1

Grc Risk Analyst Jobs in Washington (NOW HIRING)

Sr GRC Analyst

Herndon, VA · On-site

$98K - $129K/yr

26-May-2026 Senior GRC Engineering Analyst US (Remote) 10880BR Company Summary Built on 40 years of ... Identify control gaps, assess technical risk and business impact, and drive remediation to closure ...

PingWind is seeking a Cybersecurity Analyst responsible for leading governance, risk, and compliance (GRC) activities to ensure MODES III systems maintain continuous compliance with DoD cybersecurity ...

PingWind is seeking a Cybersecurity Analyst responsible for leading governance, risk, and compliance (GRC) activities to ensure MODES III systems maintain continuous compliance with DoD cybersecurity ...

Cyber GRC Transformation Manager

Ashburn, VA · On-site

$113K - $153K/yr

... into our risk lifecycle-using automation, LLMs, and predictive analytics to scale security ... Pivoting to an AI-First GRC Strategy: Revolutionize traditional compliance by implementing ...

next page

Showing results 1-20

Grc Risk Analyst information

What is the difference between Grc Risk Analyst vs Compliance Analyst?

AspectGrc Risk AnalystCompliance Analyst
CertificationsISO 31000, FRM, CRISCISO 19600, CCEP, CISA
Work EnvironmentRisk management teams, corporate officesRegulatory departments, corporate offices
Industry UsageFinance, banking, insurance, corporate riskFinancial services, healthcare, manufacturing
Job FocusIdentifying, assessing, and mitigating risks across enterpriseEnsuring compliance with laws and regulations

While both roles involve regulatory and risk considerations, a Grc Risk Analyst focuses on enterprise-wide risk management strategies, whereas a Compliance Analyst concentrates on adherence to specific laws and regulations. Both roles require similar certifications and often work in overlapping industries, but their core responsibilities differ in scope and focus.

What are GRC Risk Analysts?

GRC Risk Analysts are professionals who specialize in Governance, Risk, and Compliance (GRC) within an organization. They assess and manage risks related to business operations, ensure compliance with relevant laws and regulations, and help implement policies and controls to mitigate potential threats. These analysts work closely with management to identify vulnerabilities, develop risk management strategies, and monitor the effectiveness of compliance programs. Their goal is to protect the organization from financial, legal, and reputational harm while supporting business objectives.

What are the key skills and qualifications needed to thrive as a GRC Risk Analyst, and why are they important?

To thrive as a GRC (Governance, Risk, and Compliance) Risk Analyst, you need a solid understanding of risk management principles, regulatory requirements, and compliance frameworks, often supported by a degree in information security, business, or a related field. Familiarity with GRC platforms (such as RSA Archer or MetricStream), risk assessment methodologies, and certifications like CRISC or CISA is highly valuable. Strong analytical thinking, attention to detail, and effective communication skills help you identify risks and convey findings to stakeholders. These skills are critical for ensuring organizational compliance, minimizing risk exposure, and supporting informed decision-making.

What are some common challenges a GRC Risk Analyst might face when implementing new risk management frameworks within an organization?

A GRC Risk Analyst often encounters challenges such as resistance to change from stakeholders, integrating new frameworks with existing processes, and ensuring consistent understanding across departments. Aligning risk management practices with organizational goals while adhering to regulatory requirements can also be complex. Success in this role requires strong communication skills, adaptability, and the ability to educate and collaborate with team members from diverse backgrounds.
What job categories do people searching Grc Risk Analyst jobs in Washington look for? The top searched job categories for Grc Risk Analyst jobs in Washington are:
What cities in Washington are hiring for Grc Risk Analyst jobs? Cities in Washington with the most Grc Risk Analyst job openings:
Infographic showing various Grc Risk Analyst job openings in Washington as of July 2026, with employment types broken down into 1% Locum Tenens, 1% Internship, 82% Full Time, 11% Part Time, 1% Temporary, and 4% Contract. Highlights an 81% Physical, 7% Hybrid, and 12% Remote job distribution.
Senior Cybersecurity Risk Analyst - USA Remote

Senior Cybersecurity Risk Analyst - USA Remote

Danaher

Washington, DC • Remote

$130K - $160K/yr

Full-time

Medical, Dental, Vision, Retirement, PTO

Posted 25 days ago


Danaher rating

7.7

Company rating: 7.7 out of 10

Based on 29 frontline employees who took The Breakroom Quiz


Job description

Bring more to life.

At Danaher, our work saves lives. And each of us plays a part. Fueled by our culture of continuous improvement, we turn ideas into impact - innovating at the speed of life.

Our 60,000+ associates work across the globe at more than 15 unique businesses within life sciences, diagnostics, and biotechnology.

Are you ready to accelerate your potential and make a real difference? At Danaher, you can build an incredible career at a leading science and technology company, where we're committed to hiring and developing from within. You'll thrive in a culture of belonging where you and your unique viewpoint matter.

Learn about the Danaher Business System which makes everything possible.

