1

It Risk And Compliance Analyst Jobs (NOW HIRING)

IT Compliance Analyst

Billerica, MA · On-site

$105K - $130K/yr

The IT Compliance Analyst supports Quanterix's IT compliance and risk management programs by helping ensure systems, processes, and controls meet internal policies and external regulatory ...

$41.75 - $55.75/hr

The IT Governance/Risk/Compliance Analyst position offers a dynamic opportunity for an experienced analyst to help shape the future of our governance, risk, and compliance initiatives. In this role ...

IT Risk Analyst

San Diego, CA · On-site

$79K - $102K/yr

Position Summary The position of IT Risk Analyst is responsible for participating in IT compliance and risk management initiatives. The candidate should demonstrate a basic understanding of IT risk, ...

IT Risk Analyst Location: Larkin Bldg @ Exchange Street Location of Job : US:NY:Buffalo Work Type ... to monitor and track IT risk and compliance, and support the development of new policies ...

Manager, IT Risk Operations

Palo Alto, CA · On-site

$147K - $198K/yr

This high-impact position in the Governance, Risk & Compliance function sits at the center of the ... Analyze incident, change, and problem management data toidentifytrends and improvement ...

next page

Showing results 1-20

It Risk And Compliance Analyst information

See salary details

$15

$40

$65

How much do it risk and compliance analyst jobs pay per hour?

As of Jul 3, 2026, the average hourly pay for it risk and compliance analyst in the United States is $40.49, according to ZipRecruiter salary data. Most workers in this role earn between $29.81 and $49.28 per hour, depending on experience, location, and employer.

What is the difference between It Risk And Compliance Analyst vs It Security Analyst?

AspectIt Risk And Compliance AnalystIt Security Analyst
CertificationsISO 27001, CISSP, CISACISSP, CompTIA Security+
Work EnvironmentRisk assessments, policy development, compliance auditsNetwork monitoring, incident response, security infrastructure
Industry UsageFinancial, healthcare, government sectorsTech, finance, healthcare sectors

The It Risk And Compliance Analyst focuses on ensuring organizational adherence to regulations and managing risk frameworks, while the It Security Analyst primarily handles security measures, threat detection, and incident response. Both roles require similar certifications and often work within the same industries, but their core responsibilities differ: one emphasizes compliance and risk management, the other emphasizes security operations.

What does an IT compliance analyst do?

An IT compliance analyst ensures that an organization's information technology systems adhere to relevant laws, regulations, and internal policies. They conduct audits, monitor security controls, and implement procedures to mitigate risks, often using tools like compliance management software and requiring certifications such as CISSP or CISA.

What are IT Risk and Compliance Analysts?

IT Risk and Compliance Analysts are professionals who identify, assess, and manage risks related to information technology systems within an organization. They ensure that IT processes and systems comply with internal policies and external regulations, such as GDPR or SOX. Their responsibilities include conducting risk assessments, developing mitigation strategies, monitoring compliance, and reporting on the effectiveness of controls. By doing so, they help protect the organization from cyber threats, data breaches, and regulatory penalties.

What are some common challenges an IT Risk and Compliance Analyst faces when balancing regulatory requirements with business objectives?

One common challenge IT Risk and Compliance Analysts face is ensuring that regulatory requirements are fully met without hindering business operations or innovation. Balancing security protocols and compliance standards—such as GDPR, SOX, or HIPAA—with the need for efficient workflows can be complex. Analysts must collaborate closely with IT, legal, and business units to interpret regulations pragmatically, design effective controls, and communicate the importance of compliance while minimizing disruption. This often requires strong negotiation, communication, and analytical skills to find solutions that satisfy both compliance mandates and business goals.

What are the key skills and qualifications needed to thrive as an IT Risk and Compliance Analyst, and why are they important?

To thrive as an IT Risk and Compliance Analyst, you need a solid understanding of risk management frameworks, regulatory compliance standards (such as SOX, HIPAA, or GDPR), and a bachelor's degree in information technology or a related field. Familiarity with risk assessment tools, GRC (Governance, Risk, and Compliance) platforms, and relevant certifications like CRISC or CISA is typically required. Strong analytical thinking, attention to detail, and effective communication skills help analysts interpret regulations and collaborate across departments. These skills ensure organizations proactively manage risks, maintain regulatory compliance, and protect sensitive information.

What does a risk compliance analyst do?

A risk compliance analyst evaluates an organization's adherence to regulatory requirements and internal policies to identify potential risks and ensure compliance. They analyze data, develop risk mitigation strategies, and often use tools like compliance management software to monitor ongoing adherence, supporting the organization in managing legal and operational risks.

Is a GRC analyst a good entry-level job?

A GRC (Governance, Risk, and Compliance) analyst can be a suitable entry-level role for individuals interested in cybersecurity, risk management, and compliance frameworks. It typically requires foundational knowledge of regulations and tools like audit software, making it accessible for those starting their careers in IT security. However, some positions may prefer candidates with relevant certifications or internship experience.
More about It Risk And Compliance Analyst jobs
What cities are hiring for It Risk And Compliance Analyst jobs? Cities with the most It Risk And Compliance Analyst job openings:
What states have the most It Risk And Compliance Analyst jobs? States with the most job openings for It Risk And Compliance Analyst jobs include:
What job categories do people searching It Risk And Compliance Analyst jobs look for? The top searched job categories for It Risk And Compliance Analyst jobs are:
Governance Risk & Compliance Analyst

