1

Grc Risk Analyst Jobs in California (NOW HIRING)

Senior GRC Analyst - Security & Compliance LHH Recruitment Solutions is partnering with a high ... This role offers a unique opportunity to take ownership of a growing governance, risk, and ...

GRC Analyst

San Francisco, CA · On-site

$65 - $85/hr

Senior GRC Analyst - Security & Compliance LHH Recruitment Solutions is partnering with a high ... This role offers a unique opportunity to take ownership of a growing governance, risk, and ...

Ease is hiring a GRC Analyst to support our governance, risk, and compliance program as we mature our security posture and expand into new compliance frameworks. This is a hands-on role at the ...

GRC Analyst

Irvine, CA · On-site

$110K - $135K/yr

Ease is hiring a GRC Analyst to support our governance, risk, and compliance program as we mature our security posture and expand into new compliance frameworks. This is a hands-on role at the ...

Senior Cybersecurity GRC Analyst Position Description : Protingent Staffing has an exciting ... Risk Management & Assessment: * Lead comprehensive cybersecurity risk assessments across the ...

next page

Showing results 1-20

Grc Risk Analyst information

What is the difference between Grc Risk Analyst vs Compliance Analyst?

AspectGrc Risk AnalystCompliance Analyst
CertificationsISO 31000, FRM, CRISCISO 19600, CCEP, CISA
Work EnvironmentRisk management teams, corporate officesRegulatory departments, corporate offices
Industry UsageFinance, banking, insurance, corporate riskFinancial services, healthcare, manufacturing
Job FocusIdentifying, assessing, and mitigating risks across enterpriseEnsuring compliance with laws and regulations

While both roles involve regulatory and risk considerations, a Grc Risk Analyst focuses on enterprise-wide risk management strategies, whereas a Compliance Analyst concentrates on adherence to specific laws and regulations. Both roles require similar certifications and often work in overlapping industries, but their core responsibilities differ in scope and focus.

What are GRC Risk Analysts?

GRC Risk Analysts are professionals who specialize in Governance, Risk, and Compliance (GRC) within an organization. They assess and manage risks related to business operations, ensure compliance with relevant laws and regulations, and help implement policies and controls to mitigate potential threats. These analysts work closely with management to identify vulnerabilities, develop risk management strategies, and monitor the effectiveness of compliance programs. Their goal is to protect the organization from financial, legal, and reputational harm while supporting business objectives.

What are the key skills and qualifications needed to thrive as a GRC Risk Analyst, and why are they important?

To thrive as a GRC (Governance, Risk, and Compliance) Risk Analyst, you need a solid understanding of risk management principles, regulatory requirements, and compliance frameworks, often supported by a degree in information security, business, or a related field. Familiarity with GRC platforms (such as RSA Archer or MetricStream), risk assessment methodologies, and certifications like CRISC or CISA is highly valuable. Strong analytical thinking, attention to detail, and effective communication skills help you identify risks and convey findings to stakeholders. These skills are critical for ensuring organizational compliance, minimizing risk exposure, and supporting informed decision-making.

What are some common challenges a GRC Risk Analyst might face when implementing new risk management frameworks within an organization?

A GRC Risk Analyst often encounters challenges such as resistance to change from stakeholders, integrating new frameworks with existing processes, and ensuring consistent understanding across departments. Aligning risk management practices with organizational goals while adhering to regulatory requirements can also be complex. Success in this role requires strong communication skills, adaptability, and the ability to educate and collaborate with team members from diverse backgrounds.
What job categories do people searching Grc Risk Analyst jobs in California look for? The top searched job categories for Grc Risk Analyst jobs in California are:
What cities in California are hiring for Grc Risk Analyst jobs? Cities in California with the most Grc Risk Analyst job openings:
Infographic showing various Grc Risk Analyst job openings in California as of June 2026, with employment types broken down into 1% As Needed, 88% Full Time, 9% Part Time, 1% Temporary, and 1% Contract. Highlights an 76% Physical, 7% Hybrid, and 17% Remote job distribution.

