field.

A minimum of an entry-level certification such as the CompTIA Security+ certification

Additional Risk & Compliance certification(s), such as CISA, a plus

Work Environment & Physical Requirements

This position is primarily office-based with hybrid flexibility. The role may require occasional visits to manufacturing facilities domestically and internationally. Ability to work across global time zones may be required for coordination with European and Asian teams.

Victaulic is an Equal Employment Opportunity (EOE/M/F/Vets/Disabled) employer and welcomes all qualified applicants. Applicants will receive fair and impartial consideration without regard to race, gender, color, religion, national origin, age, disability, veteran status, sexual orientation, genetic data, or other legally protected status. (Background checks may be required as part of our pre-employment process).


What Victaulic employees say

Pay

Benefits

Hours and flexibility

Workplace

Get the full story on Breakroom