We are evolving our compliance program to move at the speed of our business, and we need a ... Work closely with the Governance and Risk teams to ensure the CCF, risk management program, and ...
We are evolving our compliance program to move at the speed of our business, and we need a ... Work closely with the Governance and Risk teams to ensure the CCF, risk management program, and ...
Staff Cybersecurity Analyst
Seattle, WA · On-site
You apply deep expertise across governance, risk management, compliance, threat intelligence, and operational security to analyze sophisticated risks, anticipate emerging threats, and design ...
Staff Cybersecurity Analyst
Seattle, WA · On-site
You apply deep expertise across governance, risk management, compliance, threat intelligence, and operational security to analyze sophisticated risks, anticipate emerging threats, and design ...
Do you have an understanding of sanctions regulations and experience identifying company-wide risk ... Amazon is seeking an experienced Compliance Program Manager with a proven track record of ...
Do you have an understanding of sanctions regulations and experience identifying company-wide risk ... Amazon is seeking an experienced Compliance Program Manager with a proven track record of ...
Staff Cybersecurity Analyst
Seattle, WA · On-site
You apply deep expertise across governance, risk management, compliance, threat intelligence, and operational security to analyze sophisticated risks, anticipate emerging threats, and design ...
Staff Cybersecurity Analyst
Seattle, WA · On-site
You apply deep expertise across governance, risk management, compliance, threat intelligence, and operational security to analyze sophisticated risks, anticipate emerging threats, and design ...
Do you have an understanding of sanctions regulations and experience identifying company-wide risk ... Amazon is seeking an experienced Compliance Program Manager with a proven track record of ...
Do you have an understanding of sanctions regulations and experience identifying company-wide risk ... Amazon is seeking an experienced Compliance Program Manager with a proven track record of ...
You apply deep expertise across governance, risk management, compliance, threat intelligence, and operational security to analyze sophisticated risks, anticipate emerging threats, and design ...
You apply deep expertise across governance, risk management, compliance, threat intelligence, and operational security to analyze sophisticated risks, anticipate emerging threats, and design ...
Do you have an understanding of sanctions regulations and experience identifying company-wide risk ... Amazon is seeking an experienced Compliance Program Manager with a proven track record of ...
Do you have an understanding of sanctions regulations and experience identifying company-wide risk ... Amazon is seeking an experienced Compliance Program Manager with a proven track record of ...
Do you have an understanding of sanctions regulations and experience identifying company-wide risk ... Amazon is seeking an experienced Compliance Program Manager with a proven track record of ...
Do you have an understanding of sanctions regulations and experience identifying company-wide risk ... Amazon is seeking an experienced Compliance Program Manager with a proven track record of ...
Do you have an understanding of sanctions regulations and experience identifying company-wide risk ... Amazon is seeking an experienced Compliance Program Manager with a proven track record of ...
Do you have an understanding of sanctions regulations and experience identifying company-wide risk ... Amazon is seeking an experienced Compliance Program Manager with a proven track record of ...
Through these efforts, the manager strengthens financial governance while equipping campus ... Advance UCO's deficitmonitoringprogram, implementing enhanced review protocols and risk indicators ...
Through these efforts, the manager strengthens financial governance while equipping campus ... Advance UCO's deficitmonitoringprogram, implementing enhanced review protocols and risk indicators ...
Do you have an understanding of sanctions regulations and experience identifying company-wide risk ... Amazon is seeking an experienced Compliance Program Manager with a proven track record of ...
Do you have an understanding of sanctions regulations and experience identifying company-wide risk ... Amazon is seeking an experienced Compliance Program Manager with a proven track record of ...
... Product Manager, AI Governance & Supply Chain Integration Risk to lead product strategy and ... In compliance with federal law, all persons hired will be required to submit satisfactory proof of ...
Quick apply
... Product Manager, AI Governance & Supply Chain Integration Risk to lead product strategy and ... In compliance with federal law, all persons hired will be required to submit satisfactory proof of ...
Cyber Strategy, Risk & Compliance - AI Engineering for Cybersecurity - Senior Manager
Seattle, WA · On-site
$124K - $280K/yr
... Manager & Summary At PwC, our people in risk and compliance focus on maintaining regulatory ... risk governance frameworks - Develop thorough business risk scenarios and create AI-powered cyber ...
Cyber Strategy, Risk & Compliance - AI Engineering for Cybersecurity - Senior Manager
Seattle, WA · On-site
$124K - $280K/yr
... Manager & Summary At PwC, our people in risk and compliance focus on maintaining regulatory ... risk governance frameworks - Develop thorough business risk scenarios and create AI-powered cyber ...
