Role Summary The Senior Risk Analyst - Privacy &ThirdPartyRisk is aSecond Line of Defense (2LoD ... Maintainaccurate, complete documentation in GRC, privacy, and TPRM systems and ensure audit-ready ...
Role Summary The Senior Risk Analyst - Privacy &ThirdPartyRisk is aSecond Line of Defense (2LoD ... Maintainaccurate, complete documentation in GRC, privacy, and TPRM systems and ensure audit-ready ...
IRC Analyst
Bel Air, MD · Hybrid
$70K - $110K/yr
Prepare risk assessments and generate risk and control matrices (RACM); update GRC systems with ... Analyze transactions, documentation, and reporting to assess adequacy and process effectiveness.
IRC Analyst
Bel Air, MD · Hybrid
$70K - $110K/yr
Prepare risk assessments and generate risk and control matrices (RACM); update GRC systems with ... Analyze transactions, documentation, and reporting to assess adequacy and process effectiveness.
IRC Analyst
Bel Air, MD · On-site
$70K - $110K/yr
Prepare risk assessments and generate risk and control matrices (RACM); update GRC systems with ... Analyze transactions, documentation, and reporting to assess adequacy and process effectiveness.
IRC Analyst
Bel Air, MD · On-site
$70K - $110K/yr
Prepare risk assessments and generate risk and control matrices (RACM); update GRC systems with ... Analyze transactions, documentation, and reporting to assess adequacy and process effectiveness.
Senior Analyst, Operational Risk Management (Hybrid)
Baltimore, MD · Hybrid
$80K - $95K/yr
Navigate company Governance Risk & Compliance (GRC) tool to record, update and report on various ... Data Analytics experience, particularly Power BI or advanced Excel * CPA * CIA * CISA Working ...
Senior Analyst, Operational Risk Management (Hybrid)
Baltimore, MD · Hybrid
$80K - $95K/yr
Navigate company Governance Risk & Compliance (GRC) tool to record, update and report on various ... Data Analytics experience, particularly Power BI or advanced Excel * CPA * CIA * CISA Working ...
GRC / NIST RMF Specialist
Beltsville, MD · On-site
Apogee Global RMS is seeking a GRC / NIST RMF Specialist to support federal programs requiring ... Risk analysis and prioritization aligned to mission, system, and organizational impact
Quick apply
GRC / NIST RMF Specialist
Beltsville, MD · On-site
Apogee Global RMS is seeking a GRC / NIST RMF Specialist to support federal programs requiring ... Risk analysis and prioritization aligned to mission, system, and organizational impact
Cybersecurity Risk Assessment Consultant Location: Hybrid (onsite work possibly at various ... GRC platform experience, and hands-on skills in data analytics and dashboard development. The ...
Quick apply
Cybersecurity Risk Assessment Consultant Location: Hybrid (onsite work possibly at various ... GRC platform experience, and hands-on skills in data analytics and dashboard development. The ...
GRC / NIST RMF Specialist
Calverton, MD · On-site
Apogee Global RMS is seeking a GRC / NIST RMF Specialist to support federal programs requiring ... Risk analysis and prioritization aligned to mission, system, and organizational impact
GRC / NIST RMF Specialist
Calverton, MD · On-site
Apogee Global RMS is seeking a GRC / NIST RMF Specialist to support federal programs requiring ... Risk analysis and prioritization aligned to mission, system, and organizational impact
Provide leadership, guidance, and technical mentorship to TPRM risk analysts and managers ... Extensive experience with TPRM and GRC platforms (e.g., ServiceNow, Coupa). * Strong executive ...
Provide leadership, guidance, and technical mentorship to TPRM risk analysts and managers ... Extensive experience with TPRM and GRC platforms (e.g., ServiceNow, Coupa). * Strong executive ...
Senior Governance, Risk, and Compliance SME
Annapolis, MD · On-site
$149K - $215K/yr
Conduct risk assessments, control gap analyses, and compliance evaluations. * Support audit ... Must have at least eight (8) years of experience in Governance, Risk, and Compliance (GRC)
Quick apply
Senior Governance, Risk, and Compliance SME
Annapolis, MD · On-site
$149K - $215K/yr
Conduct risk assessments, control gap analyses, and compliance evaluations. * Support audit ... Must have at least eight (8) years of experience in Governance, Risk, and Compliance (GRC)
Prior experience with a GRC platform, such as Archer or Workiva. * Knowledge of COSO or other risk & control frameworks and best practices. * Excellent analytical and problem-solving skills.
