Senior Governance, Risk and Compliance Analyst - Ryan Specialty Group
Chicago, IL
About the Job
Position Summary
The Senior Governance, Risk, and Compliance (GRC) Analyst will be an impactful individual contributor in our growing organization, driving key initiatives to strengthen security and compliance programs. In this role, you will lead risk assessments and compliance efforts, optimize processes, and implement scalable information security controls.
You will collaborate with internal teams, external auditors, and vendors to ensure compliance with industry standards and regulatory frameworks while championing "security by design" across the organization. With opportunities to influence policy, automate workflows, and deliver actionable insights to leadership, this position provides a dynamic environment for growth and meaningful impact.
Join us in shaping a forward-thinking security program!
What will your job entail?
Job Responsibilities:
• Lead the execution of Governance, Risk, and Compliance initiatives such as internal and external risk assessments.
• Assist in responding to risk, information security, and compliance inquiries from the organization's business units.
• Act as a point of contact for security and compliance throughout the organization-articulate the value of "security by design" practices and controls.
• Manage assigned workstreams, keeping manager apprised of status and escalating when necessary.
• Leverage project management tools and techniques to deliver results efficiently across multiple workstreams.
• Identify and address inefficiencies in processes, collaborating with stakeholders to develop and implement solutions.
• Assist in implementing governance and risk management solutions to automate processes and workflows.
• Maintain and manage the information security risk register, advising on risk treatment strategies, tracking progress, and reporting on metrics.
• Develop and report executive and operational metrics for information security governance, risk remediation, and audit compliance efforts.
• Oversee the Information Security policy program, including managing exceptions and maintaining compliance documentation.
• Represent the information security program during contract negotiations. Participate in and support Third-Party Risk Assessment activities for prospective and existing vendors.
• Stay updated on emerging cybersecurity risks, regulatory trends, and control testing techniques to ensure program relevance and effectiveness.
Work Experience and Education:
• Bachelor's degree in Information Security, Risk Management, Legal Studies, or related field.
• Minimum of 5+ years of experience in an Information Security discipline, with a preferred emphasis on risk and compliance
• Demonstrated experience implementing and maturing risk management programs.
• Ability to clearly articulate the business value of security and compliance in accessible terms.
• Proven track record of collaborating with stakeholders to drive change and improve processes.
• Strong knowledge of IT infrastructure, enterprise applications, cloud technologies, and compliance frameworks (e.g., SOX, SOC 2, NIST CSF, CIS).
• Knowledge of regulatory standards such as GDPR, CCPA, HIPAA, and DORA.
• Familiarity with governance risk compliance tools, project management practices, and automation technologies.
• Experience auditing information systems and managing audit and compliance requests from internal and external stakeholders.
Licenses & Certifications:
• Certified Information Systems Auditor (CISA)
• Certified in Risk and Information Systems Control (CRISC)
• Certified Information Systems Security Professional (CISSP)
• Certified in Governance, Risk, and Compliance (CGRC)
Ryan Specialty is an Equal Opportunity Employer. We are committed to building and sustaining a diverse workforce throughout the organization. Our vision is an inclusive and equitable workplace where all employees are valued for and evaluated on their performance and contributions. Differences in race, creed, color, religious beliefs, physical or mental capabilities, gender identity or expression, sexual orientation, and many other characteristics bring together varied perspectives and add value to the service we provide our clients, trading partners, and communities. This policy extends to all aspects of our employment practices, including but not limited to, recruiting, hiring, discipline, firing, promoting, transferring, compensation, benefits, training, leaves of absence, and other terms, conditions, and benefits of employment.
The Senior Governance, Risk, and Compliance (GRC) Analyst will be an impactful individual contributor in our growing organization, driving key initiatives to strengthen security and compliance programs. In this role, you will lead risk assessments and compliance efforts, optimize processes, and implement scalable information security controls.
You will collaborate with internal teams, external auditors, and vendors to ensure compliance with industry standards and regulatory frameworks while championing "security by design" across the organization. With opportunities to influence policy, automate workflows, and deliver actionable insights to leadership, this position provides a dynamic environment for growth and meaningful impact.
Join us in shaping a forward-thinking security program!
What will your job entail?
Job Responsibilities:
• Lead the execution of Governance, Risk, and Compliance initiatives such as internal and external risk assessments.
• Assist in responding to risk, information security, and compliance inquiries from the organization's business units.
• Act as a point of contact for security and compliance throughout the organization-articulate the value of "security by design" practices and controls.
• Manage assigned workstreams, keeping manager apprised of status and escalating when necessary.
• Leverage project management tools and techniques to deliver results efficiently across multiple workstreams.
• Identify and address inefficiencies in processes, collaborating with stakeholders to develop and implement solutions.
• Assist in implementing governance and risk management solutions to automate processes and workflows.
• Maintain and manage the information security risk register, advising on risk treatment strategies, tracking progress, and reporting on metrics.
• Develop and report executive and operational metrics for information security governance, risk remediation, and audit compliance efforts.
• Oversee the Information Security policy program, including managing exceptions and maintaining compliance documentation.
• Represent the information security program during contract negotiations. Participate in and support Third-Party Risk Assessment activities for prospective and existing vendors.
• Stay updated on emerging cybersecurity risks, regulatory trends, and control testing techniques to ensure program relevance and effectiveness.
Work Experience and Education:
• Bachelor's degree in Information Security, Risk Management, Legal Studies, or related field.
• Minimum of 5+ years of experience in an Information Security discipline, with a preferred emphasis on risk and compliance
• Demonstrated experience implementing and maturing risk management programs.
• Ability to clearly articulate the business value of security and compliance in accessible terms.
• Proven track record of collaborating with stakeholders to drive change and improve processes.
• Strong knowledge of IT infrastructure, enterprise applications, cloud technologies, and compliance frameworks (e.g., SOX, SOC 2, NIST CSF, CIS).
• Knowledge of regulatory standards such as GDPR, CCPA, HIPAA, and DORA.
• Familiarity with governance risk compliance tools, project management practices, and automation technologies.
• Experience auditing information systems and managing audit and compliance requests from internal and external stakeholders.
Licenses & Certifications:
• Certified Information Systems Auditor (CISA)
• Certified in Risk and Information Systems Control (CRISC)
• Certified Information Systems Security Professional (CISSP)
• Certified in Governance, Risk, and Compliance (CGRC)
Ryan Specialty is an Equal Opportunity Employer. We are committed to building and sustaining a diverse workforce throughout the organization. Our vision is an inclusive and equitable workplace where all employees are valued for and evaluated on their performance and contributions. Differences in race, creed, color, religious beliefs, physical or mental capabilities, gender identity or expression, sexual orientation, and many other characteristics bring together varied perspectives and add value to the service we provide our clients, trading partners, and communities. This policy extends to all aspects of our employment practices, including but not limited to, recruiting, hiring, discipline, firing, promoting, transferring, compensation, benefits, training, leaves of absence, and other terms, conditions, and benefits of employment.
Source : Ryan Specialty Group