Regulatory Compliance Manager
Snoqualmie, WA · On-site
$130K - $150K/yr
The Regulatory Compliance Manager is responsible for leading Spacelabs post-market surveillance ... Facilitate Health Hazard Evaluations (HHEs) to drive risk-based decision making on product safety ...
Regulatory Compliance Manager
Snoqualmie, WA · On-site
$130K - $150K/yr
The Regulatory Compliance Manager is responsible for leading Spacelabs post-market surveillance ... Facilitate Health Hazard Evaluations (HHEs) to drive risk-based decision making on product safety ...
Program Manager 2, Compliance (Seattle, Washington)
Seattle, WA · On-site
$93K - $155K/yr
Develop and maintain standard operating procedures, governance frameworks, and program processes ... and reduce risk. * Maintain organized documentation and knowledge management-capturing ...
Program Manager 2, Compliance (Seattle, Washington)
Seattle, WA · On-site
$93K - $155K/yr
Develop and maintain standard operating procedures, governance frameworks, and program processes ... and reduce risk. * Maintain organized documentation and knowledge management-capturing ...
Develop and maintain standard operating procedures, governance frameworks, and program processes ... and reduce risk. * Maintain organized documentation and knowledge management-capturing ...
Develop and maintain standard operating procedures, governance frameworks, and program processes ... and reduce risk. * Maintain organized documentation and knowledge management-capturing ...
Staff Cybersecurity Analyst
Seattle, WA · On-site
$70K - $93K/yr
Responsibilities : • Define, refine, and operationalize organization-wide security frameworks, standards, and methodologies across governance, risk assessment, compliance, and incident management ...
Staff Cybersecurity Analyst
Seattle, WA · On-site
$70K - $93K/yr
Responsibilities : • Define, refine, and operationalize organization-wide security frameworks, standards, and methodologies across governance, risk assessment, compliance, and incident management ...
Listing Governance Product Compliance Project Intern (TikTok Shop - Operations) - 2026 Start (BS/MS)
Seattle, WA · On-site
$23.75/hr
Responsibilities: - Support product risk assessments for new categories, products, features, and ... and manage multiple priorities in a fast-paced environment. - Good judgment, attention to detail ...
Listing Governance Product Compliance Project Intern (TikTok Shop - Operations) - 2026 Start (BS/MS)
Seattle, WA · On-site
$23.75/hr
Responsibilities: - Support product risk assessments for new categories, products, features, and ... and manage multiple priorities in a fast-paced environment. - Good judgment, attention to detail ...
Partner with compliance, risk, audit, and engineering leaders to ensure governance capabilities ... Define and lead the change management process for new and modified controls * Determinethe roadmap ...
Partner with compliance, risk, audit, and engineering leaders to ensure governance capabilities ... Define and lead the change management process for new and modified controls * Determinethe roadmap ...
Key job responsibilities - Design and drive scalable processes within a GRC (Governance, Risk, and ... manage cross-functional GRC requirements to translate them into GRC tool; and - Be comfortable with ...
Key job responsibilities - Design and drive scalable processes within a GRC (Governance, Risk, and ... manage cross-functional GRC requirements to translate them into GRC tool; and - Be comfortable with ...
Governance Risk Compliance Manager information
See Renton, WA salary details
$43.3K - $55.4K
3% of jobs
$55.4K - $67.5K
9% of jobs
$77.6K is the 25th percentile. Wages below this are outliers.
$67.5K - $79.7K
16% of jobs
$79.7K - $91.8K
18% of jobs
The median wage is $95.8K / yr.
$91.8K - $103.9K
13% of jobs
$103.9K - $116K
12% of jobs
$123.8K is the 75th percentile. Wages above this are outliers.
$116K - $128.1K
7% of jobs
$128.1K - $140.2K
5% of jobs
$140.2K - $152.4K
9% of jobs
$152.4K - $164.5K
4% of jobs
$164.5K - $176.6K
4% of jobs
$43.3K
$107K
$176.6K
How much do governance risk compliance manager jobs pay per year?
How does a Governance Risk Compliance (GRC) Manager typically collaborate with other departments to ensure effective risk management?
What is the salary of governance risk compliance?
Is governance risk and compliance a good career?
What does a governance and risk manager do?
