1

It Governance Risk Jobs (NOW HIRING)

Facilitate cross-functional collaboration (IT, Engineering, Legal, HR) to address security risks. * Advise IT and IS leadership on risk impacts and governance priorities. * Assist with the design and ...

IT Governance Analyst

Sacramento, CA · On-site +1

$130K - $135K/yr

Establish policies and standards for budgeting and cost approval based on project size and risk ... Introduce new IT Governance and Financial Controls practices within ETS. * Create training ...

IT Governance Analyst

Sacramento, CA · Remote

$130K - $135K/yr

Establish policies and standards for budgeting and cost approval based on project size and risk ... Introduce new IT Governance and Financial Controls practices within ETS. * Create training ...

The IT Governance, Risk, and Compliance (GRC) Lead Analyst serves as a subject matter expert responsible for leading the design, implementation, maturity, and continuous improvement of the ...

The IT Governance, Risk, and Compliance (GRC) Lead Analyst serves as a subject matter expert responsible for leading the design, implementation, maturity, and continuous improvement of the ...

Position: IT Governance Analyst 1 Location: Lansing, MI 48933 REQ ID: 509124 Duration: 8 + Months ... Ensures issues are evaluated and resolved, escalates risk and directs corrective actions in any ...

next page

Showing results 1-20

It Governance Risk information

What are the key skills and qualifications needed to thrive as an IT Governance, Risk, and Compliance (GRC) professional, and why are they important?

To thrive as an IT GRC professional, you need a solid understanding of information security principles, risk management frameworks, and relevant regulatory standards, often supported by a degree in IT or cybersecurity and certifications like CISA or CISSP. Familiarity with GRC tools such as RSA Archer, ServiceNow GRC, and risk assessment methodologies is typically required. Strong analytical thinking, attention to detail, and effective communication skills help you interpret complex regulations and collaborate with stakeholders. These competencies ensure effective risk mitigation, regulatory compliance, and alignment between IT and business objectives.

What is IT Governance Risk?

IT Governance Risk refers to the potential threats and vulnerabilities that can affect an organization's information technology systems, processes, and data. It involves identifying, assessing, and managing risks related to IT operations, compliance, security, and strategic alignment with business objectives. Effective IT governance risk management helps organizations ensure regulatory compliance, protect sensitive information, and support business continuity. Professionals in this field develop policies, procedures, and controls to mitigate risks and enable informed decision-making.

What is the difference between It Governance Risk vs It Security Analyst?

AspectIt Governance RiskIt Security Analyst
CertificationsCISA, CRISCCISSP, Security+
Work EnvironmentPolicy development, risk assessment, complianceMonitoring security systems, incident response
Industry UsageGovernance, risk management, compliance teamsSecurity operations teams, IT departments

It Governance Risk focuses on establishing policies, managing IT risks, and ensuring compliance across the organization. In contrast, an It Security Analyst primarily monitors security systems, investigates incidents, and implements security measures. While both roles require understanding of IT frameworks and certifications like CISA or CISSP, their core responsibilities differ: governance versus security operations.

How does an IT Governance Risk professional typically collaborate with other departments within an organization?

IT Governance Risk professionals frequently work cross-functionally, partnering with departments such as IT, legal, compliance, and business units to ensure that risk management practices align with organizational objectives and regulatory requirements. This collaboration often involves facilitating risk assessments, developing and implementing policies, and providing guidance on risk mitigation strategies. Clear communication and strong relationship-building skills are key, as the role requires translating technical risks into business impacts and gaining buy-in from stakeholders across the company.
More about It Governance Risk jobs
What cities are hiring for It Governance Risk jobs? Cities with the most It Governance Risk job openings:
What states have the most It Governance Risk jobs? States with the most job openings for It Governance Risk jobs include:
Infographic showing various It Governance Risk job openings in the United States as of July 2026, with employment types broken down into 95% Full Time, 3% Part Time, and 2% Contract. Highlights an 82% Physical, 6% Hybrid, and 12% Remote job distribution.
IT Governance & Compliance Analyst

IT Governance & Compliance Analyst

Modivcare, Inc.

Denver, CO • On-site

$80K - $105K/yr

Full-time

Medical, Dental, Vision, Life, Retirement, PTO

Posted 4 hours ago


Modivcare rating

6.5

Company rating: 6.5 out of 10

Based on 46 frontline employees who took The Breakroom Quiz

600th of 882 rated healthcare providers


Job description

Are you passionate about making a difference in people's lives? Do you enjoy working in a service-oriented industry? If so, this opportunity may be the right fit for you!

Modivcare is looking for an experienced IT Governance & Compliance Analyst to join our team, supporting enterprise-wide IT governance, risk management, compliance, and audit initiatives. This role is responsible for supporting security frameworks, governance processes, regulatory compliance activities, and continuous improvement efforts that strengthen IT controls and reduce organizational risk. The ideal candidate will bring experience in IT governance, compliance assessments, audit coordination, and process documentation while collaborating across technical and operational teams to support a strong security and compliance posture.

