1

It Risk And Compliance Analyst Jobs (NOW HIRING)

Zayo serves wireless and wireline carriers, media, tech, content, finance, healthcare and other ... Bachelor's degree in Cybersecurity, Information Systems, Business, or a related field, or ...

IT Security and Governance Analyst

Louisville, KY · On-site

$43.25 - $57.50/hr

Brown-Forman is a premium spirits company that offers a dynamic opportunity for an experienced IT Governance/Risk/Compliance Analyst. In this role, you will identify and mitigate IT risks, ensure ...

Further, the IT Risk Analyst will participate in the design and evaluation of proposed remediation plans for noted issues to support compliance with prescribed requirements. The IT Risk Analyst will ...

Further, the IT Risk Analyst will participate in the design and evaluation of proposed remediation plans for noted issues to support compliance with prescribed requirements. The IT Risk Analyst will ...

An award-winning technology platform, built in-house, that aligns with the future state of Global ... information, or any other protected characteristic. Aires will not discriminate against persons ...

Job Title: IT Compliance Analyst Location: Tempe, AZ Division: Operations Department: IT Operations ... Duties and Responsibilities ● IT Security Risk and Privacy Assessments - Assess, document, and ...

Kaleida Health is dedicated to advancing community health and is seeking an IT Risk Analyst. In ... compliance initiatives. Responsibilities : • Design and implement GRC's IT governance and risk ...

New

next page

Showing results 1-20

It Risk And Compliance Analyst information

See salary details

$15

$40

$65

How much do it risk and compliance analyst jobs pay per hour?

As of Jul 3, 2026, the average hourly pay for it risk and compliance analyst in the United States is $40.49, according to ZipRecruiter salary data. Most workers in this role earn between $29.81 and $49.28 per hour, depending on experience, location, and employer.

What is the difference between It Risk And Compliance Analyst vs It Security Analyst?

AspectIt Risk And Compliance AnalystIt Security Analyst
CertificationsISO 27001, CISSP, CISACISSP, CompTIA Security+
Work EnvironmentRisk assessments, policy development, compliance auditsNetwork monitoring, incident response, security infrastructure
Industry UsageFinancial, healthcare, government sectorsTech, finance, healthcare sectors

The It Risk And Compliance Analyst focuses on ensuring organizational adherence to regulations and managing risk frameworks, while the It Security Analyst primarily handles security measures, threat detection, and incident response. Both roles require similar certifications and often work within the same industries, but their core responsibilities differ: one emphasizes compliance and risk management, the other emphasizes security operations.

What does an IT compliance analyst do?

An IT compliance analyst ensures that an organization's information technology systems adhere to relevant laws, regulations, and internal policies. They conduct audits, monitor security controls, and implement procedures to mitigate risks, often using tools like compliance management software and requiring certifications such as CISSP or CISA.

What are IT Risk and Compliance Analysts?

IT Risk and Compliance Analysts are professionals who identify, assess, and manage risks related to information technology systems within an organization. They ensure that IT processes and systems comply with internal policies and external regulations, such as GDPR or SOX. Their responsibilities include conducting risk assessments, developing mitigation strategies, monitoring compliance, and reporting on the effectiveness of controls. By doing so, they help protect the organization from cyber threats, data breaches, and regulatory penalties.

What are some common challenges an IT Risk and Compliance Analyst faces when balancing regulatory requirements with business objectives?

One common challenge IT Risk and Compliance Analysts face is ensuring that regulatory requirements are fully met without hindering business operations or innovation. Balancing security protocols and compliance standards—such as GDPR, SOX, or HIPAA—with the need for efficient workflows can be complex. Analysts must collaborate closely with IT, legal, and business units to interpret regulations pragmatically, design effective controls, and communicate the importance of compliance while minimizing disruption. This often requires strong negotiation, communication, and analytical skills to find solutions that satisfy both compliance mandates and business goals.

What are the key skills and qualifications needed to thrive as an IT Risk and Compliance Analyst, and why are they important?

To thrive as an IT Risk and Compliance Analyst, you need a solid understanding of risk management frameworks, regulatory compliance standards (such as SOX, HIPAA, or GDPR), and a bachelor's degree in information technology or a related field. Familiarity with risk assessment tools, GRC (Governance, Risk, and Compliance) platforms, and relevant certifications like CRISC or CISA is typically required. Strong analytical thinking, attention to detail, and effective communication skills help analysts interpret regulations and collaborate across departments. These skills ensure organizations proactively manage risks, maintain regulatory compliance, and protect sensitive information.

What does a risk compliance analyst do?

A risk compliance analyst evaluates an organization's adherence to regulatory requirements and internal policies to identify potential risks and ensure compliance. They analyze data, develop risk mitigation strategies, and often use tools like compliance management software to monitor ongoing adherence, supporting the organization in managing legal and operational risks.

Is a GRC analyst a good entry-level job?

