1

It Governance Risk Compliance Jobs (NOW HIRING)

Manager, IT Risk Operations

Palo Alto, CA ยท On-site

$147K - $198K/yr

This high-impact position in the Governance, Risk & Compliance function sits at the center of the ... Strengthen IT Governance & Controls * Lead the development of executive-level reporting on IT risk, ...

This is an excellent opportunity for an early-career technology professional interested in IT risk management, cybersecurity governance, compliance, and technology controls. Key Responsibilities

This is an excellent opportunity for an early-career technology professional interested in IT risk management, cybersecurity governance, compliance, and technology controls. Key Responsibilities

IT Governance Manager

Atlanta, GA ยท On-site

$94K - $112K/yr

Title: IT Governance Manager Location: Atlanta, GA Key Responsibilities Governance & Compliance ... Support documentation of funding justifications, risk assessments, and policy compliance as part of ...

IT COMPLIANCE ANALYST

$96K - $96K/yr

... governance, risk, and compliance function within the organization. Position Overview The ... IT Compliance Analyst is to assist in the development, implementation and operations of the ...

next page

Showing results 1-20

It Governance Risk Compliance information

What are the key skills and qualifications needed to thrive as an IT Governance, Risk, and Compliance (GRC) professional, and why are they important?

To thrive as an IT Governance, Risk, and Compliance (GRC) professional, you need a strong understanding of risk management, regulatory frameworks (such as SOX, GDPR, or HIPAA), and IT security principles, often supported by a relevant degree or certifications like CISA, CRISC, or CISSP. Proficiency with GRC platforms (such as RSA Archer, ServiceNow GRC), audit tools, and compliance management systems is essential. Outstanding analytical thinking, attention to detail, and effective communication skills help you assess risks and collaborate across departments. These skills and qualities are crucial for maintaining regulatory compliance, mitigating organizational risks, and ensuring robust IT governance.

What are the most common challenges faced by IT Governance, Risk, and Compliance professionals, and how can they be addressed?

Professionals in IT Governance, Risk, and Compliance (GRC) often encounter challenges such as keeping up with rapidly evolving regulations, ensuring company-wide policy adherence, and effectively communicating risks to non-technical stakeholders. Staying current with regulatory changes requires ongoing education and strong networks within the industry. Building relationships across departments and using clear, accessible language helps ensure GRC initiatives are understood and supported. Additionally, leveraging automation tools can streamline compliance tracking and reporting, making it easier to manage complex requirements.

What is IT Governance, Risk, and Compliance (GRC)?

IT Governance, Risk, and Compliance (GRC) refers to a framework that helps organizations align their IT strategies with business goals, manage risks, and ensure compliance with relevant laws and regulations. IT GRC professionals establish policies, processes, and controls to protect information assets, assess and mitigate risks, and maintain regulatory compliance. Effective IT GRC ensures that technology supports organizational objectives while minimizing legal, financial, and security risks.

What is the difference between It Governance Risk Compliance vs IT Auditor?

AspectIT Governance Risk ComplianceIT Auditor
Primary FocusEstablishing and maintaining IT policies, risk management, compliance frameworksEvaluating and testing IT controls, ensuring compliance through audits
CertificationsCISA, CRISC, CISSPCISA, CISSP, CISM
Work EnvironmentPolicy development, risk assessments, compliance monitoringAudit planning, testing, reporting
Industry UsageUsed across organizations to ensure regulatory compliance and risk mitigationUsed to verify controls and compliance during audits

While both roles involve IT compliance, IT Governance Risk Compliance focuses on creating policies and managing risks proactively, whereas IT Auditors evaluate controls through audits to ensure compliance and effectiveness.

More about It Governance Risk Compliance jobs
What cities are hiring for It Governance Risk Compliance jobs? Cities with the most It Governance Risk Compliance job openings:
What are the most commonly searched types of It Governance Risk Compliance jobs? The most popular types of It Governance Risk Compliance jobs are:
What states have the most It Governance Risk Compliance jobs? States with the most job openings for It Governance Risk Compliance jobs include:
Infographic showing various It Governance Risk Compliance job openings in the United States as of July 2026, with employment types broken down into 63% Full Time, and 37% Contract. Highlights an 89% In-person, and 11% Hybrid job distribution.

