Governance Risk and Compliance Analyst
About the position
Overview
The Governance Risk and Compliance Analyst oversee third-party and internal risk assessments to support enterprise information security and governance, risk, and compliance (GRC) initiatives. This position manages vendor due diligence, maintains an accurate risk register, partners with internal stakeholders on mitigation strategies, and drives continuous improvement of the risk and compliance framework. Pay Range: $87,000 - $105,000 What We Offer: Tuition Waiver : Enjoy a tuition waiver after 6 months of employment for you AND your immediate family offered at UTI and Concorde campuses Paid Time Off : Competitive paid time off programs for employees (Vacation, Sick, Flexible) Retirement Matching : 50% match on the first 6% of your contributions after 90 days Paid Parental Leave : 4 weeks of paid leave for both birthing and non-birthing parents to bond with a new baby Competitive Insurance : Health, vision, and dental coverage for you and your dependents Pet Insurance : Competitive coverage for your furry family members through ASPCA Health Plan Enrollment : Eligibility starts first of the month following completing one full month of employment Responsibilities Execute comprehensive risk assessments aligned with the organization’s risk management framework to identify, evaluate, and prioritize potential threats Support the third-party onboarding process by assessing business criticality and evaluating the security posture of prospective vendors and partners Conduct periodic due diligence reviews of existing third-party relationships based on risk tiering, ensuring ongoing compliance and risk mitigation Collaborate with risk owners to develop, implement, and monitor mitigation strategies, while tracking progress and ensuring timely remediation Maintain and continuously update the third-party inventory, ensuring accurate records of vendors, partners, and regulatory entities Contribute to the enhancement of the organization’s risk management and compliance programs by supporting the development and refinement of policies, processes, and controls Stay informed on evolving risk and compliance standards, frameworks, and best practices, and recommend integration of relevant updates into internal processes Manage and maintain the enterprise risk register, ensuring timely updates and tracking of risk review cycles and deadlines Lead risk assessments required as part of regulatory and industry compliance efforts such PCI DSS and GLBA Assist in the development and reporting of key performance indicators (KPIs) and metrics to measure the effectiveness of GRC initiatives Support risk committee operations by preparing meeting materials, capturing minutes, and coordinating stakeholder updates Evaluate policy exception requests in collaboration with Information Security team members, ensuring appropriate risk considerations are addressed Drive process improvement and innovation by identifying opportunities to streamline workflows and automate manual tasks Provide support across a range of GRC functions including security control testing, audit readiness, documentation of procedures, and compliance assessments Other duties as assigned Qualifications Education & Experience HS Diploma or GED (required) Bachelor's degree in information security, Computer Science, or another relevant field (preferred) Minimum of four (4) years of experience in governance, risk management, compliance or another relevant field (required) Experience conducting internal and external risk assessments, including those aligned with regulatory requirements such as GLBA and PCI (required) Experience developing and tracking metrics and KPIs to evaluate risk and compliance performance (preferred) Experience using GRC tools to streamline processes and improve efficiency; implementation experience (preferred) Experience using Comply for GRC activities. (preferred) Skills Strong understanding of common security controls and alignment to key regulations and standards such as NIST, FERPA, GLBA, HIPAA, PCI, and SOX (required) Strong understanding of risk management principles and common frameworks Knowledge of cloud-based security tools and controls (e.g. Azure, O365, AWS) Skilled in writing risk statements and maintaining an enterprise risk register Proficiency with NIST frameworks for risk management and controls Familiarity with regulatory and industry audits or assessments, including GLBA, PCI, SOX, and HIPAA Communicate clearly and effectively with peers and stakeholders Demonstrate active listening and empathy in interactions Participate in presentations or facilitates small group discussions Manage multiple tasks in a dynamic environment Make timely decisions that keep the organization moving forward Apply effective and efficient processes with a focus on continuous improvement Build open and comfortable relationships with diverse groups Learn actively from both successes and failures while solving new problems Abilities Able a Apply tot his job Apply To this Job