ZipRecruiter

Log In

1

Governance Risk Compliance Analyst Jobs (NOW HIRING)

WHOOP

Senior Risk & Compliance Analyst

Boston, MA · On-site

The Senior Risk & Compliance Analyst will support the design and execution of the cyber risk ... plans, and supporting governance and reporting processes. • Translate technical findings ...

next page

Showing results 1-20

People also search for

All JobsGovernance Risk Compliance Analyst Jobs

Governance Risk Compliance Analyst information

See salary details

$15

$40

$65

How much do governance risk compliance analyst jobs pay per hour?

As of May 29, 2026, the average hourly pay for governance risk compliance analyst in the United States is $40.49, according to ZipRecruiter salary data. Most workers in this role earn between $29.81 and $49.28 per hour, depending on experience, location, and employer.

What are the key skills and qualifications needed to thrive as a Governance Risk Compliance Analyst, and why are they important?

To thrive as a Governance Risk Compliance (GRC) Analyst, you need a solid understanding of risk management, regulatory frameworks, and auditing, typically supported by a degree in business, finance, or a related field. Familiarity with GRC software platforms (like RSA Archer or MetricStream), as well as certifications such as CISA or CRISC, are commonly required. Analytical thinking, attention to detail, and excellent communication skills help you navigate complex regulations and collaborate with various stakeholders. These competencies ensure organizations maintain compliance, manage risks effectively, and uphold strong corporate governance.

What are some common challenges faced by Governance Risk Compliance Analysts when implementing new compliance frameworks?

Governance Risk Compliance (GRC) Analysts often encounter challenges such as ensuring organization-wide adoption of new compliance policies, interpreting evolving regulations, and integrating compliance requirements into existing business processes. They must frequently collaborate with multiple departments, which can involve aligning different stakeholders’ priorities and addressing resistance to change. Successfully navigating these challenges requires strong communication skills, the ability to translate complex regulations into practical steps, and a proactive approach to continuous training and awareness.

What does a Governance Risk Compliance (GRC) Analyst do?

A Governance Risk Compliance (GRC) Analyst is responsible for ensuring an organization adheres to regulatory requirements, internal policies, and risk management best practices. They identify potential risks, evaluate the effectiveness of existing controls, and recommend improvements to mitigate risks. GRC Analysts also help develop and maintain compliance frameworks, conduct audits, and provide training to staff on compliance matters. Their work helps protect organizations from legal penalties, reputational damage, and operational disruptions.

What is the difference between Governance Risk Compliance Analyst vs Compliance Analyst?

AspectGovernance Risk Compliance AnalystCompliance Analyst
CertificationsISO 31000, CRISC, CISAISO 37001, CCEP, CIA
Work EnvironmentCorporate, financial, or regulatory settingsVarious industries, including healthcare, finance, and manufacturing
Primary FocusRisk management, governance frameworks, compliance policiesEnsuring adherence to laws, regulations, and standards

The Governance Risk Compliance Analyst primarily focuses on establishing and maintaining risk management and governance frameworks within organizations, while the Compliance Analyst concentrates on ensuring adherence to specific laws and regulations. Both roles require similar certifications and often work in corporate environments, but their core responsibilities differ in scope and focus.

More about Governance Risk Compliance Analyst jobs
What cities are hiring for Governance Risk Compliance Analyst jobs? Cities with the most Governance Risk Compliance Analyst job openings:
What job categories do people searching Governance Risk Compliance Analyst jobs look for? The top searched job categories for Governance Risk Compliance Analyst jobs are:
Governance Risk Compliance Analyst jobs near you

Director, Governance, Risk, & Compliance (GRC)

