Governance Risk & Compliance Analyst

Overview

Governance Risk & Compliance Analyst 

Location: Remote

Salary Range: $87,000 - $100,000 per year depending on experience 

Are you passionate about risk management, regulatory compliance, and building strong frameworks that protect enterprise systems? Join our team as a Governance, Risk & Compliance (GRC) Analyst and play a vital role in safeguarding our organization’s information security and compliance posture.

In this role, you’ll lead internal and third-party risk assessments, maintain our enterprise risk register, oversee vendor due diligence, and collaborate with cross-functional teams to strengthen our risk and compliance programs.

In addition to joining an organization with an outstanding mission, UTI is happy to provide the following Benefits You'll Love: 

• Tuition Waiver: Enjoy a tuition waiver after 6 months of employment for you AND your immediate family offered at UTI and Concorde campuses
• Paid Time Off: Competitive paid time off programs for employees (Vacation, Sick, Flexible)
• Retirement Matching: 50% match on the first 6% of your contributions after 90 days
• Paid Parental Leave: 4 weeks of paid leave for both birthing and non-birthing parents to bond with a new baby
• Competitive Insurance: Health, vision, and dental coverage for you and your dependents
• Pet Insurance: Competitive coverage for your furry family members through ASPCA
• Health Plan Enrollment: Eligibility starts first of the month following completing one full month of employment

Responsibilities

• Conduct internal and external risk reviews, ensuring alignment with frameworks like NIST, GLBA, PCI, HIPAA, and SOX

• Perform third-party risk assessments during onboarding and throughout vendor lifecycle

• Maintain and update the enterprise risk register and third-party inventory

• Collaborate with stakeholders on risk mitigation strategies and track remediation progress

• Support audits, security control testing, and policy exception reviews

• Contribute to the ongoing improvement of GRC programs, policies, and processes

• Develop and track KPIs and metrics for risk and compliance performance

• Leverage GRC platforms and tools to streamline workflows and enhance reporting

Qualifications

Requirements

• HS Diploma or GED 

• 4+ years of experience in GRC, risk management, cybersecurity compliance, or a related field

• Demonstrated experience performing internal and external risk assessments

• Hands-on experience with GRC tools/platforms (implementation experience a plus)

• Working knowledge of key frameworks and regulations: NIST, GLBA, PCI, HIPAA, FERPA, SOX

• Strong communication and analytical skills with the ability to influence cross-functional teams

Preferred Qualifications

• Bachelor's degree in InfoSec, Computer Science, or a related field

• Experience developing and reporting on risk and compliance KPIs

• Familiarity with cloud security (Azure, AWS, O365) and third-party risk tiering