1

Grc Analyst Jobs Jobs (NOW HIRING)

Senior GRC Analyst Morgan & Morgan | Risk & Resilience Program Reports To: Director of Business Continuity Department: Information Security / Risk & Resilience Type: Full-Time The Opportunity Morgan ...

Ease is hiring a GRC Analyst to support our governance, risk, and compliance program as we mature our security posture and expand into new compliance frameworks. This is a hands-on role at the ...

GRC Analyst

Irvine, CA · On-site

$110K - $135K/yr

Ease is hiring a GRC Analyst to support our governance, risk, and compliance program as we mature our security posture and expand into new compliance frameworks. This is a hands-on role at the ...

Sr. GRC Analyst About Subsplash Subsplash is an exciting award-winning team of 280+ mission-driven people who are committed to our core values of humility, innovation, and excellence. Founded in 2005 ...

Sr. GRC Analyst About Subsplash Subsplash is an exciting award-winning team of 280+ mission-driven people who are committed to our core values of humility, innovation, and excellence. Founded in 2005 ...

Senior GRC Analyst

New York, NY · On-site +1

$143K - $165K/yr

We are looking for a Senior GRC Analyst to join our Technical Compliance team to ensure Garner's compliance posture across security frameworks such as ISO 27001, SOC 2, HITRUST, and HIPAA. As a ...

About the Role Merci Technologies is seeking a GRC Analyst to support the governance, risk, and compliance program for one of our enterprise clients. This role sits at the intersection of security ...

Sr. GRC Analyst About Subsplash Subsplash is an exciting award-winning team of 280+ mission-driven people who are committed to our core values of humility, innovation, and excellence. Founded in 2005 ...

Sr. GRC Analyst About Subsplash Subsplash is an exciting award-winning team of 280+ mission-driven people who are committed to our core values of humility, innovation, and excellence. Founded in 2005 ...

Be Seen First

Cyber GRC Analyst

Phoenix, AZ · Remote

$65K - $90K/yr

As a GRC Analyst, you will serve as the primary compliance and governance resource for a major healthcare client in San Diego, leading a multi-year rebuild of their security GRC program from the ...

Sr. GRC Analyst About Subsplash Subsplash is an exciting award-winning team of 280+ mission-driven people who are committed to our core values of humility, innovation, and excellence. Founded in 2005 ...

Sr. GRC Analyst About Subsplash Subsplash is an exciting award-winning team of 280+ mission-driven people who are committed to our core values of humility, innovation, and excellence. Founded in 2005 ...

Sr. GRC Analyst About Subsplash Subsplash is an exciting award-winning team of 280+ mission-driven people who are committed to our core values of humility, innovation, and excellence. Founded in 2005 ...

SaaS - GRC Location: Phoenix, Arizona (3 days a week). Duration: Contract Position Key ... Analyze shared responsibility models and identify security gaps. * Review controls across IAM ...

What You Will Do As an Entry Level GRC Analyst at Hotman Group you will work side by side with senior team members and partners to help our clients strengthen their cybersecurity and compliance ...

The Opportunity We are hiring a Security GRC & Risk Analyst to own the governance, risk, and compliance execution layer across a holding company and portfolio of businesses. This is a build-oriented ...

next page

Showing results 1-20

Grc Analyst Jobs information

See salary details

$36.5K

$97.7K

$228.5K

How much do grc analyst jobs jobs pay per year?

As of Jul 15, 2026, the average yearly pay for grc analyst jobs in the United States is $97,659.00, according to ZipRecruiter salary data. Most workers in this role earn between $55,000.00 and $111,000.00 per year, depending on experience, location, and employer.
Senior GRC Analyst