What is the difference between Governance Risk Compliance Manager vs Compliance Analyst?
| Aspect | Governance Risk Compliance Manager | Compliance Analyst |
|---|---|---|
| Certifications | ISO 31000, CRISC, CISA | CCA, CCEP, or similar |
| Work Environment | Strategic, managerial, policy-focused | Operational, detail-oriented, audit-focused |
| Employer & Industry Usage | Financial, healthcare, corporate sectors | Regulatory agencies, corporations, consulting firms |
| Search & Comparison Intent | Understanding managerial roles in governance and risk | Detailing compliance procedures and analysis |
The Governance Risk Compliance Manager oversees organizational policies, risk management strategies, and compliance frameworks at a strategic level. In contrast, the Compliance Analyst focuses on implementing and monitoring compliance procedures, conducting audits, and ensuring adherence to regulations. Both roles require relevant certifications and are vital in maintaining organizational integrity, but they differ in scope and responsibilities.
What does a Governance Risk Compliance (GRC) Manager do?
What are the key skills and qualifications needed to thrive as a Governance Risk Compliance Manager, and why are they important?
Is GRC an entry level job?
Senior Compliance Analyst - Continuous Compliance Framework (Hybrid - Seattle)
Seattle, WA • On-site
Full-time
Medical, Dental, Vision, Life, Retirement, PTO
Re-posted 13 days ago
Nordstrom rating
6.8
Based on 423 frontline employees who took The Breakroom Quiz
4th of 21 rated department stores
Job description
If you're a compliance pro who thrives on building scalable, tech-enabled frameworks and wants to be at the forefront of AI-assisted testing and automation, we want to meet you. We are evolving our compliance program to move at the speed of our business, and we need a strategic lead to take the wheel.
Forget the traditional "box-checking" mentality. This role is for a compliance professional who thrives on building scalable, tech-enabled frameworks and wants to be at the forefront of AI-assisted testing and automation. Join the Governance, Risk, and Compliance (GRC) team as a Senior Analyst on the Compliance Assessment team. In this role, you will lead the transformation and maturation of our existing Continuous Compliance Framework (CCF)-tailoring controls to our organization, acting as the functional lead for the CCF module in our GRC tool, and collaborating across the business to define the parameters that keep us secure.
A critical aspect of this role is cross-functional collaboration with the Governance and Risk teams to ensure the CCF, risk management, and governance programs are integrated and mutually reinforcing. You will also support our audits and assessments such as PCI, contributing to the team's broader compliance posture.
A Day in the Life...
Continuous Compliance Framework (CCF) Transformation
- Lead the transformation and ongoing maturation of the CCF, including updating and tailoring controls to reflect the current organizational environment, risk profile, and regulatory landscape.
- Configure and manage the CCF program module within Nordstrom's GRC tool, ensuring accurate representation of controls, testing schedules, evidence requirements, and ownership assignments.
- Collaborate with stakeholders across business and technology teams to define control language, testing frequency, and implementation guidance that is practical and aligned with operational realities.
- Document RACI models for all controls within the CCF, establishing clear ownership and accountability across teams.
- Design and implement KPIs and KRIs for the CCF and broader compliance program, enabling data-driven reporting on compliance health and risk exposure
GRC Program Integration
- Work closely with the Governance and Risk teams to ensure the CCF, risk management program, and governance program are integrated, with aligned control sets, shared evidence, and coordinated reporting.
- Identify opportunities to harmonize compliance controls with risk appetite and governance structures, reducing duplication and improving program efficiency.
- Participate in cross-GRC planning sessions to align timelines, control mappings, and stakeholder engagement strategies across all three programs.
- Support the development and communication of a unified GRC narrative for leadership, translating program health across risk, governance, and compliance into cohesive insights.
Compliance Assessment & Methodology
- Partner with Security Engineers to design AI-driven testing and automated evidence collection features within the GRC tool; the Senior Analyst provides functional requirements while Engineers lead technical builds.
- Serve as a subject matter partner to the PCI program owner to ensure CCF controls satisfy PCI DSS requirements and support the annual PCI assessment process.
- Design and implement enterprise compliance assessment methodologies that integrate multiple regulatory domains (e.g., NIST, CIS, SOX, HIPAA, CCPA).
- Develop operational standards and quality criteria for compliance processes, ensuring consistency and effectiveness across the organization.
- Serve as a subject matter resource for control testing approaches, evidence collection, and documentation quality
Stakeholder Engagement
- Engage cross-functional stakeholders to gather input on control design, testing feasibility, and ownership, building lasting partnerships that embed compliance into the technology ecosystem.
- Lead workshops and working sessions with stakeholders to define control requirements, discuss testing approaches, and align on program direction.
- Serve as a liaison with internal and external auditors as needed, representing the organization's compliance posture and program maturity.
- Align CCF activities with strategic business and security objectives by participating in medium-term planning (6-18 months) and ensuring compliance initiatives support organizational goals.
