1

It Grc Analyst Jobs (NOW HIRING)

Overview The IT GRC Analyst operates within the enterprise Cybersecurity Operations function and supports the Information Technology, Information Systems, and other technology teams aligned under the ...

Governance, Risk, and Compliance (GRC) Analyst - SOX & Data Security Focus Location: Clemmons, NC ... Support the design, documentation, and operation of IT General Controls (ITGCs). * Execute and ...

Kforce has a client that is seeking a GRC Analyst to work hybrid in Grapevine, TX. Responsibilities ... Pay is not considered compensation until it is earned, vested and determinable. The amount and ...

GRC Analyst

Columbia, SC · Hybrid

$65K - $80K/yr

GRC Analyst Division: Infrastructure/ IT Location: Columbia, SC Type : Full-Time; May be eligible for hybrid work schedule after successful completion of training Hiring Range: $65,000 - $80,000 ...

Governance, Risk, and Compliance (GRC) Analyst - SOX & Data Security Focus Location: Clemmons,NC ... Support the design, documentation, and operation of IT General Controls (ITGCs). * Execute ...

The IT Governance, Risk, and Compliance (GRC) Lead Analyst serves as a subject matter expert ... Establish and maintain IT control frameworks, including ITGCs, cybersecurity controls, and key risk ...

The IT Governance, Risk, and Compliance (GRC) Lead Analyst serves as a subject matter expert ... Establish and maintain IT control frameworks, including ITGCs, cybersecurity controls, and key risk ...

With built-in governance, control, and insight, it creates a connected ecosystem for confident ... As a Principal GRC Analyst you will be part of the team responsible for audits of cloud ...

Senior GRC Analyst

Seattle, WA · Hybrid

$140K - $165K/yr

As a Senior GRC Analyst at DigitalOcean, you will lead the strategic maturation of DigitalOcean ... Familiarity with prominent privacy legislation (e.g., GDPR/CCPA) as it relates to ISO 27701 ...

... it more efficient and reliable. This creates clean energy capacity that can be used by the power ... We are looking for a GRC Analyst to drive our company forward, and help us lead the clean energy ...

Senior GRC Analyst

Boston, MA · Remote

$140K - $165K/yr

As a Senior GRC Analyst at DigitalOcean, you will lead the strategic maturation of DigitalOcean ... Familiarity with prominent privacy legislation (e.g., GDPR/CCPA) as it relates to ISO 27701 ...

Senior GRC Analyst Morgan & Morgan | Risk & Resilience Program Reports To: Director of Business ... If you want to inherit a mature program and tune it, this isn't for you. If you want to build one ...

Senior GRC Analyst Morgan & Morgan | Risk & Resilience Program Reports To: Director of Business ... If you want to inherit a mature program and tune it, this isn't for you. If you want to build one ...

next page

Showing results 1-20

It Grc Analyst information

See salary details

$36.5K

$97.7K

$228.5K

How much do it grc analyst jobs pay per year?

As of Jul 15, 2026, the average yearly pay for it grc analyst in the United States is $97,659.00, according to ZipRecruiter salary data. Most workers in this role earn between $55,000.00 and $111,000.00 per year, depending on experience, location, and employer.

What are IT GRC Analysts?

IT GRC Analysts are professionals who specialize in managing and overseeing an organization's Information Technology (IT) Governance, Risk, and Compliance (GRC) programs. Their main responsibilities include assessing risks to IT systems, ensuring compliance with relevant laws and regulations, and developing policies to strengthen IT governance. They also work closely with other departments to identify and mitigate security risks, conduct audits, and provide recommendations for process improvements. By doing so, IT GRC Analysts help organizations protect their data and maintain regulatory compliance.

What does a GRC analyst do?

A GRC (Governance, Risk, and Compliance) analyst is responsible for managing an organization’s IT governance, assessing risks, and ensuring compliance with regulations and policies. They often use tools like risk management frameworks and conduct audits to identify vulnerabilities and implement security controls.

What are the key skills and qualifications needed to thrive as an IT GRC Analyst, and why are they important?

To thrive as an IT GRC Analyst, you need a solid understanding of IT risk management, compliance frameworks (like ISO 27001 or NIST), and a relevant degree in information technology or cybersecurity. Familiarity with GRC tools (such as Archer or ServiceNow), audit management systems, and industry certifications like CISA or CRISC are commonly required. Strong analytical thinking, attention to detail, and effective communication skills help you interpret complex regulations and work with diverse stakeholders. These competencies ensure organizations effectively manage risks, maintain regulatory compliance, and protect critical information assets.

What is the difference between It Grc Analyst vs It Security Analyst?

