Senior Governance, Risk, and Compliance - Denver
1 day ago
Job description
Summary Of Job Responsibilities
As a Governance, Risk, and Compliance (GRC) Analyst, you will support and enhance the organization's information security, compliance, and enterprise risk management programs.
In this role, you will assess organizational risk, ensure adherence to regulatory and policy requirements, and collaborate across teams to improve security governance and reporting.
You will play a key role in audit readiness, policy development, third-party risk management, and internal control assessments, while helping the organization align its security posture with evolving compliance standards and business goals.
You will interface with multiple internal teams in a structured IT department and will be responsible for interfacing internal and external auditors.
This role requires strong communication skills, attention to detail, and the ability to translate complex technical and regulatory requirements into clear, actionable policies and controls.
Ideal Candidate Statement
The ideal candidate is a detail-oriented security and compliance professional who thrives at the intersection of technology, policy, and risk.
You understand how to balance business objectives with regulatory requirements and have experience supporting audit and risk functions in complex environments.
You are curious, process-driven, and highly collaborative, with a strong desire to improve security governance and compliance maturity across the enterprise.
You are an experienced professional with the ability to work independently identifying key issues and bringing those to the attention of management.
3–5+ years of GRC, audit, or security compliance experienceStrong knowledge of risk assessment and security control frameworks
Ability to communicate technical and regulatory content clearly and concisely
Familiarity with security and compliance in cloud environments (Azure, AWS, OpenShift)
Demonstrated success supporting audits and policy implementation
Highly organized and attentive to detail
Experience in the pension, financial, insurance, or banking sectors.
Holds or is pursuing relevant certifications (e.g., CISA, CRISC, CISSP)
Comfortable working across teams to implement governance and compliance strategies
Proactive in identifying risks and driving remediation
Committed to continuous improvement and professional development
Essential Duties And Responsibilities
Employees are held accountable for all duties of the job. Individuals must be able to perform these duties with or without reasonable accommodations.
Support the design, implementation, and continuous improvement of the organization's GRC (Governance, Risk, and Compliance) program.
Assist in maintaining compliance with internal security policies and external regulatory frameworks (e.g., HIPAA, GDPR, CCPA, ISO 27001, SOC 2, NIST CSF, NIST
Collaborate with technical and business teams to implement and document effective security controls, especially in cloud and hybrid environments (Azure, AWS, OpenShift).
Coordinate and support internal and external audits; track findings, manage responses, and drive remediation efforts.Conduct and document security risk assessments, business impact analyses, and third-party/vendor risk assessments.
Maintain the information security policy framework; assist with policy drafting, review, and lifecycle management.
Develop metrics and reporting to track compliance status, control effectiveness, and risk exposure across the organization.
Assist with data governance and privacy program activities, including data classification, impact assessments, and compliance monitoring.
Manage GRC tools and repositories, including risk registers, control libraries, and audit logs.
Provide input on the security implications of new projects, vendors, and technologies.
Help build a culture of security awareness by contributing to training, internal communications, and staff education efforts.
Perform other duties as assigned.
Job Qualifications
Bachelor's degree in Information Security, Information Systems, Risk Management, or a related field, or an equivalent combination of education and experience.
Solid understanding of GRC concepts, risk management methodologies, and regulatory frameworks (e.g., NIST, ISO 27001, SOC 2, HIPAA, GDPR).
Experience with fraud prevention, detection, and management frameworks.
Experience supporting or managing internal and external audits, risk assessments, and vendor due diligence processes.
Familiarity with cloud security governance practices in Azure, AWS, or OpenShift environments.
Strong organizational, analytical, and problem-solving skills; attention to detail and ability to manage multiple tasks simultaneously.
Excellent verbal and written communication skills; ability to document processes and translate complex requirements for diverse audiences.
Proficiency with GRC platforms or tools (e.g., ServiceNow GRC, Archer, OneTrust, LogicGate) is a plus.
Experience working in regulated industries or handling sensitive data preferred.
Preferred Qualifications
Certified Information Systems Auditor (CISA)
Certified in Risk and Information Systems Control (CRISC)
Certified Information Security Manager (CISM)
Certified Information Systems Security Professional (CISSP) (with GRC/governance domain)
Microsoft Certified:
Azure Security Engineer Associate
AWS Certified Security – Specialty
Red Hat Certified Specialist in OpenShift Security
Working Conditions
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.
Standard office environment with frequent telephone communication, computer operation, and other office productivity machinery, such as a copy and printer machine.
All employees are expected to present themselves in a professional manner in alignment with the financial services industry
Ability to sit for prolonged periods of time
Ability to operate standard PC equipment
Ability to manage frequent deadlines and tight schedules
Hybrid Work Option
Opportunity to work from home up to two days per week. Eligibility dependent upon factors detailed in PERA's Work from Home Policy.