Prior experience with a GRC platform, such as Archer or Workiva. * Knowledge of COSO or other risk & control frameworks and best practices. * Excellent analytical and problem-solving skills.
... Risk and Compliance (GRC) system. • Maintain comprehensive records for all concerns and/or ... Read, analyze, and interpret business, professional, technical or government documents. • ...
... Risk and Compliance (GRC) system. • Maintain comprehensive records for all concerns and/or ... Read, analyze, and interpret business, professional, technical or government documents. • ...
... Risk, and Compliance (GRC) Specialist, IT Risk Manager, Threat Assessment Analyst, Systems Compliance Auditor, Cyber Risk Analyst, etc. DEGREE (Level Desired) Bachelor's Degree DEGREE (Focus ...
... Risk, and Compliance (GRC) Specialist, IT Risk Manager, Threat Assessment Analyst, Systems Compliance Auditor, Cyber Risk Analyst, etc. DEGREE (Level Desired) Bachelor's Degree DEGREE (Focus ...
... GRC) to build and lead our cybersecurity and IT risk advisory capabilities. This is a visible, high ... Exceptional risk analysis and problem-solving skills * Ability to align cybersecurity controls with ...
... GRC) to build and lead our cybersecurity and IT risk advisory capabilities. This is a visible, high ... Exceptional risk analysis and problem-solving skills * Ability to align cybersecurity controls with ...
... Risk, and Compliance (GRC) Specialist, IT Risk Manager, Threat Assessment Analyst, Systems Compliance Auditor, Cyber Risk Analyst, etc. DEGREE (Level Desired) Bachelor's Degree DEGREE (Focus ...
... Risk, and Compliance (GRC) Specialist, IT Risk Manager, Threat Assessment Analyst, Systems Compliance Auditor, Cyber Risk Analyst, etc. DEGREE (Level Desired) Bachelor's Degree DEGREE (Focus ...
Have served in roles such as ISSO, ISSM, ISSE, Security Engineer, or Cyber Risk Analyst. * Possess ... Experience with GRC/RMF Tools such as eMASS, ServiceNow (SNOW), XACTA * Have 8+ years of ...
Have served in roles such as ISSO, ISSM, ISSE, Security Engineer, or Cyber Risk Analyst. * Possess ... Experience with GRC/RMF Tools such as eMASS, ServiceNow (SNOW), XACTA * Have 8+ years of ...
Cybersecurity Compliance Auditor / Security Control Assessor (SC with Security Clearance
Laurel, MD · On-site
Have served in roles such as ISSO, ISSM, ISSE, Security Engineer, or Cyber Risk Analyst. * Possess ... Experience with GRC/RMF Tools such as eMASS, ServiceNow (SNOW), XACTA * Have 8+ years of ...
Cybersecurity Compliance Auditor / Security Control Assessor (SC with Security Clearance
Laurel, MD · On-site
Have served in roles such as ISSO, ISSM, ISSE, Security Engineer, or Cyber Risk Analyst. * Possess ... Experience with GRC/RMF Tools such as eMASS, ServiceNow (SNOW), XACTA * Have 8+ years of ...
Cyber Cloud Assessment Engineer, Sr.
Fort George G Meade, MD · On-site
$110K/yr
... GRC tools * Familiarity with cloud security documentation, including SSPs, SARs, RARs, and POA&Ms * Ability to analyze complex cloud architectures and provide accurate risk assessments * Strong ...
Cyber Cloud Assessment Engineer, Sr.
Fort George G Meade, MD · On-site
$110K/yr
... GRC tools * Familiarity with cloud security documentation, including SSPs, SARs, RARs, and POA&Ms * Ability to analyze complex cloud architectures and provide accurate risk assessments * Strong ...
Cloud Security & Authorization Technical Analyst
$85K - $141K/yr
Ability to translate complex cloud engineering concepts into clear risk and compliance narratives ... Familiarity with ServiceNow, eCase, or automated GRC platforms. The annual salary range for this ...
Cloud Security & Authorization Technical Analyst
$85K - $141K/yr
Ability to translate complex cloud engineering concepts into clear risk and compliance narratives ... Familiarity with ServiceNow, eCase, or automated GRC platforms. The annual salary range for this ...