Director of IT Governance, Risk and Compliance

orionfcu

Memphis, TN โ€ข On-site

Other

Re-posted 26 days ago


Job description

POSITION PURPOSE

The Director of IT Governance, Risk and Compliance provides strategic leadership and oversight of the organization's IT risk posture, governance frameworks, and regulatory compliance within a financial services environment. This role reports to the CIO and ensures alignment between IT risk management practices and the institution's risk appetite, while enabling secure, compliant, and resilient technology operations. The director serves as a key liaison to regulators and internal audit, leads enterprise IT risk programs, and partners closely with information security, legal, compliance, and business units to proactively identify, assess, and mitigate risk across systems, vendors, and emerging technologies.

ESSENTIAL FUNCTIONS AND BASIC DUTIES

1. ย  ย Define And maintain the IT risk management framework, ensuring alignment with enterprise risk appetite and business strategy.
2. ย  ย Develop and execute a multi year IT risk maturity road map, including governance, controls, and reporting enhancements.
3. ย  ย Provide executive level and board reporting on IT risk posture, trends, and emerging threats.
4. ย  ย Establish and oversee IT governance structures, policies, standards, and procedures.
5. ย  ย Lead enterprise IT risk assessments, including infrastructure, applications, and security architecture reviews.
6. ย  ย Identify vulnerabilities, evaluate risk exposure, and ensure timely mitigation of identified issues.
7. ย  ย Oversee risk acceptance processes and provide escalation authority for material IT and security risks.
8. ย  ย Review and challenge risk decisions, ensuring consistency with organizational risk tolerance.
9. ย  ย Serve as primary point of contact for IT regulatory examinations and audits.
10. ย  ย Manage IT exam life cycle, including preparation, coordination, and response.
11. ย  ย Oversee tracking, reporting, and remediation of IT findings from regulators and internal/ external audits.
12. ย  ย Maintain comprehensive documentation of audits, findings, and corrective actions.
13. ย  ย Interpret and operationalize regulatory requirements related to IT systems, data protection, and information security to include SOX, data privacy laws, and financial regulations.
14. ย  ย Develop and implement strategies to ensure ongoing compliance with applicable laws and standards.
15. ย  ย Partner with legal and compliance teams to monitor regulatory changes and assess impact on IT controls.
16. ย  ย Provide oversight of IT risk associated with third party vendors, including material risk vendor reviews and escalations.
17. ย  ย Collaborate with vendor management teams to ensure adequate controls and risk mitigation strategies.
18. ย  ย Assess risks associated with new technologies, products, and services, ensuring appropriate governance and control implementation.
19. ย  ย Partner closely with information security to align on security controls, risk assessments, and remediation priorities.
20. ย  ย Work with business and technology stakeholders to embed risk management practices into day-to-day operations.
21. ย  ย Promote a strong risk-aware culture across the organization.

QUALIFICATIONS

EDUCATION/CERTIFICATION: Bachelorโ€™s degree in Information Technology, Cybersecurity, Risk Management, or a related field. Advanced degree preferred. Relevant certifications preferred (e.g., CISM, CRISC, CISSP, CISA)
REQUIRED KNOWLEDGE: Strong understanding of SOX, data privacy regulations, and technology compliance requirements.

EXPERIENCE REQUIRED: Ten or more (10+) years of progressive experience in IT risk management, IT audit, information security, or governance within financial services or a highly regulated industry.
Deep expertise in IT risk frameworks, such as NIST, COBIT, ISO 27001, and regulatory environments.
Proven experience managing regulatory exams and audit engagements.

SKILLS/ABILITIES:

Ability to communicate effectively with technical and non-technical stakeholders, including senior leadership.
Demonstrated ability to lead complex risk programs and influence senior stakeholders, including executive leadership.
Very strong analytical & problem-solving skills