IT - Governance Analyst

Location: Sacramento, CA
Salary: $45.00 USD Hourly - $50.00 USD Hourly
Description: Our client is currently seeking a IT - Governance Analyst

GENERAL DESCRIPTION:
The Governance, Risk, and Compliance (GRC) Analyst supports IT and Security governance by managing policies, processes, technologies, and risk assessments. Reporting to the IT GRC Manager, this role provides assurance around adherence to organizational policies and contributes to the development, implementation, and maintenance of IT compliance frameworks. The analyst collaborates closely with information security teams to support audits, evidence collection, and incident response efforts. Additional responsibilities include reporting and verification of IT change management procedures, and overseeing Business Continuity and Disaster Recovery (BCDR) testing processes.

The ideal candidate brings at least five years of experience in IT governance, compliance, or risk management, with strong technical acumen and the ability to assess and support both modern and legacy systems critical to the business.

KEY RESPONSIBILITIES:

• Manage reporting requirements for the IT GRC program, ensuring activities align with internal policies and external regulatory frameworks (e.g., NIST, ISO 27001, SOC 1/2, COBIT, ITIL, SOX, GDPR/CCPA).
• Lead assessments and gap analyses of IT control environments; support audit readiness and remediation planning.
• Track and coordinate IT-related audit activities including scope management, evidence collection, and follow-up on findings.
• Maintain and administer GRC platforms, dashboards, and performance metrics.
• Support user access reviews and configuration documentation efforts; coordinate timely approvals with system owners.
• Identify control deficiencies and recommend improvements related to privacy, business resiliency, and compliance.
• Contribute to third-party risk reviews, including documentation, assessment, and remediation tracking.
• Collaborate with internal and external auditors to maintain alignment and timely delivery of audit items.
• Facilitate BCDR planning and testing exercises; contribute to continuity strategies.
• Support GRC awareness initiatives, training efforts, and cross-team collaboration within IT.
• Ensure confidentiality of sensitive data processed or accessed through organizational systems.

QUALIFICATIONS:

Education:
Bachelor's degree in Business Administration, Accounting, MIS, or Computer Science is strongly preferred. An advanced degree is a plus.

Experience:

• Minimum 5 years of hands-on experience in cybersecurity or IT risk management.
• At least 2-3 years of demonstrated experience with regulatory and compliance frameworks including PCI, SOX, HIPAA, GDPR, and GLBA.
• Strong understanding of industry standards such as ISO 27001, NIST CSF, and COBIT.
• Practical experience in incident response, audit management, and security control implementation.

Skills and Attributes:

• Excellent written and verbal communication skills; ability to communicate risks and controls to all levels of the organization.
• Strong analytical and decision-making capabilities to address complex risk scenarios.
• Working knowledge of technologies such as cloud platforms, application security, DevOps, and system hardening.
• Ability to lead projects, multitask under pressure, and operate independently.
• Demonstrated integrity, curiosity, adaptability, and leadership in team environments.
• Prior experience with team oversight or mentorship is a plus.

Certifications (Preferred):
CISSP, CRISC, CISA, CISM, CIPP or other relevant industry credentials.

By providing your phone number, you consent to: (1) receive automated text messages and calls from the Judge Group, Inc. and its affiliates (collectively "Judge") to such phone number regarding job opportunities, your job application, and for other related purposes. Message & data rates apply and message frequency may vary. Consistent with Judge's Privacy Policy, information obtained from your consent will not be shared with third parties for marketing/promotional purposes. Reply STOP to opt out of receiving telephone calls and text messages from Judge and HELP for help.

Contact:

This job and many more are available through The Judge Group. Please apply with us today!