Cloud Security & Authorization Technical Analyst
Hanover, MD · On-site
$85K - $141K/yr
Ability to translate complex cloud engineering concepts into clear risk and compliance narratives ... Familiarity with ServiceNow, eCase, or automated GRC platforms. The annual salary range for this ...
Cloud Security & Authorization Technical Analyst
Hanover, MD · On-site
$85K - $141K/yr
Ability to translate complex cloud engineering concepts into clear risk and compliance narratives ... Familiarity with ServiceNow, eCase, or automated GRC platforms. The annual salary range for this ...
... GRC tools * Familiarity with cloud security documentation, including SSPs, SARs, RARs, and POA&Ms * Ability to analyze complex cloud architectures and provide accurate risk assessments * Strong ...
... GRC tools * Familiarity with cloud security documentation, including SSPs, SARs, RARs, and POA&Ms * Ability to analyze complex cloud architectures and provide accurate risk assessments * Strong ...
Grc Risk Analyst information
See Baltimore, MD salary details
$15.29 - $19.85
3% of jobs
$19.85 - $24.41
7% of jobs
$24.41 - $28.97
12% of jobs
$29.86 is the 25th percentile. Wages below this are outliers.
$28.97 - $33.53
15% of jobs
$33.53 - $38.09
13% of jobs
The median wage is $38.24 / hr.
$38.09 - $42.65
16% of jobs
$42.65 - $47.21
8% of jobs
$47.78 is the 75th percentile. Wages above this are outliers.
$47.21 - $51.77
11% of jobs
$51.77 - $56.33
6% of jobs
$56.33 - $60.89
6% of jobs
$60.89 - $65.45
3% of jobs
$15
$40
$65
How much do grc risk analyst jobs pay per hour?
What is the difference between Grc Risk Analyst vs Compliance Analyst?
| Aspect | Grc Risk Analyst | Compliance Analyst |
|---|---|---|
| Certifications | ISO 31000, FRM, CRISC | ISO 19600, CCEP, CISA |
| Work Environment | Risk management teams, corporate offices | Regulatory departments, corporate offices |
| Industry Usage | Finance, banking, insurance, corporate risk | Financial services, healthcare, manufacturing |
| Job Focus | Identifying, assessing, and mitigating risks across enterprise | Ensuring compliance with laws and regulations |
While both roles involve regulatory and risk considerations, a Grc Risk Analyst focuses on enterprise-wide risk management strategies, whereas a Compliance Analyst concentrates on adherence to specific laws and regulations. Both roles require similar certifications and often work in overlapping industries, but their core responsibilities differ in scope and focus.
What are GRC Risk Analysts?
What are the key skills and qualifications needed to thrive as a GRC Risk Analyst, and why are they important?
What are some common challenges a GRC Risk Analyst might face when implementing new risk management frameworks within an organization?

T. Rowe Price rating
9.1
Based on 21 frontline employees who took The Breakroom Quiz
Job description
Role Summary
The Senior Risk Analyst - Privacy &ThirdPartyRisk is aSecond Line of Defense (2LoD)role and a member of theGlobal Privacy Office (GPO)andThirdPartyRisk Management (TPRM)function. The role provides independent risk oversight, effective challenge, and assurance over first-line activities andoutsourced TPRM services,operatingwithminimal supervisionand a high degree of professional judgment.
This position is expected to independently manage complex risk assessments, lead oversight activities,identifyemerging risk themes, and deliver clear, actionable insights to senior stakeholders and governance committees.
Responsibilities
Privacy Risk- Global Privacy Office:
- Independently provide 2LoD oversight of privacy risks arising from first-line business activitiesand serveas a subject matter resource on privacy risk matters.
- Lead review andchallengeofPrivacy Impact Assessments (PIAs), Data Protection Impact Assessments (DPIAs), and privacy risk assessments.
- Evaluate the design and operating effectiveness of privacy controls and recommend enhancements aligned with regulatory expectations and risk appetite.
- Independently review privacy incidents, including root cause analyses and remediation plans.
- Provide technicalexpertiseandsupportthe implementation of privacy and data protection processes, controls, and procedures based on enterprise-wide guidance issued by the Global Privacy Office.