Governance Risk & Compliance Analyst

System One

Denver, CO • Remote

Contractor

Medical, Dental, Vision, Life, Retirement

Posted 16 days ago


Job description

Job Title: Governance Risk & Compliance AnalystLocation: Lakewood, COType: ContractCompensation:Work Model: Hybrid – onsite and remoteHours: 40.0Security Clearance:OverviewLeave placeholder text here for recruiter to inputResponsibilities

  • Support information security risk assessments for new projects, systems, and business processes.
  • Assist in conducting internal control reviews (e.g., J?SOX), preparing audit materials, and coordinating responses to internal and external auditors.
  • Track and follow up on remediation actions to ensure timely closure of identified risks.
  • Contribute to drafting, updating, and maintaining global information security policies, standards, and procedures.
  • Review relevant laws, regulations, and industry frameworks (e.g., ISO 27001, NIS2) and incorporate stakeholder feedback into documentation.
  • Support the rollout and implementation of policies across regions.
  • Monitor adherence to security and regulatory requirements, including ISO 27001, NIS2, and GDPR.
  • Collect and organize compliance evidence, track corrective actions, and support certification and regulatory readiness efforts such as ISO 27001/42001 and NIS2 programs.
  • Conduct third?party security risk assessments by distributing questionnaires, analyzing responses, verifying controls, and documenting results in the GRC tracking systems.
  • Identify and escalate high?risk findings to the GRC Functional Leader and support follow?up mitigation activities.
  • Participate in the planning and implementation of security awareness programs for all associates.
  • Create e-learning materials and training materials, conduct phishing email exercises, and distribute disseminated content on internal portals.
  • Monitor and analyze global regulatory developments related to cybersecurity with a focus on industrial control systems (ICS), IT environments, and critical infrastructure.
  • Assist in evaluating how new or updated regulations (e.g., NIS2, FDA cybersecurity expectations, industrial cybersecurity standards, or country?specific critical infrastructure laws) impact company operations.
  • Track emerging obligations, document requirements, and support gap assessments to ensure timely compliance.
  • Assist in the preparation, maintenance, and continuous improvement of the CISO Dashboard by collecting, validating, and analyzing security metrics across the Global GRC function.
  • Compile key performance indicators (KPIs) and key risk indicators (KRIs) related to compliance status, audit findings, supplier risk, incident trends, training completion, regulatory readiness, and other relevant security domains.
  • Support the visualization and communication of security posture to senior leadership by ensuring data accuracy, timely updates, and clarity in reporting.
  • Support the development and enforcement of governance controls for the secure use of artificial intelligence technologies across the organization.
  • Identify risks related to AI systems—such as model security, algorithmic integrity, and misuse—and contribute to risk assessments and mitigation plans.
  • Help evaluate third?party AI tools.
  • Support the development and improvement of GRC processes, tools, and documentation to enhance operational efficiency and standardization.
  • Assist in preparing reports, presentations, and materials for leadership reviews, steering committees, and cross?functional meetings.
  • Participate in internal security projects and initiatives, including process automation, metrics development, and enhancements to governance workflows.
  • Provide coordination and administrative support for security committees, working groups, and regional GRC activities.
  • Perform additional duties as assigned to support the Global Information Security Office and the broader GRC program.
Requirements
  • 3 to 5+ years of experience in information security, governance, risk management, compliance, IT audit, or a related discipline.
  • Experience supporting security programs in global or regulated environments is a plus.
  • Understanding of global and regional information security regulations (e.g., data protection laws, cybersecurity requirements) and familiarity with security frameworks such as ISO 27001.
  • Knowledge of internal control frameworks (e.g., J?SOX) and IT governance practices is highly desirable.
  • Experience supporting audit activities is preferred.
  • Experience with risk assessment methodologies, control evaluation, and vulnerability or issue management processes.
  • Strong analytical and problem?solving skills, with the ability to identify risks, assess impacts, and support the development and tracking of corrective actions.
  • Ability to communicate security requirements, policies, and audit findings clearly and persuasively with stakeholders across regions and business units.
  • Strong coordination skills to build consensus and drive compliance.
  • Industry certifications such as CISSP, CISA, CISM, ISO 27001 Lead Implementer/Auditor, or similar are preferred but not required.
  • Bachelor’s degree in information security, Cybersecurity, Information Systems, Computer Science, or a related field; or equivalent professional experience.
  • Familiarity with governance, risk, and compliance tools (e.g., BitSight, Drata, OneTrust, Archer, or similar) for managing risks, audits, and compliance workflows.
  • Working knowledge of cybersecurity concepts such as identity and access management, endpoint protection, vulnerability management, cloud security, and secure system design.
  • Experience supporting cross?functional security or compliance initiatives, including requirements gathering, documentation, and progress tracking.
  • Ability to interpret risk metrics, compliance data, and audit results.
  • Experience with dashboards, KPI/KRI reporting, or data visualization tools is a plus.
  • Awareness of emerging cybersecurity regulations (e.g., NIS2, AI governance frameworks, critical infrastructure rules) and their potential impact on enterprise operations.

System One, and its subsidiaries including Joulé and Mountain Ltd., are leaders in delivering outsourced services and workforce solutions across North America. We help clients get work done more efficiently and economically, without compromising quality. System One not only serves as a valued partner for our clients, but we offer eligible employees health and welfare benefits coverage options including medical, dental, vision, spending accounts, life insurance, voluntary plans, as well as participation in a 401(k) plan.System One is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, age, national origin, disability, family care or medical leave status, genetic information, veteran status, marital status, or any other characteristic protected by applicable federal, state, or local law.#M-#LI-Ref: #558-Scientific