Resideo

Austin, TX • On-site

Full-time

Posted 15 days ago

Resideo rating

7.7

Company rating: 7.7 out of 10

Based on 12 frontline employees who took The Breakroom Quiz

61st of 137 rated electronics manufacturers

Job description

Job Description
The Director of Governance, Risk & Compliance (GRC) is responsible for building and operating an AI-enabled, modern cybersecurity GRC program that transforms governance from a compliance-focused function into a fast, intelligent, and risk-based engine for the business. Reporting directly to the CISO, this role serves as the architect of a scalable GRC capability that modernizes how cyber risk is identified, measured, prioritized, reported, and acted upon across the enterprise and product portfolio. The Director will leverage data, automation, analytics, and the responsible application of AI to create a single authoritative view of cyber risk, reduce operational friction, accelerate decision-making, and ensure governance operates at the speed and scale of the business. This role partners closely with Security, IT, Product Engineering, Legal, Privacy, Finance, Internal Audit, and executive leadership to embed risk-based governance into how the organization plans, builds, and operates.
This is a transformational role for a builder-someone who can challenge legacy GRC models, simplify complexity, and deliver board-ready insights that clearly articulate business impact, financial exposure, and strategic trade-offs. The Director will create a program that is defensible, measurable, portfolio-driven, and future-ready, enabling enterprise resilience, product innovation, regulatory confidence, and informed risk ownership.
Job Duties
Cybersecurity Governance & Operating Model
  • Define and maintain the enterprise cybersecurity governance framework, including decision rights, escalation paths, and exception handling.
  • Own the cybersecurity policy, standards, and exception lifecycle across enterprise and product environments.
  • Ensure clear ownership and accountability for security controls, compliance obligations, and accepted risks.
  • Serve as a senior advisor to the CISO and executive leadership on governance decisions and material risk trade-offs.

Enterprise, Product & Portfolio Risk Management
  • Own the cybersecurity risk management framework, including risk taxonomy, scoring methodology, appetite, and acceptance thresholds.
  • Maintain the enterprise risk register and an integrated portfolio view of cyber risk across enterprise, product, and third-party domains.
  • Provide leadership with an aggregate, decision-ready risk posture to support prioritization, investment planning, and risk acceptance.
  • Lead risk assessments for enterprise IT, cloud platforms, connected products, and critical suppliers.
  • Ensure risk acceptance decisions are well-documented, time-bound, reviewed, and auditable.

Executive & Board-Level Risk Communication
  • Lead preparation of cybersecurity risk materials for executive leadership, board committees, and full board briefings.
  • Translate technical and operational cyber risk into business impact, financial exposure, and strategic implications.
  • Support the CISO in board-level discussions related to cyber risk posture, trends, and material risk decisions.

Compliance & Regulatory Readiness (Enterprise & Product)
  • Lead enterprise and product cybersecurity compliance programs aligned to regulatory, statutory, and customer requirements.
  • Translate regulatory obligations into pragmatic, enforceable control expectations embedded into business and engineering workflows.
  • Partner with Product Security and Engineering to integrate security-by-design and compliance into product development lifecycles.
  • Monitor emerging regulations and contractual obligations and define readiness roadmaps that minimize disruption to delivery.

Audit, Certification & Assurance
  • Own security audit, customer assurance, and certification readiness across enterprise and product environments.
  • Establish an always-audit-ready operating model with defined control ownership, evidence standards, and testing cadence.
  • Oversee remediation of audit findings and control gaps using durable, sustainable solutions.
  • Provide executive visibility into audit status, findings, trends, and remediation progress.

Third-Party, Supply Chain & Cyber Insurance Support
  • Lead third-party and supply-chain cybersecurity risk governance, including vendor onboarding, assessments, and ongoing oversight.
  • Define risk-based tiering, minimum security requirements, and escalation thresholds for suppliers.
  • Partner with Finance, Legal, and Risk Management to support cyber insurance underwriting, renewals, and claims.
  • Provide risk data, metrics, and control evidence required to support cyber insurance placement and renewal activities.

Metrics, Reporting & Continuous Improvement
  • Define and maintain key risk indicators (KRIs), compliance metrics, and portfolio-level reporting.
  • Use automation, analytics, and AI-enabled capabilities to improve risk signal quality and reduce manual effort.
  • Continuously optimize GRC processes to improve efficiency, decision speed, and risk transparency.

