1

Grc Risk Analyst Jobs in Baltimore, MD (NOW HIRING)

IRC Analyst

Bel Air, MD · Hybrid

$70K - $110K/yr

Prepare risk assessments and generate risk and control matrices (RACM); update GRC systems with ... Analyze transactions, documentation, and reporting to assess adequacy and process effectiveness.

IRC Analyst

Bel Air, MD · On-site

$70K - $110K/yr

Prepare risk assessments and generate risk and control matrices (RACM); update GRC systems with ... Analyze transactions, documentation, and reporting to assess adequacy and process effectiveness.

next page

Showing results 1-20

Grc Risk Analyst information

See Baltimore, MD salary details

$15

$40

$65

How much do grc risk analyst jobs pay per hour?

As of Jul 17, 2026, the average hourly pay for grc risk analyst in Baltimore, MD is $40.23, according to ZipRecruiter salary data. Most workers in this role earn between $29.62 and $48.94 per hour, depending on experience, location, and employer.

What is the difference between Grc Risk Analyst vs Compliance Analyst?

AspectGrc Risk AnalystCompliance Analyst
CertificationsISO 31000, FRM, CRISCISO 19600, CCEP, CISA
Work EnvironmentRisk management teams, corporate officesRegulatory departments, corporate offices
Industry UsageFinance, banking, insurance, corporate riskFinancial services, healthcare, manufacturing
Job FocusIdentifying, assessing, and mitigating risks across enterpriseEnsuring compliance with laws and regulations

While both roles involve regulatory and risk considerations, a Grc Risk Analyst focuses on enterprise-wide risk management strategies, whereas a Compliance Analyst concentrates on adherence to specific laws and regulations. Both roles require similar certifications and often work in overlapping industries, but their core responsibilities differ in scope and focus.

What are GRC Risk Analysts?

GRC Risk Analysts are professionals who specialize in Governance, Risk, and Compliance (GRC) within an organization. They assess and manage risks related to business operations, ensure compliance with relevant laws and regulations, and help implement policies and controls to mitigate potential threats. These analysts work closely with management to identify vulnerabilities, develop risk management strategies, and monitor the effectiveness of compliance programs. Their goal is to protect the organization from financial, legal, and reputational harm while supporting business objectives.

What are the key skills and qualifications needed to thrive as a GRC Risk Analyst, and why are they important?

To thrive as a GRC (Governance, Risk, and Compliance) Risk Analyst, you need a solid understanding of risk management principles, regulatory requirements, and compliance frameworks, often supported by a degree in information security, business, or a related field. Familiarity with GRC platforms (such as RSA Archer or MetricStream), risk assessment methodologies, and certifications like CRISC or CISA is highly valuable. Strong analytical thinking, attention to detail, and effective communication skills help you identify risks and convey findings to stakeholders. These skills are critical for ensuring organizational compliance, minimizing risk exposure, and supporting informed decision-making.

What are some common challenges a GRC Risk Analyst might face when implementing new risk management frameworks within an organization?

A GRC Risk Analyst often encounters challenges such as resistance to change from stakeholders, integrating new frameworks with existing processes, and ensuring consistent understanding across departments. Aligning risk management practices with organizational goals while adhering to regulatory requirements can also be complex. Success in this role requires strong communication skills, adaptability, and the ability to educate and collaborate with team members from diverse backgrounds.
What are popular job titles related to Grc Risk Analyst jobs in Baltimore, MD? For Grc Risk Analyst jobs in Baltimore, MD, the most frequently searched job titles are:
What job categories do people searching Grc Risk Analyst jobs in Baltimore, MD look for? The top searched job categories for Grc Risk Analyst jobs in Baltimore, MD are:
What cities near Baltimore, MD are hiring for Grc Risk Analyst jobs? Cities near Baltimore, MD with the most Grc Risk Analyst job openings:
Infographic showing various Grc Risk Analyst job openings in Baltimore, MD as of July 2026, with employment types broken down into 100% Full Time. Highlights an 100% In-person job distribution, with an average salary of $83,674 per year, or $40.2 per hour.
Senior Risk Analyst, Privacy & Third-Party Risk

Senior Risk Analyst, Privacy & Third-Party Risk

T Rowe Price

Baltimore, MD

Other

Re-posted 8 days ago


T. Rowe Price rating

9.1

Company rating: 9.1 out of 10

Based on 21 frontline employees who took The Breakroom Quiz


Job description

Role Summary

The Senior Risk Analyst - Privacy &ThirdPartyRisk is aSecond Line of Defense (2LoD)role and a member of theGlobal Privacy Office (GPO)andThirdPartyRisk Management (TPRM)function. The role provides independent risk oversight, effective challenge, and assurance over first-line activities andoutsourced TPRM services,operatingwithminimal supervisionand a high degree of professional judgment.

This position is expected to independently manage complex risk assessments, lead oversight activities,identifyemerging risk themes, and deliver clear, actionable insights to senior stakeholders and governance committees.