AspectIt Grc AnalystIt Security Analyst
CertificationsISO 27001, CISSP, CISACISSP, CEH, CompTIA Security+
Work EnvironmentRisk management, policy development, complianceSecurity monitoring, incident response, threat analysis
Employer & Industry UsageFinance, healthcare, government, corporateIT firms, cybersecurity companies, large enterprises

The It Grc Analyst primarily focuses on governance, risk management, and compliance frameworks, ensuring organizations adhere to regulations. In contrast, the It Security Analyst concentrates on protecting systems from security threats through monitoring and incident response. Both roles require certifications like CISSP and work within similar industries, but their core responsibilities differ—one emphasizes policy and compliance, the other security operations.

What are some common challenges faced by IT GRC Analysts, and how can they effectively address them?

IT GRC Analysts often face challenges such as keeping up with rapidly changing compliance regulations, managing complex risk assessments, and ensuring organization-wide adherence to policies. To address these, analysts should prioritize continuous learning, collaborate closely with IT and business teams, and utilize automated GRC tools to streamline processes. Building strong communication skills also helps in advocating for compliance and fostering a culture of risk awareness across the organization.

Can you make $200,000 in cyber security?

IT GRC Analysts typically earn between $70,000 and $130,000 annually, depending on experience, certifications, and location. Reaching a $200,000 salary usually requires advanced roles such as senior security managers or consultants with specialized skills and extensive experience in cybersecurity, risk management, and compliance. High salaries are often associated with leadership positions or roles in high-cost-of-living areas.

Are GRC analysts in demand?

GRC (Governance, Risk, and Compliance) analysts are in high demand due to increasing cybersecurity regulations and the need for organizations to manage risk effectively. Employers seek professionals with knowledge of compliance frameworks, risk assessment, and tools like GRC software, making this a growing field with strong job prospects.

Is a GRC analyst entry level?

A GRC (Governance, Risk, and Compliance) analyst role can be entry level or require experience depending on the organization. Entry-level positions typically require basic knowledge of cybersecurity principles, compliance standards, and relevant tools, often with a bachelor's degree in a related field. More advanced roles may require certifications like CISA or CISSP and prior experience in risk management or security auditing.
More about It Grc Analyst jobs
What cities are hiring for It Grc Analyst jobs? Cities with the most It Grc Analyst job openings:
What states have the most It Grc Analyst jobs? States with the most job openings for It Grc Analyst jobs include:
What job categories do people searching It Grc Analyst jobs look for? The top searched job categories for It Grc Analyst jobs are:
Infographic showing various It Grc Analyst job openings in the United States as of July 2026, with employment types broken down into 1% Locum Tenens, 1% Internship, 86% Full Time, 6% Part Time, 1% Temporary, and 5% Contract. Highlights an 82% Physical, 5% Hybrid, and 13% Remote job distribution, with an average salary of $97,659 per year, or $47 per hour.
IT Governance Risk & Compliance (GRC) Analyst

IT Governance Risk & Compliance (GRC) Analyst

Trustmark Bank

Ridgeland, MS • On-site

Full-time

Posted 6 days ago


Trustmark National Bank rating

8.2

Company rating: 8.2 out of 10

Based on 19 frontline employees who took The Breakroom Quiz

44th of 149 rated banks


Job description

The IT GRC Analyst operates within the enterprise Cybersecurity Operations function and supports the Information Technology, Information Systems, and other technology teams aligned under the Chief Information Officer. This role executes governance, risk, and compliance activities aligned with regulatory frameworks and internal policies. Core responsibilities include ensuring operational alignment with frameworks such as GLBA, FFIEC, SOX, NIST CSF, and the Computer Risk Institute (CRI) Profile; conducting IT assessments and Risk Control Self Assessments (RCSAs); maintaining control libraries; and supporting recurring testing, reporting, and metrics analysis and response. The analyst contributes to recurring reporting cycles, supports departmental risk remediation and response efforts associated with findings and risks, and helps drive continuous improvement of governance practices through collaboration, documentation, and control maturity efforts.

The analyst collaborates with Enterprise Risk, Audit (internal and external), Compliance, and Policy Management teams to execute these activities effectively. Day-to-day responsibilities include control documentation, testing coordination, assistance with reviewing and updating policies, standards, and control libraries, and policy lifecycle support. Familiarity with GRC platforms (e.g., AuditBoard), ITSM tools (e.g., ServiceNow), and regulatory compliance in financial services is strongly preferred.

The analyst also contributes to the development and maintenance of IT policies and procedures and supports the definition and tracking of key performance indicators (KPIs) and key risk indicators (KRIs). Success in this role requires strong technical writing skills, cross-functional engagement, and a focus on building and maintaining automation to streamline control testing and reporting processes. The role demands a self-driven desire to continuously learn and improve along with a collaborative mindset and a willingness to meet teammates and coworkers where they are in their processes. The analyst must be committed to helping develop, strengthen, and sustain a resilient and effective IT GRC program across the organization.

This position may be filled as a Level I, II or III.  Additional responsibilities and qualifications apply.