Similar jobs
The risk and compliance senior analyst is responsible for assisting with all activities related with building and running a successful risk and compliance program at Office of Information Security (OIS) · Assist with audits and audit related activities in a timely manner. · Prior ...
3 weeks ago
The Enterprise Compliance Risk Director is responsible for designing implementing and leading second-line oversight of Huntington's enterprise-wide BSA/AML and OFAC/Sanctions Compliance Program within the Corporate Compliance organization. · Bachelor's degree in business or relat ...
1 month ago
Job DetailsJob Location: Penn Center - Denver, CO 80203Position Type: Full TimeSalary Range: $90, $111,500.00 Salary/yearJob Shift: DaySummary of Job Responsibilities · As a Governance, Risk, and Compliance (GRC) Analyst, you will support and enhance the organization's informatio ...
1 day ago
Summary Of Job Responsibilities · As a Governance, Risk, and Compliance (GRC) Analyst, you will support and enhance the organization's information security, compliance, and enterprise risk management programs. In this role, you will assess organizational risk, ensure adherence to ...
1 day ago
The Enterprise Compliance Risk Director will design and implement second-line oversight of Huntington's enterprise-wide BSA/AML and OFAC/Sanctions Compliance Program within the Corporate Compliance organization. · Lead and enhance the enterprise BSA/AML and OFAC/Sanctions complia ...
1 month ago
El/la Cybersecurity Risk and Compliance Lead será responsable de liderar el área global de Gobernanza, · Riesgo y Cumplimiento (GRC) en materia de ciberseguridad dentro · de la organización.Gestión del área global · de GRC. · Liderar procesos · de gestión · .Priorizar planes ...
1 month ago
Summary of Job Responsibilities · As a Governance, Risk, and Compliance (GRC) Analyst, you will support and enhance the organization's information security, compliance, and enterprise risk management programs. In this role, you will assess organizational risk, ensure adherence to ...
1 day ago
+Liderar el área global de Gobernanza, Riesgo y Cumplimiento (GRC) en materia de ciberseguridad dentro de la organización. · +Gestión del área global de GRC y garantizar el cumplimiento de estándares como TISAX, NIST, GDPR. · Liderar procesos de gestión de riesgos y auditorías en ...
1 month ago
El/la Cybersecurity Risk and Compliance Lead será responsable de liderar el área global de Gobernanza, Riesgo y Cumplimiento (GRC) en materia ciberseguridad dentro la organización. · ...
1 month ago
Switchboard is seeking a Compliance/Risk Specialist on behalf of our client Open Technology Solutions (OTS) to support governance risk and compliance functions. · Build and compile compliance reports on control effectiveness risk metrics and compliance status for internal stakeho ...
1 week ago
This is a newly created position offering the opportunity to establish processes and frameworks while working within existing systems that serve credit unions and community financial institutions. · If you're detail-oriented, enjoy working with data and controls, and want to grow ...
1 week ago
Switchboard is seeking a Compliance/Risk Specialist to support the governance, risk, and compliance functions of Open Technology Solutions (OTS). This individual contributor role reports to the Director of Governance, Risk, and Controls (GRC) and involves building compliance repo ...
1 week ago
Switchboard is seeking a Compliance/Risk Specialist to support the governance, risk, and compliance functions of Open Technology Solutions (OTS). The role involves building compliance reports, monitoring controls and systems, and supporting risk management activities across the o ...
1 week ago
Switchboard is seeking a Compliance/Risk Specialist to support the governance, risk, and compliance functions of Open Technology Solutions. In this role, you'll be responsible for building compliance reports, monitoring controls and systems, and supporting risk management activit ...
1 week ago
The risk and compliance senior analyst is responsible for assisting with all activities related with building and running a successful risk and compliance program. · ...
1 week ago
Government Risk and Compliance Intern, Cybersecurity, NA
Only for registered members
+ Job summary: The Cybersecurity Engineer Intern supports the global Cybersecurity team in designing, implementing, and maintaining security controls that protect Vantage Data Centers' enterprise IT environments, cloud platforms, and corporate systems. This role provides hands‑on ...
3 days ago
Government Risk and Compliance Intern, Cybersecurity, NA
Only for registered members
About Vantage Data Centers · Vantage Data Centers powers, cools, protects and connects the technology of the world's well-known hyperscalers, cloud providers and large enterprises. Developing and operating across North America, EMEA and Asia Pacific, Vantage has evolved data cent ...
2 days ago
We are hiring one disciplined Field Assessor as an independent contractor for a controlled test phase. · ...
1 week ago
The Risk & Compliance Administrative Coordinator provides administrative documentation and project coordination support to E-470's risk management and compliance functions. · This position reports directly to the HR & Risk Manager and supports the execution of essential administr ...
1 month ago
+ Manage all insurance claims including property auto liability workers compensation and third party subrogation recovery + Provide administrative support for insurance claims processes including property auto liability workers compensation and third party recovery + Coordinate d ...
1 month ago