1

Grc Risk Analyst Jobs in Utah (NOW HIRING)

Support third-party/vendor risk assessments and due diligence reviews * Identify control gaps ... Strong analytical, documentation, and organizational skills * Ability to communicate technical ...

Support third-party/vendor risk assessments and due diligence reviews * Identify control gaps ... Strong analytical, documentation, and organizational skills * Ability to communicate technical ...

Governance, Risk & Compliance Lead

Draper, UT · On-site

$146K/yr

... GRC hiring plan, recruit and mentor analysts and managers, and report program health, risk posture, and certification progress to executive leadership. What You Bring • 7+ years in information ...

New

As a security analyst at Lucid you will be helping to protect corporate assets, including our world ... party risk management, GRC, customer due diligence, etc. * Understanding of common security ...

As a Security Analyst at Lucid Software, you will protect our corporate assets,world-class web ... GRC (Governance, Risk, and Compliance) operations. Lucid Software's security team fosters an ...

This role operates under the direction of GRC leadership and is responsible for day-to-day risk ... The ideal candidate is detail-oriented and analytical, with the ability to translate technical ...

... risk-based prioritization aligned to business impact and threat intelligence * Partner with GRC ... Strong analytical and problem-solving skills * Excellent communication skills translating technical ...

next page

Showing results 1-20

Grc Risk Analyst information

What is the difference between Grc Risk Analyst vs Compliance Analyst?

AspectGrc Risk AnalystCompliance Analyst
CertificationsISO 31000, FRM, CRISCISO 19600, CCEP, CISA
Work EnvironmentRisk management teams, corporate officesRegulatory departments, corporate offices
Industry UsageFinance, banking, insurance, corporate riskFinancial services, healthcare, manufacturing
Job FocusIdentifying, assessing, and mitigating risks across enterpriseEnsuring compliance with laws and regulations

While both roles involve regulatory and risk considerations, a Grc Risk Analyst focuses on enterprise-wide risk management strategies, whereas a Compliance Analyst concentrates on adherence to specific laws and regulations. Both roles require similar certifications and often work in overlapping industries, but their core responsibilities differ in scope and focus.

What are GRC Risk Analysts?

GRC Risk Analysts are professionals who specialize in Governance, Risk, and Compliance (GRC) within an organization. They assess and manage risks related to business operations, ensure compliance with relevant laws and regulations, and help implement policies and controls to mitigate potential threats. These analysts work closely with management to identify vulnerabilities, develop risk management strategies, and monitor the effectiveness of compliance programs. Their goal is to protect the organization from financial, legal, and reputational harm while supporting business objectives.

What are the key skills and qualifications needed to thrive as a GRC Risk Analyst, and why are they important?

To thrive as a GRC (Governance, Risk, and Compliance) Risk Analyst, you need a solid understanding of risk management principles, regulatory requirements, and compliance frameworks, often supported by a degree in information security, business, or a related field. Familiarity with GRC platforms (such as RSA Archer or MetricStream), risk assessment methodologies, and certifications like CRISC or CISA is highly valuable. Strong analytical thinking, attention to detail, and effective communication skills help you identify risks and convey findings to stakeholders. These skills are critical for ensuring organizational compliance, minimizing risk exposure, and supporting informed decision-making.

What are some common challenges a GRC Risk Analyst might face when implementing new risk management frameworks within an organization?

A GRC Risk Analyst often encounters challenges such as resistance to change from stakeholders, integrating new frameworks with existing processes, and ensuring consistent understanding across departments. Aligning risk management practices with organizational goals while adhering to regulatory requirements can also be complex. Success in this role requires strong communication skills, adaptability, and the ability to educate and collaborate with team members from diverse backgrounds.
What job categories do people searching Grc Risk Analyst jobs in Utah look for? The top searched job categories for Grc Risk Analyst jobs in Utah are:
What cities in Utah are hiring for Grc Risk Analyst jobs? Cities in Utah with the most Grc Risk Analyst job openings:

Cybersecurity GRC Engineer

swirecc

Draper, UT • On-site

Other

This job post has expired 1 day ago. Applications are no longer accepted.


Job description

What does a Cybersecurity GRC Engineer do at Swire Coca - Cola?
Swire Coca-Cola is seeking a Cybersecurity GRC Engineer to support the execution and continuous improvement of our governance, risk, and compliance (GRC) program. This role works under the direction of the GRC Manager and is responsible for performing day-to-day risk, compliance, and audit activities that ensure our cybersecurity program remains aligned with regulatory, contractual, and business requirements. The GRC Engineer plays a critical role in operationalizing cybersecurity governance by conducting risk assessments, supporting audits, maintaining control frameworks, and partnering across IT and business teams to track and remediate findings. This role requires a detail-oriented and analytical individual who can translate technical controls and risks into clear documentation and actionable insights.
Responsibilities

  • Perform cybersecurity risk assessments for systems, applications, and business processes
  • Support third-party/vendor risk assessments and due diligence reviews
  • Identify control gaps, document risks, and assist in developing remediation plans
  • Maintain and update the enterprise risk register, including risk scoring and tracking
  • Partner with control owners to validate mitigation efforts and risk status
  • Support internal and external audits by coordinating evidence collection and responses
  • Track audit findings, remediation activities, and validate closure
  • Assist with security questionnaires, RFP responses, and due diligence requests
  • Help ensure compliance with regulatory and contractual requirements
  • Maintain and update cybersecurity policies, standards, and procedures
  • Support mapping of controls to frameworks such as NIST CSF, ISO 27001, and CIS
  • Assist in the development and maintenance of a unified control framework
  • Support control testing activities and documentation of effectiveness
  • Develop and maintain GRC metrics, dashboards, and reporting artifacts
  • Track key risk indicators (KRIs), audit trends, and remediation progress
  • Prepare reports and summaries for leadership and stakeholders
  • Maintain organized documentation and evidence repositories
  • Partner with cross-functional teams to drive risk awareness and remediation efforts
  • Support process improvements to enhance GRC efficiency and scalability
  • Assist in implementing and optimizing GRC tools and automation
  • Stay current on cybersecurity risks and compliance requirements
  • Performs other duties as assigned.


Requirements

  • Bachelor’s Degree in Cybersecurity, Information Technology, Risk Management, or related field required
  • Relevant certifications such as Security+, CISA, CRISC, or similar preferred
  • 3+ years of experience in cybersecurity, risk, compliance, or audit roles required
  • Experience supporting audits, risk assessments, and compliance activities required
  • Experience collaborating across IT and business teams required
  • Working knowledge of NIST CSF, ISO 27001, and CIS frameworks
  • Strong analytical, documentation, and organizational skills
  • Ability to communicate technical concepts to non-technical stakeholders
  • Familiarity with GRC tools such as ServiceNow GRC, Archer, Drata, Vanta, or similar preferred