Full-time

Medical, Dental, Retirement, PTO

Posted 15 days ago


Morgan & Morgan rating

6.7

Company rating: 6.7 out of 10

Based on 49 frontline employees who took The Breakroom Quiz

17th of 19 rated law firms


Job description

At Morgan & Morgan, the work we do matters. For millions of Americans, we're their last line of defense against insurance companies, large corporations or defective goods. From attorneys in all 50 states, to client support staff, creative marketing to operations teams, every member of our firm has a key role to play in the winning fight for consumer rights. Our over 6,000 employees are all united by one mission: For the People.
Senior GRC Analyst
Morgan & Morgan | Risk & Resilience Program
Reports To: Director of Business Continuity
Department: Information Security / Risk & Resilience
Type: Full-Time
The Opportunity
Morgan & Morgan is one of the largest plaintiff law firms in the country - 6,000+ employees, 100+ offices, and a caseload that doesn't wait. The Risk & Resilience program is in full build mode: governance structure is set, the first BIA is complete, and the frameworks are mapped. What's missing is execution capacity.
This is not a maintenance role. You're joining at the ground floor of a GRC program that needs to be built from a standing start - TPRM methodology, policy lifecycle, risk register calibration, awareness program design. You'll own workstreams end-to-end, not coordinate them. You report directly to the Director of Business Continuity, who owns the GRC function and sets program direction.
If you want to inherit a mature program and tune it, this isn't for you. If you want to build one - with real ownership, real scope, and a clear path to being the person who shapes how risk is managed across a national law firm - read on.
What You'll Own
Third-Party Risk Management
  • Build and own the end-to-end TPRM process: risk tiering, assessment criteria, and escalation thresholds - from scratch
  • Lead risk assessments for the firm's highest-exposure vendor relationships: case management, e-discovery, payment processing, and others
  • Bring risk acceptance and remediation recommendations to the Director; own the analysis behind the decision

Policy Lifecycle
  • Run the full policy lifecycle: drafting, review cadence, approval workflows, and firm-wide attestation tracking
  • Write policy content directly - you're not inheriting a library, you're building it, translating framework requirements into language that works for a law firm
  • Identify and close policy gaps against ISO 27001, NIST CSF, and CIS v8.1 before they become audit findings

Risk Management
  • Own the enterprise risk register: methodology, scoring calibration, and quarterly review cadence
  • Lead control testing and gap assessment in Vanta; design remediation plans
  • Spot emerging risk trends and bring recommendations

Security Awareness
  • Assist with the design of the security awareness program strategy: content calendar, phishing simulation progression, targeted training for high-risk roles, and Program Champions
  • Analyze effectiveness data and adjust the program based on results, not just completion rates

Audit & Compliance Readiness
  • Serve as a point of contact for cyber insurance audits, major client security due diligence, and regulatory inquiries
  • Own the audit calendar and evidence readiness posture - you're not responding to requests as they land, you're ahead of them

Reporting & Program Visibility
  • Build and maintain the GRC reporting suite for CIO-level consumption: risk posture snapshots, control testing results, TPRM exposure summaries
  • Identify maturity gaps against framework requirements and bring prioritized roadmap recommendations to the Director

Cross-Program Coordination
  • Interface with the BC/DR and Crisis Management program on control alignment, vendor dependencies surfaced in BIAs, and recovery capability assumptions
  • Coordinate with the Privacy function (in build) on data inventory, state privacy law obligations (FL, CA, NY, and others), and third-party data handling risks
  • Once the GRC Analyst is hired, serve as a working mentor without formal management authority

What We're Looking For
  • 4-6+ years in GRC, IT audit, compliance, or information security
  • Deep hands-on experience in a GRC platform; Vanta strongly preferred
  • Strong working knowledge of ISO 27001, NIST CSF, and CIS v8.1; you've mapped controls across multiple frameworks at the same time
  • ISC2 CC/CCSP or ISACA CRISC/CISA required, or other ISC2 or ISACA related certifications (CISSP, CISM)
  • Direct experience leading external audits or client security due diligence as primary point of contact, including findings negotiation
  • You've designed a security awareness program
  • Comfortable operating independently
  • Bachelor's degree in Information Security, Risk Management, Computer Science, or related field; equivalent experience considered

#LI-MB1
Benefits
Morgan & Morgan is a leading personal injury law firm dedicated to protecting the people, not the powerful. This success starts with our staff. For full-time employees, we offer an excellent benefits package including medical and dental insurance, 401(k) plan, paid time off and paid holidays.
Equal Opportunity Statement
Morgan & Morgan provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.
E-Verify
This employer participates in E-Verify and will provide the federal government with your Form I-9 information to confirm that you are authorized to work in the U.S. If E-Verify cannot confirm that you are authorized to work, this employer is required to give you written instructions and an opportunity to contact Department of Homeland Security (DHS) or Social Security Administration (SSA) so you can begin to resolve the issue before the employer can take any action against you, including terminating your employment. Employers can only use E-Verify once you have accepted a job offer and completed the I-9 Form.
Privacy Policy
Here is a link to Morgan & Morgan's privacy policy.

What Morgan & Morgan employees say

Pay

Benefits

Hours and flexibility

Workplace

Get the full story on Breakroom