ZipRecruiter

Log In

1

Grc Contract Jobs (NOW HIRING)

smart folks inc

GRC Analyst

Phoenix, AZ · On-site

SaaS - GRC Location: Phoenix, Arizona (3 days a week ... Duration: Contract Position Key Responsibilities * Perform security assessments of SaaS and ...

Apex Systems

Lead IT GRC

New Orleans, LA · On-site

IT GRC Lead Rate: commensurate on experience however conversion will around 120-125k plus bonus potential Duration: 12 month contract to hire Location: onsite in either New Orleans or Gulfport ...

Hotman Group

Experienced or Senior GRC Analyst

Fort Worth, TX · Remote

$84.30K - $111.70K/yr

This is a full-time, remote, contract-to-hire position. Top performers move into permanent roles within 6 months. What You Will Do As an Experienced or Senior GRC Analyst at Hotman Group you will ...

next page

Showing results 1-20

People also search for

All JobsGrc Contract Jobs

Grc Contract information

See salary details

$48

$69

$81

How much do grc contract jobs pay per hour?

As of May 30, 2026, the average hourly pay for grc contract in the United States is $69.97, according to ZipRecruiter salary data. Most workers in this role earn between $67.31 and $76.92 per hour, depending on experience, location, and employer.

What are the key skills and qualifications needed to thrive as a GRC (Governance, Risk, and Compliance) Contract Specialist, and why are they important?

To thrive as a GRC Contract Specialist, you need a solid understanding of risk management, regulatory compliance, and contract law, often supported by a relevant degree or certification like CCEP or CRISC. Familiarity with GRC platforms (such as RSA Archer or ServiceNow), contract management systems, and regulatory databases is typically required. Exceptional attention to detail, analytical thinking, and strong negotiation and communication skills help you excel in this role. These capabilities ensure that organizations effectively manage risks, remain compliant with regulations, and protect their interests in contractual agreements.

What are the typical challenges faced by professionals working in GRC contract roles, and how can they effectively manage these challenges?

Professionals in GRC (Governance, Risk, and Compliance) contract roles often face challenges such as quickly adapting to new organizational cultures, understanding unique regulatory requirements, and managing tight deadlines for audits or compliance projects. Since contract roles may require rapid onboarding, it's important to proactively communicate with key stakeholders, leverage available documentation, and prioritize tasks based on risk and compliance impact. Building strong relationships with internal teams and maintaining up-to-date knowledge of relevant regulations can help contract professionals deliver value efficiently and mitigate potential compliance gaps.

What are GRC contracts?

GRC contracts refer to agreements that govern the implementation and management of Governance, Risk, and Compliance (GRC) frameworks within an organization. These contracts outline responsibilities, standards, and procedures to ensure that a company adheres to regulatory requirements, manages risks effectively, and maintains robust internal controls. GRC contracts are often used with third-party vendors, consultants, or software providers to clarify expectations and protect the organization from legal or compliance issues. They play a critical role in helping businesses navigate complex regulatory environments and minimize potential liabilities.

What is the difference between Grc Contract vs Grc Analyst?

AspectGrc ContractGrc Analyst
Required CredentialsCertifications like CISA, CISSP, or CRISC often preferredSame certifications, often with additional compliance or audit training
Work EnvironmentContract-based, project-specific, often in consulting firms or client sitesFull-time or contract, typically within organizations' security or compliance teams
Employer & Industry UsageUsed by consulting firms, security vendors, and organizations for specific projectsCommon within organizations' risk management, compliance, or security departments

Grc Contract roles focus on providing specialized GRC services on a temporary basis, often for specific projects, while Grc Analysts typically work within organizations to monitor, analyze, and ensure compliance continuously. Both roles require similar certifications but differ mainly in employment type and scope of work.

More about Grc Contract jobs
What cities are hiring for Grc Contract jobs? Cities with the most Grc Contract job openings:
What are the most commonly searched types of Grc jobs? The most popular types of Grc jobs are:
What states have the most Grc Contract jobs? States with the most job openings for Grc Contract jobs include:
What job categories do people searching Grc Contract jobs look for? The top searched job categories for Grc Contract jobs are:
Grc Contract jobs near you
Infographic showing various Grc Contract job openings in the United States as of May 2026, with employment types broken down into 4% As Needed, 4% Full Time, and 92% Contract. Highlights an 2% Physical, 10% Hybrid, and 88% Remote job distribution, with an average salary of $145,541 per year, or $70 per hour.

Contract Information Security GRC Analyst

Chathamfinancial

Charlotte, NC • On-site

Full-time

Posted 29 days ago

Job description

Job Description:

Overview:

We don't simply hire employees. We invest in them. When you work at Chatham, we empower you - offering professional development opportunities to help you grow in your career, no matter if you've been here for five months or 15 years. Chatham has worked hard to create a distinct work environment that values people, teamwork, integrity, and client service. You will have immediate opportunities to partner with talented subject matter experts, work on complex projects, and contribute to the value Chatham delivers every day.