The Senior Cybersecurity Risk Analyst is responsible for executing third-party and supplier risk activities across the vendor lifecycle and contributing to enterprise risk register operations across the Danaher operating companies. This role offers opportunities to work at the intersection of cyber risk, supply-chain integrity, and enterprise risk reporting across a global, multi-operating-company environment.

This position is part of the Corporate Information Security and will be located as Remote.

In this role, you will have the opportunity to:

  • Execute the third-party risk management (TPRM) lifecycle end-to-end, including vendor intake, inherent-risk tiering, security and privacy questionnaire administration, evidence collection and review, scoring, and final risk decisioning under the direction of the TPRM Lead

  • Review and provide cybersecurity input on third-party contracts (IS Terms & Conditions, Data Protection Addenda, Standard Contractual Clauses, AI-specific addenda), partnering with Legal, Privacy, and Procurement to land defensible positions and consistent redlines

  • Assess supply-chain and geopolitical risk (including country-of-origin and concentration concerns) and apply AI vendor risk frameworks (NIST AI RMF, ISO/IEC 42001) to AI-enabled products and services in the vendor portfolio

  • Serve as the connective tissue between central TPRM and the OpCo 3rd-Party Questionnaire & Response Coordinators, providing guidance on intake, scoring consistency, escalation paths, and Procurement engagement so vendor risk is handled the same way across the portfolio

  • Contribute to enterprise risk register operations and data quality, including consistent risk capture, cross-OpCo aggregation, and executive-grade reporting that informs the OpCo QBR and CISO updates

The essential requirements of the job include:

  • Strong working knowledge of third-party risk management frameworks and methodologies (e.g., Shared Assessments SIG, NIST SP 800-161, ISO/IEC 27036) and the underlying security and privacy regulatory landscape (GDPR, HIPAA, PCI DSS, SOX)

  • Demonstrated experience administering vendor security questionnaires, reviewing evidence (SOC 2, ISO 27001, penetration test reports), applying scoring consistently at scale, and communicating findings to vendors and internal stakeholders

  • Working familiarity with the cybersecurity provisions in vendor contracts (IS Terms & Conditions, Data Protection Addenda, Standard Contractual Clauses) and the ability to coordinate redlines with Legal, Privacy, and Procurement.

  • Hands-on experience operating an enterprise or program-level risk register, with attention to data quality, aggregation methodology, and reporting fluency for executive audiences.

  • 7+ years of experience in third-party risk, enterprise risk management, vendor security, or related governance work.

It would be a plus if you also possess previous experience in:

  • Experience applying AI vendor risk frameworks such as NIST AI RMF and ISO/IEC 42001, and assessing supply-chain and geopolitical concentration risk including country-of-origin scrutiny.

  • Familiarity with GRC platforms (e.g., OneTrust, ServiceNow IRM, RSA Archer) and vendor risk tooling, along with excellent written and verbal communication skills and proven experience influencing stakeholders at all organizational levels, including senior leadership.

At Danaher we believe in designing a better, more sustainable workforce. We recognize the benefits of flexible, remote working arrangements for eligible roles and are committed to providing enriching careers, no matter the work arrangement. This position is eligible for a remote work arrangement in which you can work remotely from your home. Additional information about this remote work arrangement will be provided by your interview team. Explore the flexibility and challenge that working for Danaher can provide.

The salary range for this role is $130K-$160K. This is the range that we in good faith believe is the range of possible compensation for this role at the time of this posting. We may ultimately pay more or less than the posted range. This range may be modified in the future.

This job is also eligible for bonus/incentive pay. #LI-Remote

We offer comprehensive package of benefits including paid time off, medical/dental/vision insurance and 401(k) to eligible employees.

Note: No amount of pay is considered to be wages or compensation until such amount is earned, vested, and determinable. The amount and availability of any bonus, commission, benefits, or any other form of compensation and benefits that are allocable to a particular employee remains in the Company's sole discretion unless and until paid and may be modified at the Company's sole discretion, consistent with the law.

Join our winning team today. Together, we'll accelerate the real-life impact of tomorrow's science and technology. We partner with customers across the globe to help them solve their most complex challenges, architecting solutions that bring the power of science to life.


For more information, visit www.danaher.com.


Danaher Corporation and all Danaher Companies are committed to equal opportunity regardless of race, color, national origin, religion, sex, age, marital status, disability, veteran status, sexual orientation, gender identity, or other characteristics protected by law.


The U.S. EEO posters are available here.


For candidates who are based outside of New York City or who are applying for roles outside of New York City, for more information about conditions of any job offer please click here


We comply with federal and state disability laws and make reasonable accommodations for applicants and employees with disabilities. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact:1-202-419-7762 or applyassistance@danaher.com.


What Danaher employees say

Pay

Benefits

Hours and flexibility

Workplace

Get the full story on Breakroom


Danaher logo

About Danaher

Sourced by ZipRecruiter

We are a science and technology innovator committed to helping our customers solve complex challenges, and improving quality of life around the world. A global family of more than 20 operating companies, we drive meaningful innovation in some of today's most dynamic, growing industries.

Industry

Medical equipment and supplies manufacturing

Company size

10,000+ Employees

Headquarters location

Washington, DC, US

Year founded

1984