IT - Governance Analyst

Overview

On Site
USD 45.00 - 50.00 per hour
Contract - Independent

Skills

Information Security Governance
Risk Assessment
Information Security
Change Request Management
Business Continuity Planning
Disaster Recovery
IT Governance
Risk Management
Legacy Systems
Management
Reporting
System On A Chip
ITIL
Gap Analysis
Scope Management
Dashboard
Performance Metrics
Documentation
Auditing
Testing
SAP GRC
Training
Collaboration
Business Administration
Accounting
Management Information Systems
Computer Science
Cyber Security
IT Risk Management
Regulatory Compliance
Payment Card Industry
Sarbanes-Oxley
HIPAA
Gramm-Leach-Bliley Act
ISO/IEC 27001:2005
COBIT
Incident Management
Audit Management
Security Controls
Communication
Analytical Skill
Decision-making
Cloud Computing
Software Security
DevOps
Hardening
Multitasking
Adaptability
Leadership
Mentorship
CISSP
ISACA
CISA
CISM
Privacy
Marketing

Job Details

Location: Sacramento, CA
Salary: $45.00 USD Hourly - $50.00 USD Hourly
Description: Our client is currently seeking a IT - Governance Analyst

GENERAL DESCRIPTION:
The Governance, Risk, and Compliance (GRC) Analyst supports IT and Security governance by managing policies, processes, technologies, and risk assessments. Reporting to the IT GRC Manager, this role provides assurance around adherence to organizational policies and contributes to the development, implementation, and maintenance of IT compliance frameworks. The analyst collaborates closely with information security teams to support audits, evidence collection, and incident response efforts. Additional responsibilities include reporting and verification of IT change management procedures, and overseeing Business Continuity and Disaster Recovery (BCDR) testing processes.

The ideal candidate brings at least five years of experience in IT governance, compliance, or risk management, with strong technical acumen and the ability to assess and support both modern and legacy systems critical to the business.

KEY RESPONSIBILITIES:
  • Manage reporting requirements for the IT GRC program, ensuring activities align with internal policies and external regulatory frameworks (e.g., NIST, ISO 27001, SOC 1/2, COBIT, ITIL, SOX, GDPR/CCPA).
  • Lead assessments and gap analyses of IT control environments; support audit readiness and remediation planning.
  • Track and coordinate IT-related audit activities including scope management, evidence collection, and follow-up on findings.
  • Maintain and administer GRC platforms, dashboards, and performance metrics.
  • Support user access reviews and configuration documentation efforts; coordinate timely approvals with system owners.
  • Identify control deficiencies and recommend improvements related to privacy, business resiliency, and compliance.
  • Contribute to third-party risk reviews, including documentation, assessment, and remediation tracking.
  • Collaborate with internal and external auditors to maintain alignment and timely delivery of audit items.
  • Facilitate BCDR planning and testing exercises; contribute to continuity strategies.
  • Support GRC awareness initiatives, training efforts, and cross-team collaboration within IT.
  • Ensure confidentiality of sensitive data processed or accessed through organizational systems.


QUALIFICATIONS:

Education:
Bachelor's degree in Business Administration, Accounting, MIS, or Computer Science is strongly preferred. An advanced degree is a plus.

Experience:
  • Minimum 5 years of hands-on experience in cybersecurity or IT risk management.
  • At least 2-3 years of demonstrated experience with regulatory and compliance frameworks including PCI, SOX, HIPAA, GDPR, and GLBA.
  • Strong understanding of industry standards such as ISO 27001, NIST CSF, and COBIT.
  • Practical experience in incident response, audit management, and security control implementation.

Skills and Attributes:
  • Excellent written and verbal communication skills; ability to communicate risks and controls to all levels of the organization.
  • Strong analytical and decision-making capabilities to address complex risk scenarios.
  • Working knowledge of technologies such as cloud platforms, application security, DevOps, and system hardening.
  • Ability to lead projects, multitask under pressure, and operate independently.
  • Demonstrated integrity, curiosity, adaptability, and leadership in team environments.
  • Prior experience with team oversight or mentorship is a plus.

Certifications (Preferred):
CISSP, CRISC, CISA, CISM, CIPP or other relevant industry credentials.

By providing your phone number, you consent to: (1) receive automated text messages and calls from the Judge Group, Inc. and its affiliates (collectively "Judge") to such phone number regarding job opportunities, your job application, and for other related purposes. Message & data rates apply and message frequency may vary. Consistent with Judge's Privacy Policy, information obtained from your consent will not be shared with third parties for marketing/promotional purposes. Reply STOP to opt out of receiving telephone calls and text messages from Judge and HELP for help.

Contact:

This job and many more are available through The Judge Group. Please apply with us today!
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.

About Judge Group, Inc.