1

Information Security Grc Jobs (NOW HIRING)

The Information Security GRC Lead is responsible for leading the design, implementation, and continuous improvement of Governance, Risk, and Compliance (GRC) programs to ensure alignment with ...

next page

Showing results 1-20

Information Security Grc information

See salary details

$68K

$126.8K

$191.5K

How much do information security grc jobs pay per year?

As of Jul 6, 2026, the average yearly pay for information security grc in the United States is $126,833.00, according to ZipRecruiter salary data. Most workers in this role earn between $105,000.00 and $145,000.00 per year, depending on experience, location, and employer.

Is GRC cybersecurity a good job?

Information Security GRC (Governance, Risk, and Compliance) roles are in demand due to increasing cybersecurity regulations and organizational focus on risk management. These jobs often require knowledge of compliance standards, risk assessment, and security frameworks, and can offer stable employment with opportunities for advancement. However, job satisfaction depends on individual interests in policy, auditing, and strategic planning within cybersecurity.

What is GRC in information security?

GRC in information security stands for Governance, Risk Management, and Compliance. It is a framework that helps organizations align security strategies with business objectives, manage risks effectively, and ensure adherence to regulations through policies, procedures, and tools. Professionals in this field often work with standards like ISO 27001 and frameworks such as NIST.

Is GRC an entry level job?

GRC (Governance, Risk, and Compliance) roles can be entry-level or require experience depending on the organization. Entry-level GRC positions typically focus on supporting compliance activities and may require basic knowledge of security frameworks and certifications like CompTIA Security+; more advanced roles may need several years of experience and specialized skills. Overall, opportunities exist at various experience levels within GRC functions.

Can you make $500,000 a year in cyber security?

Information Security GRC professionals can potentially earn $500,000 annually with extensive experience, advanced certifications like CISSP or CISA, and leadership roles such as Chief Information Security Officer. High salaries are often associated with senior positions, specialized skills, and working in large organizations or consulting firms. Achieving this level typically requires a combination of technical expertise, strategic management skills, and industry reputation.

What are the typical daily responsibilities of an Information Security GRC professional?

As an Information Security GRC professional, your daily responsibilities often include conducting risk assessments, monitoring compliance with internal policies and external regulations, and supporting audits. You may review and update governance documentation, communicate risks or compliance issues to stakeholders, and collaborate with IT, legal, and business teams to ensure information security best practices are followed. Additionally, you'll stay current with changes in laws and regulations to maintain the organization's overall security posture. The work is both analytical and collaborative, requiring you to balance technical tasks with effective communication and project management.

What are the key skills and qualifications needed to thrive in the Information Security Grc position, and why are they important?

To thrive as an Information Security GRC professional, you need a strong understanding of information security principles, risk management frameworks, compliance regulations, and policy development, often supported by a degree in information security or a related field. Familiarity with tools such as GRC platforms (e.g., Archer, ServiceNow), risk assessment software, and certifications like CISSP, CISA, or CRISC is highly valuable. Exceptional analytical thinking, attention to detail, and strong communication skills are important soft skills in this role. These competencies enable you to navigate complex regulatory landscapes, collaborate across teams, and effectively protect an organization's information assets.

What is an Information Security GRC job?

An Information Security GRC (Governance, Risk, and Compliance) job focuses on ensuring that an organization's security policies, risk management strategies, and regulatory compliance align with industry standards and legal requirements. Professionals in this role assess security risks, implement controls, and develop frameworks to maintain data protection and regulatory adherence. They collaborate with different teams to enforce compliance, conduct audits, and manage security governance. This role is critical in preventing security breaches, ensuring legal compliance, and maintaining customer trust.

More about Information Security Grc jobs
What cities are hiring for Information Security Grc jobs? Cities with the most Information Security Grc job openings:
What states have the most Information Security Grc jobs? States with the most job openings for Information Security Grc jobs include:
Infographic showing various Information Security Grc job openings in the United States as of June 2026, with employment types broken down into 93% Full Time, 6% Part Time, and 1% Contract. Highlights an 76% Physical, 7% Hybrid, and 17% Remote job distribution, with an average salary of $126,833 per year, or $61 per hour.
Engineer, Information Security GRC

Engineer, Information Security GRC

Intercontinental Exchange Holdings, Inc.

Atlanta, GA โ€ข On-site

Other

Posted 22 days ago


Job description

Engineer, Information Security GRC

The Engineer, Information Security GRC is part of a team responsible for the global Information Security program. The role would gain exposure to the full suite of businesses and products which underpin the Parent ICE company.

Information Security ("IS") is charged with:

  • Preventing impactful cybersecurity and physical security incidents,
  • maintaining a reputation with customers, regulators, and key stakeholders as running a best-in-class cybersecurity and physical security program, and
  • avoiding negative impact to business agility and growth from cybersecurity and physical security policies and controls.

Governance, Risk, and Compliance maintain said policies, ensure controls are operating effectively via assessment and attestation, and own the vulnerability management program to identify and correct any problems within.

Responsibilities:

  • Security Metrics โ€“ Uses automated and manual processes to produce regular reports communicating the status of the Information Security program
  • Policies and Procedures โ€“ Maintains corporate Information Security policies and departmental procedures and maps them to relevant control standards
  • Regulator, Audit, and Customer Inquiries โ€“ Organizes and updates departmental documentation and responds to inquiries in an organized and repeatable fashion
  • Recertification โ€“ Operates periodic processes to ensure hire, transfer, and termination protocols are complied with and regular access reviews are conducted
  • Security Awareness โ€“ Builds and maintains company awareness and education programs
  • Risk Assessment โ€“ Builds and operates the company platform to document, measure, and report assessments, risks, controls, findings, and remediation activity

Knowledge and Experience:

  • University degree in Information Security, Engineering, MIS, CIS, or related discipline
  • 3+ years of relevant work experience
  • Experience in Cybersecurity Framework (such as NIST, COBIT)
  • Experience with Systems Administration and/or IP Networking is a plus
  • Experience with Regulatory Compliance
  • Experience in an exchange, trading facility, or financial services a plus
  • Experience in Customer communication and Vendor evaluation
  • Experience with senior management and board metrics generation and communication
  • Advanced certifications (for example, the CISSP)
  • Advanced technical writing and/or communication education and experience

Specific Technologies:

Excel, Workflow automation tools, Data collection, normalization, indexing, correlation, and visualization. Scripting, regular expressions, string-parsing, light SDLC, and project management. NIST Cyber Security Framework, CIS, and GRC Platforms.

Intercontinental Exchange, Inc. is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to legally protected characteristics.