- Support the process of Privacy and Security by Design reviews, in particular, wherethey relate to the development and deployment of new technologies.This includes reviewing technical implementation details and design documentation for new systems andfeatures, andproviding guidance on improving privacy features in
- those systems.
- Collaborate with technology and security teams to embed privacy controls into the architecture of products and services, including providing advice and best practices to protect and mitigate privacy risks.
- Identifyopportunities to enhance the Global Privacy Office's technical capabilities, develop,testand work with technology teams to deploy such capabilities.
- Support the maintenance of the firm's required privacy compliance documentation (e.g., Records of Processing Activities, Transfer Impact Assessments, procedures, guides, training, SharePoint sites).
- Support the execution of the privacy compliance monitoring program.
Third-Party Risk Management:
- Perform quality assurance and effective challenge of third-party risk outputs produced by external service providers and first-line stakeholders.
- Monitor adherence to SLAs, KPIs, and contractual obligations of outsourced TPRM providers and escalate deficiencies asappropriate.
- Identifysystemic control gaps, concentration risk, and emerging third-party risk trends across the vendor population.
- Support thirdparty cyber and information security risk review activities.
- Contribute to the ongoing development of fourth-party risk governance and oversight practices.
- Identifyopportunities to enhanceTRPM's technical capabilities, develop,testand work with technology teams to deploy such capabilities.
- Support the maintenance of the firm's requiredTPRMcompliance documentation (e.g.,Policy, Supplier Management Standards, questionnaire templates, frameworks, training, Share Point sites).
Risk Governance, Reporting & Analytics:
- Independently develop and deliver executive-level risk reporting, dashboards, and management information.
- Assistwith monitoring and reporting emerging AI and technology risks across privacy andthird partyrisk, contributing to oversight of controls, assessments, and reporting.
- Leverage AI-enabled tools and advanced analytics toidentifytrends, emerging risks, and control weaknesses.
- Lead preparation for regulatory examinations, internal audits, and management assurance activities related to privacy and third-party risk oversight.
- Maintainaccurate, complete documentation in GRC, privacy, and TPRM systems and ensure audit-ready artifacts.
Qualifications
Required:
- Bachelor's degree in Risk Management, Information Systems, Finance, Business, Law, ora relatedfield.
- 5+ years of experience insecond-line risk management, privacy risk, or third-party risk oversight, preferably within financial services or asset management(or other industry subject to equivalent regulatory scrutiny).
- Demonstrated ability tooperateindependently with minimal guidance in a 2LoD environment.
- In-depth knowledge of global privacy regulations andoutsourced TPRM operating models.
- Required Certifications (at least one):
- Certified Information Privacy Professional (CIPP/US, CIPP/E)
- Certified Information Systems Auditor (CISA)
- Certified in Risk and Information Systems Control (CRISC)
- Certified Third Party Risk Professional (CTPP)
Preferred:
- Experience leading or independently managing 2LoD privacy or TPRM oversight activities.
- Asset management or broader financial services experience.
- Additionalcertifications:
- CIPM or CIPT
- ISO 27001 Lead Implementer or Auditor
- Familiarity with SEC, FINRA, and global regulatory expectations.
Tools & Technology (Preferred)
- Advanced experience with GRC, privacy, and TPRM platforms (e.g., Archer, ServiceNow, OneTrust,IBM OpenPages).
- Strongproficiencywith reporting and analytics tools (e.g., Power BI, advanced Excel).
- Practical experience using AI-enabled risk, compliance, or data analytics tools to enhance oversight and reporting(e.g., Microsoft Co-Pilot, ChatGPT Enterprise).
- Ability to automate reporting and improve risk visibility.
Key Competencies
- Strong independent judgment and risk-based decision-making.
- Ability to provide credible, effectivechallengeat senior levels.
- Excellent written and verbal communication skills.
- Strong issue management, quality assurance, and governance discipline.
- Comfortoperatingautonomously in a global, regulated environment.
FINRA Requirements
FINRA licenses are not required and will not be supported for this role.
Work Flexibility
This role is eligible for hybrid work, with up to one day per week from home.
What T. Rowe Price employees say
Pay
Benefits
Hours and flexibility
Workplace
Get the full story on Breakroom
About T. Rowe Price
Sourced by ZipRecruiter
Industry
Funds, trusts and financial programs
Company size
5,001 - 10,000 Employees
Headquarters location
Baltimore, MD, US
Year founded
1937