📊

Risk & Compliance Analyst

Also known as: GRC Analyst, Security Risk Analyst, Information Security Risk Specialist, Governance Risk and Compliance Analyst

AI Impact Score

50/100

AI is automating significant portions of routine GRC work — evidence collection, control testing, compliance gap analysis, and risk scoring. Analysts who use AI-powered GRC platforms and focus on risk interpretation, stakeholder communication, and emerging regulatory issues will thrive, while those who remain focused on manual checklist work face automation pressure.

$65k – $125k

Salary Range

growing

Growth Outlook

30,000

Total Jobs (US)

+16%

Growth Rate

Task Breakdown

Tasks at Risk (4)

Manual evidence collection and organisation for auditsRoutine compliance checklist completionStandard policy template draftingBasic risk register data entry and maintenance

AI-Enhanced Tasks (4)

AI-assisted control mapping across multiple frameworksAutomated continuous compliance monitoringAI-powered risk scoring and prioritisationRegulatory change monitoring and impact analysis

Human-Safe Tasks (5)

Risk judgement and materiality determinationRegulatory interpretation in ambiguous situationsAuditor and regulator relationship managementRisk acceptance documentation and governanceEmerging regulatory research and programme preparation

Current Skills

GRC Frameworks (NIST CSF, ISO 27001, SOC 2, HIPAA, PCI DSS)Risk Assessment Methodology (NIST RMF, ISO 31000, FAIR)GRC Platforms (Vanta, Drata, Hyperproof, Archer)Audit Management and Evidence CollectionPolicy and Procedure Development

Future-Proof Skills

AI Governance and EU AI Act ComplianceContinuous Control Monitoring AutomationCyber Risk Quantification (FAIR methodology)Supply Chain Risk Assessment (C-SCRM)ESG and Privacy Regulatory Convergence