Training, Awareness & Adoption
  • Partner with HR and Security Leadership to reinforce governance and risk expectations through role-based training.
  • Drive consistent adoption of governance practices across IT, engineering, and product organizations.

Scope of Authority
  • Accountable for enterprise and product cybersecurity governance, risk management, compliance, and portfolio reporting.
  • Approves cybersecurity governance frameworks, risk methodologies, and compliance operating models.
  • Escalates material risks, trends, and control gaps to the CISO with clear options and recommendations.

You Must Have
  • 10+ years of experience in cybersecurity governance, risk management, compliance, or assurance.
  • 5+ years leading enterprise-scale GRC programs or teams.
  • Demonstrated experience supporting executive and board-level risk discussions.

We Value
  • Strong executive communication and stakeholder management skills.
  • Professional certifications such as CISSP, CISM, CRISC, or CISA.
  • Experience with modern GRC platforms, automation, analytics, and AI-augmented GRC workflows.
  • Experience applying AI responsibly in areas such as risk assessment, control testing, evidence management, or continuous monitoring.
  • Experience with connected products, cloud platforms, or regulated technology environments.
  • Experience operating in global or multi-jurisdiction organizations.
  • Builder mindset with the ability to modernize and scale GRC capabilities.
  • Business-oriented, risk-based decision-maker with strong judgment and integrity.
  • Comfortable operating with board-level visibility and accountability.
  • Able to influence executives, engineers, and partners with equal credibility.
  • Pragmatic, structured, and execution-focused leadership style.

WHAT'S IN IT FOR YOU
  • Join a team that truly values work life integration and balance where your well being comes first.
  • Grow your career while diving into cutting edge technologies and continuous learning opportunities.
  • Help shape innovative IoT and control solutions that influence the everyday lives of millions.
  • Channel your curiosity and passion for discovery while exploring new possibilities and bringing forward bold use cases that help us pioneer the future.

#LI-MA1
#LI-HYBRID
About Us
Resideo Technologies has announced its intention to spin off ADI Global Distribution and establish it as a separate, publicly traded company. Under this plan, ADI will continue its role as a leading global wholesale distributor serving commercial and residential markets, while Resideo will retain its manufacturing and product-solutions business. Upon separation, both companies will operate independently to better serve their respective markets and customers. The spin-off is currently targeted for completion in the second half of 2026, subject to customary conditions.
Resideo is a $6.76 billion global manufacturer, developer, and distributor of technology-driven sensing and control solutions that help homeowners and businesses stay connected and in control of their comfort, security, energy use, and smart living. We focus on the professional channel, serving over 100,000 contractors, installers, dealers, and integrators across the HVAC, security, fire, electrical, and home comfort markets. Our products are found in more than 150 million residential and commercial spaces worldwide, with tens of millions of new devices sold annually. Trusted brands like Honeywell Home, First Alert, and Resideo power connected living for over 12.8 million customers through our Products & Solutions segment. Our ADI | Snap One segment spans 200+ stocking locations in 17 countries, offering a catalog of over 500,000 products from more than 1,000 manufacturers. With a global team of more than 14,000 employees, we offer the opportunity to make a real impact in a fast-growing, purpose-driven industry. Learn more at www.resideo.com.
At Resideo, we bring together diverse individuals to build the future of homes. Resideo is an equal opportunity employer. Qualified applicants will be considered without regard to age, race, creed, color, national origin, ancestry, marital status, affectional or sexual orientation, gender identity or expression, disability, nationality, sex, religion, or veteran status. For more information on applicable U.S. equal employment regulations, refer to the "EEO is the Law" poster, "EEO is the Law" Supplement Poster and the Pay Transparency Nondiscrimination Provision. Resideo complies with applicable equal employment laws in all countries where we do business. For more information on how we process your information in the job application process, please refer to Recruitment Privacy Notice. If you require a reasonable accommodation to apply for a job, please use Contact Us form for assistance.

What Resideo employees say

Pay

Hours and flexibility

Workplace

Get the full story on Breakroom

Apply