This position is based in our Denver office and requires on-site attendance five (5) days per week.

This role...

  • Develops, documents, and maintains IT governance processes, policies, and procedures aligned with industry frameworks and standards, including NIST CSF and ISO 27001.

  • Partners with IT teams to implement and support security policies, governance controls, and compliance initiatives across the enterprise.

  • Facilitates external assessments and audits related to HITRUST, ISO 27001, HIPAA, and SOC 2 compliance, including coordination with third-party assessors, audit evidence collection, remediation tracking, and support of audit activities.

  • Supports identity and access governance processes, including documentation, control validation, and user awareness related to assigned responsibilities.

  • Assists with cybersecurity incident response preparedness through process documentation, testing, employee training, and response support activities.

  • Evaluates and tests the IT control environment to ensure controls are operating effectively and organizational risks are appropriately identified, measured, and reported.

  • Develops, monitors, and reports governance metrics, including OKRs, KPIs, remediation activities, vulnerabilities, patch management, and Plans of Action & Milestones (POAMs).

  • Supports third-party risk management activities, including vendor security assessments and alignment with organizational security policies and standards.

  • Assists in the development, maintenance, and testing of IT General Controls (ITGCs) and compliance processes supporting HIPAA, HITRUST, ISO 27001, SOX, SOC 2, and CCPA requirements.

  • Supports internal and external audit activities through evidence collection, control testing, process improvement, and remediation validation.

  • Identifies opportunities to improve governance, compliance, and audit activities through process optimization, scripting, automation, and emerging AI-assisted capabilities.

  • Ensures customer and regulatory compliance commitments are maintained and completed in a timely manner.

  • Participates in additional projects and duties as assigned, including occasional business travel as required.

  • This role does not have direct supervisory responsibilities.

We are interested in speaking with individuals with the following...

  • Bachelor's Degree in Computer Science, Computer Engineering, Management Information Systems, Information Security/Cyber Security, or a related field required.

  • Three (3) or more years of experience in IT governance, information security, risk management, compliance, or related areas.

  • Experience supporting external audits and compliance assessments, including HITRUST, ISO 27001, and SOC 2 preferred.

  • CISSP, ITIL, GIAC, or related certifications preferred.

  • Equivalent combinations of education and experience may be considered.

  • Familiarity with IT governance frameworks, industry standards, and best practices, including NIST CSF and ISO 27001.

  • Knowledge of regulatory and compliance requirements, including HIPAA, HITRUST, ISO 27001, SOX, SOC 2, and related IT control frameworks.

  • Experience supporting audits, assessments, compliance reviews, and remediation activities.

  • Understanding of IT General Controls (ITGCs), risk management principles, identity and access management, vulnerability management, and third-party risk management concepts.

  • Ability to analyze IT systems, processes, and controls to identify risks, gaps, and improvement opportunities.

  • Ability to develop and maintain policies, procedures, standards, controls, narratives, and governance documentation.

  • Familiarity with scripting, automation platforms, and AI-assisted technologies used to improve governance, compliance, audit, or operational processes.

  • Strong analytical, problem-solving, organizational, and documentation skills with attention to detail.

  • Effective verbal and written communication skills with the ability to collaborate across technical and non-technical teams.

Salary: $80,150 - $105,450

Modivcare's positions are posted and open for applications for a minimum of 5 days. Positions may be posted for a maximum of 45 days dependent on the type of role, the number of roles, and the number of applications received. We encourage our prospective candidatesto submit their application(s) expediently so as not to miss out on our opportunities. We frequently post new opportunities andencourage prospective candidates to check back often for new postings.


We value our team members and realize the importance of benefits for you and your family.

Modivcare offers a comprehensive benefits package to include the following:

  • Medical, Dental, and Vision insurance
  • Employer Paid Basic Life Insurance and AD&D
  • Voluntary Life Insurance (Employee/Spouse/Child)
  • Health Care and Dependent Care Flexible Spending Accounts
  • Pre-Tax and Post --Tax Commuter and Parking Benefits
  • 401(k) Retirement Savings Plan with Company Match
  • Paid Time Off
  • Paid Parental Leave
  • Short-Term and Long-Term Disability
  • Tuition Reimbursement
  • Employee Discounts (retail, hotel, food, restaurants, car rental and much more!)

Modivcare is an Equal Opportunity Employer.

  • EEO is The Law - click here for more information
  • Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled
  • We consider all applicants for employment without regard to race, color, religion, sex, sexual orientation, national origin, age, handicap or disability, or status as a Vietnam-era or special disabled veteran in accordance with federal law. If you need assistance, please reach out to us athr.recruiting@modivcare.com

What Modivcare employees say

Pay

Benefits

Hours and flexibility

Workplace

Get the full story on Breakroom