Senior Governance, Risk, and Compliance - Denver, CO

Summary of Job Responsibilities · As a Governance, Risk, and Compliance (GRC) Analyst, you will support and enhance the organization's information security, compliance, and enterprise risk management programs. In this role, you will assess organizational risk, ensure adherence to ...

Job description

Summary of Job Responsibilities

As a Governance, Risk, and Compliance (GRC) Analyst, you will support and enhance the organization's information security, compliance, and enterprise risk management programs. In this role, you will assess organizational risk, ensure adherence to regulatory and policy requirements, and collaborate across teams to improve security governance and reporting. You will play a key role in audit readiness, policy development, third-party risk management, and internal control assessments, while helping the organization align its security posture with evolving compliance standards and business goals. You will interface with multiple internal teams in a structured IT department and will be responsible for interfacing internal and external auditors.

This role requires strong communication skills, attention to detail, and the ability to translate complex technical and regulatory requirements into clear, actionable policies and controls. Familiarity with cloud security governance in Azure, AWS, or OpenShift is highly desirable.

Ideal Candidate Statement

The ideal candidate is a detail-oriented security and compliance professional who thrives at the intersection of technology, policy, and risk. You understand how to balance business objectives with regulatory requirements and have experience supporting audit and risk functions in complex environments. You are curious, process-driven, and highly collaborative, with a strong desire to improve security governance and compliance maturity across the enterprise. You are an experienced professional with the ability to work independently identifying key issues and bringing those to the attention of management.

• 3–5+ years of GRC, audit, or security compliance experience
• Strong knowledge of risk assessment and security control frameworks
• Ability to communicate technical and regulatory content clearly and concisely
• Familiarity with security and compliance in cloud environments (Azure, AWS, OpenShift)
• Demonstrated success supporting audits and policy implementation
• Highly organized and attentive to detail
• Experience in the pension, financial, insurance, or banking sectors.
• Holds or is pursuing relevant certifications (e.g., CISA, CRISC, CISSP)
• Comfortable working across teams to implement governance and compliance strategies
• Proactive in identifying risks and driving remediation
• Committed to continuous improvement and professional development

Essential Duties and Responsibilities

Employees are held accountable for all duties of the job. Individuals must be able to perform these duties with or without reasonable accommodations.

• Support the design, implementation, and continuous improvement of the organization's GRC (Governance, Risk, and Compliance) program.
• Assist in maintaining compliance with internal security policies and external regulatory frameworks (e.g., HIPAA, GDPR, CCPA, ISO 27001, SOC 2, NIST CSF, NIST
• Collaborate with technical and business teams to implement and document effective security controls, especially in cloud and hybrid environments (Azure, AWS, OpenShift).
• Coordinate and support internal and external audits; track findings, manage responses, and drive remediation efforts.
• Conduct and document security risk assessments, business impact analyses, and third-party/vendor risk assessments.
• Maintain the information security policy framework; assist with policy drafting, review, and lifecycle management.
• Develop metrics and reporting to track compliance status, control effectiveness, and risk exposure across the organization.
• Assist with data governance and privacy program activities, including data classification, impact assessments, and compliance monitoring.
• Manage GRC tools and repositories, including risk registers, control libraries, and audit logs.
• Provide input on the security implications of new projects, vendors, and technologies.
• Help build a culture of security awareness by contributing to training, internal communications, and staff education efforts.
• Perform other duties as assigned.

Job Qualifications

• Bachelor's degree in Information Security, Information Systems, Risk Management, or a related field, or an equivalent combination of education and experience.
• 3–5+ years of experience in information security, compliance, IT audit, or risk management roles.
• Solid understanding of GRC concepts, risk management methodologies, and regulatory frameworks (e.g., NIST, ISO 27001, SOC 2, HIPAA, GDPR).
• Experience with fraud prevention, detection, and management frameworks.
• Experience supporting or managing internal and external audits, risk assessments, and vendor due diligence processes.
• Familiarity with cloud security governance practices in Azure, AWS, or OpenShift environments.
• Strong organizational, analytical, and problem-solving skills; attention to detail and ability to manage multiple tasks simultaneously.
• Excellent verbal and written communication skills; ability to document processes and translate complex requirements for diverse audiences.
• Proficiency with GRC platforms or tools (e.g., ServiceNow GRC, Archer, OneTrust, LogicGate) is a plus.
• Experience working in regulated industries or handling sensitive data preferred.

Preferred Qualifications

• Certified Information Systems Auditor (CISA)
• Certified in Risk and Information Systems Control (CRISC)
• Certified Information Security Manager (CISM)
• Certified Information Systems Security Professional (CISSP) (with GRC/governance domain)
• Microsoft Certified: Azure Security Engineer Associate
• AWS Certified Security – Specialty
• Red Hat Certified Specialist in OpenShift Security

Working Conditions

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions.

• Standard office environment with frequent telephone communication, computer operation, and other office productivity machinery, such as a copy and printer machine.
• Occasional moving and positioning supplies in excess of 20 pounds
• All employees are expected to present themselves in a professional manner in alignment with the financial services industry
• Ability to sit for prolonged periods of time
• Ability to operate standard PC equipment
• Ability to manage frequent deadlines and tight schedules

Hybrid Work Option

• Opportunity to work from home up to two days per week. Eligibility dependent upon factors detailed in PERA's Work from Home Policy.

Interested Candidates:

Complete the employment application online at Please have copies of your resume and cover letter available to upload.

Job Description Disclaimer

This job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities that are required of an employee. Duties, responsibilities, and activities may change or be assigned with or without notice.

Unfortunately, at this time, PERA cannot consider candidates that require sponsorship (now or in the future), or are located outside of the US.

All Colorado PERA employees are subject to PERA's Ethics Policy and some employees are subject to the Personal Trading Policy. These policies include restrictions on outside business activities and employment and have certain requirements on personal trading. You may request copies of these policies from PERA's talent acquisition team and any questions can be answered by PERA's Investment Administration team.

About Colorado PERA

Looking for a career where you can make a difference? Colorado PERA offers benefit services to public employees across Colorado, including teachers, state troopers, snowplow drivers, correctional officers and many others who provide valuable services. As Colorado's largest pension plan, we serve and educate over 700,000 members who are former and current public employees.

At PERA you will earn more than a paycheck. PERA is a culture where you can grow your potential and work in an inclusive environment, where diverse perspectives are valued. We hire exceptional employees and recognize that our people are our best asset. Not only do we make sound investments for our members, PERA invests in our employees' growth through training and leadership opportunities.

To promote wellbeing, we offer hybrid or flexible working options for most roles and a total rewards and benefit program including health, dental and vision coverage - eligibility starts the first day of the month following the date of hire for most plans; generous paid time off and volunteer hours; pension and retirement plans, including PERA's defined benefit plan, 457 defined contribution plan, and 401(k) employer match, as applicable; tuition assistance; free, convenient on-site parking or RTD subsidy; free on-site fitness center to stay active; employee assistance program; training, leadership and mentoring programs and more. PERA is a Public Service Loan Forgiveness qualifying employer.

To learn more about life at PERA, watch this video or visit

Position Title: Senior GRC Analyst

Division: Information Security

Reports to: Information Security Manager

Job Status: Full-time, Exempt

Salary: $90,500 to $111,500 Annual, Commensurate with experience

Posting Dates: 02/20/2026 to 03/22/2026