- Contribute to the strategic vision and roadmap for the Compliance Assessment team, developing reusable, scalable solutions that enhance program efficiency and support organizational growth.
- Coordinate cross-functional compliance initiatives to ensure comprehensive regulatory coverage and consistent execution.
You Own This If You Have...
Required Qualifications
Experience:
- 4-6 years of regulatory compliance experience with demonstrated ownership of cross-functional compliance initiatives.
- Direct experience building and managing Continuous Compliance Framework (CCF) or Common Control Framework programs.
- Hands-on experience configuring compliance programs within GRC tools and platforms.
- Experience working with stakeholders to define control language, RACI, and testing cadence.
- Demonstrated experience developing KPIs and KRIs for compliance programs.
- Familiarity with PCI DSS sufficient to support assessments and control testing activities.
- Experience partnering with engineering or security teams to implement automated or AI-assisted control testing.
- Proven ability to align compliance operations with strategic business objectives.
Education:
- Bachelor's or Master's degree in Information Technology, Computer Science, Cybersecurity, or related field, or equivalent work experience.
Technical Knowledge:
- Deep knowledge about multiple regulatory frameworks (CIS, NIST, SOX, HIPAA, CCPA, PCI DSS v4.x) and their control implications.
- Experience testing technical controls and documenting evidence to support audits.
- Understanding of enterprise compliance architecture and integrated control frameworks.
- Familiarity with GRC tool configuration and workflow design.
- Knowledge of AI/automation tools applicable to compliance testing and evidence collection.
Skills:
- Strong control framework design and documentation capabilities.
- Excellent stakeholder engagement and facilitation skills; able to drive consensus across technical and non-technical audiences.
- Ability to develop and communicate KPIs/KRIs and compliance metrics to leadership.
- Strong written and verbal communication skills, including experience presenting to senior leadership.
- Self-directed and results-oriented; able to operate with autonomy, manage competing priorities, and drive programs to completion.
- Collaborative mindset with the ability to work effectively across the GRC triad (risk, governance, compliance).
Preferred Qualifications
Certifications:
- Professional certifications preferred: CISA, CRISC, CIPP, CIPM, or equivalent.
- PCI ISA, QSA, or other PCI-related certifications a plus.
Additional Experience:
- Experience with GRC platform implementation and administration.
- Background in regulatory consulting or internal/external audit.
- Experience leading enterprise-wide compliance transformation initiatives.
- Proficiency in compliance automation, scripting, or security tooling.
- Familiarity with AI/ML-assisted compliance or security monitoring tools.
Pay Range Details
The pay range(s) below has been provided in compliance with state specific laws. Pay ranges may be different for other locations.
Pay offers are dependent on the location, as well as job-related knowledge, skills, and experience.
$142,000.00 - $220,500.00 Annual
We've got you covered...
Our employees are our most important asset and that's reflected in our benefits. Nordstrom is proud to offer a variety of benefits to support employees and their families, including:
- Medical/Vision, Dental, Retirement and Paid Time Away
- Life Insurance and Disability
- Merchandise Discount and EAP Resources
This position may be eligible for performance-based incentives/bonuses. Benefits include 401k, medical/vision/dental/life/disability insurance options, PTO accruals, Holidays, and more. Eligibility requirements may apply based on location, job level, classification, and length of employment. Learn more in the Nordstrom Benefits Overview by copying and pasting the following URL into your browser: https://careers.nordstrom.com/pdfs/Ben_Overview_17-19.pdf
A few more important points...
The job posting highlights the most critical responsibilities and requirements of the job. It's not all-inclusive. There may be additional duties, responsibilities and qualifications for this job.
For Los Angeles or San Francisco applicants: Nordstrom is required to inform you that we conduct background checks after conditional offer and consider qualified applicants with criminal histories in a manner consistent with legal requirements per Los Angeles, Cal. Muni. Code 189.04 and the San Francisco Fair Chance Ordinance. For additional state and location specific notices, please refer to the Legal Notices document within the FAQ section of the Nordstrom Careers site.
Applicants with disabilities who require assistance or accommodation should contact the nearest Nordstrom location, which can be identified at www.nordstrom.com.
Please be mindful that there may be legal notices and requirements related to this job posting that are specific to your state. Review the Career Site FAQ's for relevant information and guidelines.
Current Nordstrom employees: To apply, log into Workday, click the Careers button and then click Find Jobs.
Nordstrom keeps job postings open for at least one day after the posting date.
© 2026 Nordstrom, Inc
What Nordstrom employees say
Pay
Benefits
Hours and flexibility
Workplace
Get the full story on Breakroom