  • Serve as liaison between internal IT/IS/Cyber teams and Enterprise Risk and Audit to facilitate compliance efforts and assessments (GLBA, FFIEC, SOX, CRI/NIST CSF).
  • Coordinate the collection of sufficient, appropriate evidence for assessments, including facilitating questionnaires and direct engagement with engineers and operational personnel.
  • Execute and document testing procedures in spreadsheets and GRC platforms; draft reports based on results and environmental context.
  • Utilize GRC tools to manage questionnaires, evidence collection, assessment documentation, and asset definitions.
  • Track, document, and support remediation of findings, risk exceptions, and issues identified through audits, assessments, or operational testing, escalating unresolved items as appropriate.
  • Collaborate with internal IT/IS teams to maintain and review policy/standards documentation.
  • Research, implement, and monitor compliance initiatives to protect organizational assets.
  • Assess systems for compliance gaps and oversee sustainable remediation efforts.
  • Manage new and recurring compliance initiatives by conducting control assessments and recommending remediation or compensating controls.
  • Collaborate with peers and leadership to review and refine assessment work.
  • Stay current on regulatory changes and industry best practices to maintain alignment with standards.
  • Facilitate cross-functional collaboration (IT, Engineering, Legal, HR) to address security risks.
  • Advise IT and IS leadership on risk impacts and governance priorities.
  • Assist with the design and monitoring of KPIs and KRIs aligned to operational objectives.
  • Support timely execution of user access reviews and associated remediation efforts.
  • Perform other duties commensurate with responsibilities of an IT GRC department.
  • Associates are expected to perform all additional duties as assigned.

  • Bachelor’s degree in information security, Information Systems/Technology, Risk Management, Cybersecurity, or a similar discipline.
  • 1 year of experience in IT GRC, IT audit, or a closely related compliance or risk function.
  • Ability to coordinate with operational and IT/IS personnel to gather evidence, clarify processes, and support control implementation.
  • Proficiency with Microsoft Office 365, including Excel and SharePoint for documentation and collaboration.
  • Strong written and verbal communication skills, including drafting audit findings and control narratives.
  • Familiarity with enterprise infrastructure components such as operating systems, directory services, and security technologies.
  • External-facing project experience (e.g., consulting, public accounting) is a plus.
  • Strong Preference for candidates located within commuting distance of Ridgeland, MS or willing to work hybrid/remote with occasional in-person sessions.

Additional qualifications required for Level II:

  • 3 years of experience in IT GRC, IT audit, or a closely related compliance or risk function.
  • Demonstrated ability to work independently with minimal oversight.
  • Experience documenting control testing results in GRC platforms or structured formats.
  • Working knowledge of GRC platforms (e.g., Archer, AuditBoard, ServiceNow).
  • At least one relevant certification (e.g., CISSP, CISM, CISA, CIA, CRISC, CGRC).
  • Experience translating regulatory requirements into detailed policies, standards, and control procedures, with the ability to explain technical and regulatory concepts clearly to non-GRC stakeholders.
  • Understanding of cybersecurity infrastructure (e.g., firewalls, vulnerability management, IDS/IPS).
  • Proactively identifies tasks and next steps rather than waiting for work to be assigned.Approaches problems from a solution oriented perspective and brings proposed options when raising issues.
  • Recognizes and corrects gaps or weaknesses in own work prior to submission.
  • Produces well structured, professionally formatted reports, presentations, and spreadsheets suitable for executive, audit, and regulatory audiences, with minimal need for substantive review, rework, or edits.

Additional qualifications required for Level III:

  • 5 years of experience in IT GRC, IT audit, or a closely related compliance or risk function.
  • Proven ability to manage cross-functional collaboration across IT, Engineering, Legal, HR, and other stakeholders.
  • Advanced analytical skills with experience using tools like Alteryx, Tableau, Power BI, or Python for reporting and automation.
  • Independently identifies, prioritizes, and drives work with minimal direction, proactively voicing and coordinating areas where effort is needed.
  • Provides guidance, instruction, and informal training to Analyst I and Analyst II team members.
  • Leads project execution by bringing structure, ideas, and recommended solutions, and translating detailed analysis into clear direction.
  • Reviews the work of others constructively, identifying weaknesses and improvement opportunities.
  • Produces work requiring minimal review and demonstrates sound judgment in improving overall team output beyond personal deliverables.

Physical Requirements & Working Conditions:

Must be able to sit for long periods of time and use computer keyboard and/or mouse requiring hand and wrist manipulation, while viewing computer screens.

 

Disclaimer:

Management retains the right to add, delete or modify the responsibilities and qualifications of the position at any time.

Trustmark Bank does not accept unsolicited resumes from agencies and/or search firms for any job postings on this site.  Resumes submitted to any Trustmark Bank employee by a third-party agency and/or search firm without a valid, written search agreement signed by Trustmark, will become the sole property of Trustmark Bank.  No fee will be paid if a candidate is hired for a position as a result of an unsolicited agency or search firm referral.


What Trustmark National Bank employees say

Pay

Benefits

Hours and flexibility

Workplace

Get the full story on Breakroom