Responsibilities

Privacy Risk- Global Privacy Office:

  • Independently provide 2LoD oversight of privacy risks arising from first-line business activitiesand serveas a subject matter resource on privacy risk matters.
  • Lead review andchallengeofPrivacy Impact Assessments (PIAs), Data Protection Impact Assessments (DPIAs), and privacy risk assessments.
  • Evaluate the design and operating effectiveness of privacy controls and recommend enhancements aligned with regulatory expectations and risk appetite.
  • Independently review privacy incidents, including root cause analyses and remediation plans.
  • Provide technicalexpertiseandsupportthe implementation of privacy and data protection processes, controls, and procedures based on enterprise-wide guidance issued by the Global Privacy Office.
  • Support the process of Privacy and Security by Design reviews, in particular, wherethey relate to the development and deployment of new technologies.This includes reviewing technical implementation details and design documentation for new systems andfeatures, andproviding guidance on improving privacy features in
  • those systems.
  • Collaborate with technology and security teams to embed privacy controls into the architecture of products and services, including providing advice and best practices to protect and mitigate privacy risks.
  • Identifyopportunities to enhance the Global Privacy Office's technical capabilities, develop,testand work with technology teams to deploy such capabilities.
  • Support the maintenance of the firm's required privacy compliance documentation (e.g., Records of Processing Activities, Transfer Impact Assessments, procedures, guides, training, SharePoint sites).
  • Support the execution of the privacy compliance monitoring program.

Third-Party Risk Management:

  • Perform quality assurance and effective challenge of third-party risk outputs produced by external service providers and first-line stakeholders.
  • Monitor adherence to SLAs, KPIs, and contractual obligations of outsourced TPRM providers and escalate deficiencies asappropriate.
  • Identifysystemic control gaps, concentration risk, and emerging third-party risk trends across the vendor population.
  • Support thirdparty cyber and information security risk review activities.
  • Contribute to the ongoing development of fourth-party risk governance and oversight practices.
  • Identifyopportunities to enhanceTRPM's technical capabilities, develop,testand work with technology teams to deploy such capabilities.
  • Support the maintenance of the firm's requiredTPRMcompliance documentation (e.g.,Policy, Supplier Management Standards, questionnaire templates, frameworks, training, Share Point sites).

Risk Governance, Reporting & Analytics:

  • Independently develop and deliver executive-level risk reporting, dashboards, and management information.
  • Assistwith monitoring and reporting emerging AI and technology risks across privacy andthird partyrisk, contributing to oversight of controls, assessments, and reporting.
  • Leverage AI-enabled tools and advanced analytics toidentifytrends, emerging risks, and control weaknesses.
  • Lead preparation for regulatory examinations, internal audits, and management assurance activities related to privacy and third-party risk oversight.
  • Maintainaccurate, complete documentation in GRC, privacy, and TPRM systems and ensure audit-ready artifacts.

Qualifications

Required:

  • Bachelor's degree in Risk Management, Information Systems, Finance, Business, Law, ora relatedfield.
  • 5+ years of experience insecond-line risk management, privacy risk, or third-party risk oversight, preferably within financial services or asset management(or other industry subject to equivalent regulatory scrutiny).
  • Demonstrated ability tooperateindependently with minimal guidance in a 2LoD environment.
  • In-depth knowledge of global privacy regulations andoutsourced TPRM operating models.
  • Required Certifications (at least one):
  • Certified Information Privacy Professional (CIPP/US, CIPP/E)
  • Certified Information Systems Auditor (CISA)
  • Certified in Risk and Information Systems Control (CRISC)
  • Certified Third Party Risk Professional (CTPP)

Preferred:

  • Experience leading or independently managing 2LoD privacy or TPRM oversight activities.
  • Asset management or broader financial services experience.
  • Additionalcertifications:
  • CIPM or CIPT
  • ISO 27001 Lead Implementer or Auditor
  • Familiarity with SEC, FINRA, and global regulatory expectations.

Tools & Technology (Preferred)

  • Advanced experience with GRC, privacy, and TPRM platforms (e.g., Archer, ServiceNow, OneTrust,IBM OpenPages).
  • Strongproficiencywith reporting and analytics tools (e.g., Power BI, advanced Excel).
  • Practical experience using AI-enabled risk, compliance, or data analytics tools to enhance oversight and reporting(e.g., Microsoft Co-Pilot, ChatGPT Enterprise).
  • Ability to automate reporting and improve risk visibility.

Key Competencies

  • Strong independent judgment and risk-based decision-making.
  • Ability to provide credible, effectivechallengeat senior levels.
  • Excellent written and verbal communication skills.
  • Strong issue management, quality assurance, and governance discipline.
  • Comfortoperatingautonomously in a global, regulated environment.

FINRA Requirements

FINRA licenses are not required and will not be supported for this role.

Work Flexibility

This role is eligible for hybrid work, with up to one day per week from home.


What T. Rowe Price employees say

Pay

Benefits

Hours and flexibility

Workplace

Get the full story on Breakroom