A GRC (Governance, Risk, and Compliance) analyst can be a suitable entry-level role for individuals interested in cybersecurity, risk management, and compliance frameworks. It typically requires foundational knowledge of regulations and tools like audit software, making it accessible for those starting their careers in IT security. However, some positions may prefer candidates with relevant certifications or internship experience.
More about It Risk And Compliance Analyst jobs
What cities are hiring for It Risk And Compliance Analyst jobs? Cities with the most It Risk And Compliance Analyst job openings:
What states have the most It Risk And Compliance Analyst jobs? States with the most job openings for It Risk And Compliance Analyst jobs include:
What job categories do people searching It Risk And Compliance Analyst jobs look for? The top searched job categories for It Risk And Compliance Analyst jobs are:
Information Security - Risk & Compliance Analyst

Information Security - Risk & Compliance Analyst

Victaulic

Easton, PA • Hybrid

Full-time

Posted 21 days ago


Victaulic rating

7.1

Company rating: 7.1 out of 10

Based on 34 frontline employees who took The Breakroom Quiz

363rd of 527 rated manufacturers


Job description

Job Description

The Security Risk & Compliance Analyst supports the organizations global information security program by assisting in the identification, assessment, and management of information security risks and compliance demands across Victaulic's entire organization. This position plays an integral role in ensuring the company meets its obligations under domestic and international regulatory frameworks, including but not limited to, NIST CSF, ISO27001, CMMC and the EU's NIS2 Directive. The analyst will work closely with internal stakeholders, external auditors, and third-party vendors to support a culture of security awareness and continuous compliance improvement.

The ideal candidate for this role will have knowledge of, if not actual experience, in the processes of obtaining and maintaining compliance with security frameworks as well as an understanding of industry standard Information Technology auditing.

Responsibilities

Risk Assessment & Management

Assist in conducting information security risk assessments across business units, systems, and processes in accordance with established methodologies.

Document risk findings, assign risk ratings, and track remediation activities through the risk register.

Support the development and maintenance of risk treatment plans in coordination with system owners and IT teams.

Participate in annual and ad hoc enterprise risk reviews, contributing analysis and supporting materials.

Compliance & Framework Management

Support compliance activities related to NIST Cybersecurity Framework (CSF), ISO/IEC 27001, CMMC (Cybersecurity Maturity Model Certification), and the EU NIS2 Directive.

Conduct gap analyses against applicable frameworks and assist in developing remediation roadmaps.

Maintain compliance documentation, including policies, procedures, control evidence, and assessment reports.

Monitor regulatory changes and emerging framework updates; summarize implications for the security program.

Third-Party & Audit Management

Coordinate and support third-party security audits and assessments, including scheduling, evidence collection, and stakeholder communication.

Assist in managing vendor risk assessments for new and existing third-party vendors and suppliers.

Track audit findings and corrective action plans, ensuring timely remediation and closure.

Serve as a liaison between internal teams and external auditors during certification audits.

Policy, Documentation & Awareness

Assist in drafting, reviewing, and updating information security policies, standards, and procedures.

Support the delivery of security awareness training and phishing simulation programs.

Maintain organized records of all compliance and risk management activities in the Governance, Risk & Compliance platform.

Collaboration & Reporting

Collaborate with IT, Legal, Operations, and other business functions to integrate security requirements into business processes.

Prepare regular status reports and metrics dashboards for management review.

Contribute to the continuous improvement of the information security program by identifying process gaps and recommending enhancements.

Qualifications

Technical Experience

Foundational understanding of information security principles, including confidentiality, integrity, and availability (CIA).

Basic understanding of risk assessment methodologies and risk management concepts.

Familiarity with third-party risk management and audit processes.

Strong analytical and problem-solving skills with attention to detail.

Capacity to understand legacy and progressive technology and security controls along with respective risk.

Working knowledge of technologies such as cloud computing, DevOps, and application security is required.

General Requirements

Analytical Thinking - applies structured reasoning to evaluate risk and compliance data objectively

Integrity & Accountability - Handles sensitive security information with discretion and professionalism.

Communication - Clearly translates security requirements and findings for varied audiences across the organization

Continuous Learning - Proactively keeps pace with evolving security frameworks, threats, and regulatory requirements

Collaboration - Builds effective working relationships across IT, operations, and business functions globablly

Detail Orientation - Produces thorough, accurate documentation and maintains meticulous records of compliance activities

Education & Certifications

0 - 2 years' experience in information security, IT audit, risk management, or a related field.

Bachelor's degree, cybersecurity certification, or equivalent experience in an information security or related field.

A minimum of an entry-level certification such as the CompTIA Security+ certification

Additional Risk & Compliance certification(s), such as CISA, a plus

Work Environment & Physical Requirements

This position is primarily office-based with hybrid flexibility. The role may require occasional visits to manufacturing facilities domestically and internationally. Ability to work across global time zones may be required for coordination with European and Asian teams.

Victaulic is an Equal Employment Opportunity (EOE/M/F/Vets/Disabled) employer and welcomes all qualified applicants. Applicants will receive fair and impartial consideration without regard to race, gender, color, religion, national origin, age, disability, veteran status, sexual orientation, genetic data, or other legally protected status. (Background checks may be required as part of our pre-employment process).


What Victaulic employees say

Pay

Benefits

Hours and flexibility

Workplace

Get the full story on Breakroom