This role sits within theInformation Security Governance, Risk and Compliance (GRC) team, which reports directly into the CISO organization. The GRC team serves as the central function responsible for managing the enterprise's security risk posture, ensuring regulatory compliance, andmaintainingthe policy and control framework that governs information security across Chatham. This team works cross-functionally, partnering closely withProduct and Technology teamsto embed security into development and infrastructure initiatives,Human Resourcesfor security awareness and personnel security matters,Operationsfor business process alignment, and allChatham business unitsto ensure security requirements support businessobjectives. The team alsomaintainscritical relationships withOperational Riskto align cybersecurity risk management with enterprise riskframeworks andserves as the primary liaison toexternal auditorsfor SOC 2, regulatory examinations, and other assurance activities.

In this role you will:

The Information Security GRC Analyst with a Risk and Policy focusis responsible forassistingin the execution ofthe organization's security risk management program and supporting policy governance. This roletakes the lead in conductingthesecurityrisk assessments forChatham systems,vendorsand business processes. This roleis responsible formaintainingthetechnology and cybersecurity risks on the operationalrisk register; tracking issues andrisk mitigation activities; andsupportspolicy development.This role is also responsible for translatingtechnical risks into business-relevant recommendations,recommendingrisk-based decisions,documenting decisions onrisk treatment, tracking risk mitigationaction plans to completionandreviewing systems/processes forpolicy compliance.

  • Risk Assessment Execution:Conducttechnologyandsecurity risk assessments for internal systems, product and technologyprojects using established frameworks (NIST SP 800-30, ISO 27005, etc.)

  • Technology and CybersecurityRisk Register Management:Maintainthe technologyrisk register(includes Cybersecurity)documenting threats, vulnerabilities, impacts, likelihood, risk ratings, and treatment decisions; ensure consistent updates with stakeholder input

  • Technology and CybersecurityRisk Mitigation Tracking:Document risk treatment plans with action items, responsible parties, and target dates; track remediation progress; verify risk reduction upon closure

  • Technologyand CybersecurityPolicy Support:Support policy lifecycle activities including drafting, review, and updates; ensure policies alignment based on industry standards such as NIST, ISO 27001, etc.,

  • Cybersecurity and Information SecurityRisk MetricsDevelopment:Develop and report risk metrics and KRIs; analyze trends in risk posture;identifysystemic issues requiring management attention

  • Technology and CybersecurityRiskReporting/Communication:Translate technical risk findings into business-relevant language; prepare risk summaries for management review and decision-making

  • Stakeholder Engagement:Partner withcontrol owners,system owners, product team, technologyteamandbusiness stakeholders toidentifyand assess risks throughout the system lifecycle.

Your impact:

Success in this role requires strong collaborative relationships across Chatham. TheInformation Security GRCAnalyst partners closely with theManager of Information Security GRC,and Information Security leadershipto align risk priorities with security strategy. The analyst will interact on a regular basiswithtechnology and information security control owners to ensure controls areproperly designed, implemented, andmonitored.The analyst engages withOperational Riskto integratetechnology andcybersecurity risks intothe operationalrisk framework and reporting. Finally, collaboration withexternal auditorsduring SOC 2 and regulatory examinationsvalidatesthat risk management practices meet industry standards and client expectations.

Contributors to your success:

  • Bachelor's degree, preferablyin Information Security, Computer Science, Risk Management, or relatedexperience in the field.

  • 3-5+ years of experience in ITaudit, ITrisk management,executingsecurity assessments, orexperienceina relatedTechnology, IT Audit or DataGovernance,role.

  • Experiencein supporting/coordinating companySOC 2Trust Services Criteriaaudits or conducting SOC 2 audits.

  • Experience inconductingtechnology and securityrisk assessments using NIST, ISO 27005, or similar methodologies

  • Strong understanding ofCybersecurity risks and mitigation strategies as well asfunctional experience withthreat modeling, vulnerability analysis, and risk quantificationand follow through.

  • Knowledge of security frameworks: NIST CSF, NIST 800-53, ISO 27001, Center of Internet Security (CIS),SOC 2Trust Services Criteria,Cloud Control Matrix (CCM)

  • Knowledge ofthird-party security assessmentsand/or data protection/impact assessments.

  • Excellent analytical and written communication skills

  • Certifications preferred: CRISC,CDPSE,CISA, CISSP, ISO 27001 Lead Auditor/Lead Implementer

  • Other Certificationsconsidered:CGEIT, CCSK,CompTIA Security+, CompTIACySA+, CISSP-Associate, GIAC/GSEC, PMP/CAPM, AWS Cloud Practitioner, Azure Cloud Practitioner

* This is a contract position working 40 hours a week

About Chatham Financial:

Chatham Financial is the leading independent capital markets advisor, delivering an integrated blend of expert advice and powerful technology to help you reduce risk and seize opportunity. With decades of capital markets strategy, execution, monitoring, and performance expertise, we serve as an unwavering advocate for your best interests and your innovation partner. Our technology platform unifies data across assets, debt, and derivatives, giving you unmatched agility, transparency, and insight.

It's clear ahead.

Our commitment is to carry that light forward in every partnership, every solution, and every market we serve.

We help guide the way-giving clients the insight and momentum to move forward with confidence, no matter what lies ahead.

Apply