GRC Analyst

LHH US

San Francisco, CA

$65 - $85/hr

Full-time

Medical, Dental, Vision, Life, Retirement, PTO

Posted 20 days ago


Job description

Senior GRC Analyst - Security & Compliance
LHH Recruitment Solutions is partnering with a high-growth, cloud-native SaaS organization to identify a Senior GRC Analyst to support and scale their security and compliance function.
This role offers a unique opportunity to take ownership of a growing governance, risk, and compliance program within an innovative technology environment. The organization is building advanced, cloud-based products on Azure, with security and trust at the core of its platform. The Senior GRC Analyst will play a critical role in developing and operationalizing compliance frameworks, driving audit readiness, and establishing scalable, repeatable processes.
This is an ideal opportunity for a GRC professional who is motivated to build and mature a program, work cross-functionally with engineering teams, and gain strong visibility with leadership.
Preferred Office Alignment: San Francisco, CA
Employment Type: Contract (5+ months)
Pay Rate: $65-$85/hr (DOE)
Key Responsibilities
  • Own and manage the Information Security Management System (ISMS), including policies, control frameworks, risk registers, vendor management, and Statement of Applicability.
  • Lead ISO 27001:2022 and SOC 2 Type II initiatives end-to-end, including readiness assessments, evidence collection, control testing, remediation tracking, and audit coordination.
  • Support the development and implementation of an ISO 42001 (AI management system) program alongside existing compliance frameworks.
  • Serve as the primary point of contact for external auditors, managing audit timelines, evidence requests, and engagement logistics (e.g., Stage 1/Stage 2 audits, SOC 2 Type II).
  • Administer and optimize the organization's GRC platform (e.g., Vanta, Drata, OneTrust), including control mapping, automated evidence collection, and monitoring control effectiveness.
  • Conduct risk assessments, vendor risk reviews, and support security initiatives such as penetration testing, vulnerability disclosures, and bug bounty programs.
  • Partner closely with engineering and technical teams to translate regulatory and compliance requirements into practical, scalable controls within an Azure-based environment.
  • Support customer trust initiatives, including completion of security questionnaires, RFP responses, and maintenance of trust center documentation.
Qualifications
  • 4+ years of experience in GRC, information security compliance, or IT audit, including participation in at least one full certification or audit cycle.
  • Demonstrated hands-on experience with ISO 27001 and SOC 2 frameworks, including evidence management, auditor interaction, and remediation efforts.
  • Familiarity with cloud security controls, preferably within Microsoft Azure environments.
  • Experience working with GRC platforms such as Vanta, Drata, OneTrust, or similar tools.
  • Strong skills in risk assessment, control design, and written communication.
Preferred Qualifications
  • Exposure to AI governance frameworks (e.g., ISO 42001, NIST AI RMF) and AI security standards (e.g., OWASP LLM Top 10, MITRE ATLAS).
  • Knowledge of data privacy regulations such as GDPR, particularly in relation to employee data.
  • Relevant certifications such as ISO 27001 Lead Implementer or Lead Auditor, CISA, CRISC, CISSP, or CCSK.
  • Experience in early-stage or high-growth SaaS environments.
Benefit Offerings:
Benefit offerings include medical, dental, vision, life insurance, short-term disability, additional voluntary benefits, EAP program, and 401K plan. Our program provides employees the flexibility to choose the type of coverage that meets their individual needs. Available paid leave may include Paid Sick Leave, where required by law; any other paid leave required by Federal, State, or local law; and Holiday pay upon meeting eligibility criteria.
Equal Opportunity Employer/Veterans/Disabled
To read our Candidate Privacy Information Statement, which explains how we will use your information, please navigate t o https://www.lhh.com/us/en/candidate-privacy
The Company will consider qualified applicants with arrest and conviction records in accordance with federal, state, and local laws and/or security clearance requirements, including, as applicable:
  • The California Fair Chance Act
  • Los Angeles City Fair Chance Ordinance
  • Los Angeles County Fair Chance Ordinance for Employers
  • San Francisco Fair Chance Ordinance
Pay Details: $65.00 to $85.00 per hour
Search managed by: Scott McKeen
Benefit offerings available for our associates include medical, dental, vision, life insurance, short-term disability, additional voluntary benefits, EAP program, commuter benefits and a 401K plan. Our benefit offerings provide employees the flexibility to choose the type of coverage that meets their individual needs. In addition, our associates may be eligible for paid leave including Paid Sick Leave or any other paid leave required by Federal, State, or local law, as well as Holiday pay where applicable.
Equal Opportunity Employer/Veterans/Disabled
Military connected talent encouraged to apply
To read our Candidate Privacy Information Statement, which explains how we will use your information, please navigate to https://www.lhh.com/us/en/candidate-privacy
The Company will consider qualified applicants with arrest and conviction records in accordance with federal, state, and local laws and/or security clearance requirements, including, as applicable:
  • The California Fair Chance Act
  • Los Angeles City Fair Chance Ordinance
  • Los Angeles County Fair Chance Ordinance for Employers
  • San Francisco Fair Chance Ordinance
Massachusetts Candidates Only: It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.