Governance, Risk & Compliance Analyst II
Job in
Highlands Ranch, Douglas County, Colorado, USA
Listed on 2026-06-02
Listing for:
Udr, Inc.
Full Time
position Listed on 2026-06-02
Job specializations:
-
IT/Tech
Information Security, Data Security, Cybersecurity, IT Business Analyst
Job Description & How to Apply Below
GENERAL SUMMARY OF DUTIES:
The GRC Analyst role(s) will be responsible for the implementation, operation, and maintenance of UDR's IT Governance, Risk & Compliance (GRC) program in accordance with business objectives and legal requirements. All levels will work on growing and maintaining the enterprise's audit readiness, AI governance, third-party risk management, and consumer privacy programs. These roles collaborate closely with appropriate business personnel to support the confidentiality, integrity, and availability of enterprise data and the responsible deployment of AI systems.
GRC Analyst II shall take increased ownership of GRC processes and tool utilization while working towards delivery of strategic goals, including AI governance initiatives.
SUPERVISION RECEIVED:
Reports directly to the Director - Cyber Risk and Privacy
SUPERVISION EXERCISED: N/A
ESSENTIAL FUNCTIONS:
1. Lead evidence collection and coordination for external and internal audits, including Sarbanes-Oxley (SOX) and NIST CSF, working directly with both internal and external auditors as well as internal control owners.
2. Identify control gaps and remediation opportunities through audit findings and proactively communicate recommendations to management.
3. Lead AI governance implementation tasks, including maintaining enterprise AI technical feasibility assessments, conducting AI vendor risk assessments, and supporting the development of AI use policies and standards.
4. Advise business stakeholders on AI-related risks, including fair-housing implications of AI-assisted leasing or screening tools, and SEC disclosure obligations related to material AI risks.
5. Manage vendor due diligence and third-party risk assessments, with specialized focus on evaluating AI-enabled vendor tools for algorithmic transparency, bias testing, and data governance practices.
6. Manage and track vendor certification/recertification status and maintain the approved vendor list.
7. Manage the program to document, analyze, and fulfill all consumer data privacy requests received by UDR, including state-specific requirements.
8. Advise the business on federal and state privacy compliance issues and best practices in accordance with applicable state laws.
9. Research new and evolving legal requirements as they relate to consumer privacy, AI governance, and relevant GRC domain areas.
10. Advise project teams on data privacy and AI risks associated with specific business activities and data use.
11. Create and edit organizational policies as they pertain to information technology, AI governance, and GRC.
12. Lead the implementation and maintenance of GRC applications, tools, and systems in accordance with program policy and industry best practice.
13. Create and design reporting, metrics, and dashboards to support compliant and transparent IT operations.
14. Communicate with consumers and across the enterprise in a timely, professional, and precise manner.
15. Manage processes for digital forensics and evidence chain of custody for any incident or investigation related to data privacy.
16. Consult with key stakeholders on privacy and AI governance assessments; serve as a subject matter expert for IT Operations.
17. Lead organizational data privacy and AI governance training and awareness efforts.
18. Perform other duties as assigned or as necessary.
EDUCATION AND EXPERIENCE:
1. Bachelor's degree in Information Systems, Cybersecurity, a related field, or equivalent experience required.
2. Minimum of three years' experience in GRC, data privacy, risk management, audit support, and/or information security.
3. Demonstrable advanced knowledge and understanding of data privacy laws, including state-specific laws in Colorado, California, and emerging state privacy laws.
4. Hands-on experience supporting SOX and/or NIST CSF audits, including evidence gathering and control testing.
5. Experience evaluating third-party and vendor risk, including vendors utilizing AI-enabled tools.
6. Working knowledge of AI governance principles, including AI risk assessment,…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
Search for further Jobs Here:
×