×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security IT Business Analyst Data Security

Risk and Compliance Analyst

Job in Nashville, Davidson County, Tennessee, 37247, USA
Listing for: Pillsbury Winthrop Shaw Pittman LLP
Full Time position
Listed on 2026-02-16
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, IT Business Analyst, Data Security
Salary/Wage Range or Industry Benchmark: 80000 - 100000 USD Yearly USD 80000.00 100000.00 YEAR
Job Description & How to Apply Below
Nashville, Tennessee##
** Job Description
** The Risk & Compliance Analyst supports Pillsbury’s Governance, Risk & Compliance (GRC) program across risk management, policy governance, internal audit coordination, vendor risk intake, training and awareness initiatives, and business continuity documentation. This role supports both ISO 27001 and CMMC Level 2 programs with a balanced 50/50 focus on each  addition to core compliance operations, the analyst is responsible for maintaining and organizing BCP/DR documentation, coordinating updates from business and IT owners, and supporting reporting activities following exercises and continuity events.
** KEY RESPONSIBILITIES
**** Risk Management & Governance
*** Maintain and update the firm’s risk register, including risk scoring, treatment tracking, and monitoring for changes.
* Support formal risk assessments and assist with updates to the Statement of Applicability (SoA).
* Gather and consolidate risk-related inputs from IT, HR, Legal, Sec Ops, and business stakeholders.
** Documentation & Policy Governance
*** Manage lifecycle updates for information security policies, standards, and procedures including drafting, reviews, approvals, and version control.
* Maintain compliance documentation such as SSP updates, POA&M revisions, control narratives, and other required artifacts.
* Ensure governance documents remain accurate, consistently formatted, and aligned with framework requirements.
** Audit Support
*** Coordinate internal and external audit activities, including scheduling, evidence collection, and communication with SMEs.
* Track audit findings, corrective actions, and remediation progress.
* Maintain audit documentation repositories and ensure audit materials are consistently organized and audit-ready.
** Vendor Risk Management
*** Perform intake assessments for vendor security reviews and coordinate security questionnaires with vendors.
* Collect due-diligence documentation and track remediation or follow-up requirements.
* Support collaboration between Procurement, Legal, IT, and the GRC Manager.
** Training & Awareness
*** Assist with developing and distributing cybersecurity awareness content.
* Maintain training completion records and support reporting for required annual or event-driven trainings.
** Business Continuity & Disaster Recovery (BCP/DR) Documentation & Reporting
*** Maintain BCP/DR documentation including plans, Business Impact Analysis (BIA) updates, team rosters, and continuity-related inventories.
* Coordinate with business units and IT to collect updates for continuity plans and ensure documentation accuracy.
* Support post-exercise and post-incident reporting, capturing results, action items, and changes required to improve resilience.
* Organize and maintain evidence of continuity activities for compliance and audit purposes.
* Assist in coordinating tabletop exercises by managing documentation, capturing observations, and preparing reports for leadership review.
** Cross-Functional Collaboration
*** Work closely with HR, Legal, Procurement, IT, Sec Ops, and other internal stakeholders to support compliance operations.
* Support the GRC Manager on firm-wide governance, compliance initiatives, and regulatory readiness activities.
** REQUIRED EDUCATION, KNOWLEDGE AND EXPERIENCE
*** 2–5 years of experience in cybersecurity governance, compliance, risk management, or internal audit.
* Foundational knowledge of ISO 27001, NIST SP 800-171, or CMMC Level 2 requirements.
* Experience with GRC/IRM platforms (e.g., One Trust, Archer, Service Now GRC).
* Strong documentation, writing, organizational, and version-control skills.
* Proficiency with Excel/Sheets for risk scoring, register management, and reporting.
* Ability to coordinate projects and collaborate across multiple functions.
* Experience using compliance workflow platforms such as Future Feed.
* Experience supporting internal or external audits.
* Exposure to vendor risk management processes.
* Experience with internal audit or compliance management tools (e.g., Audit Board, Workiva).
* Foundational compliance or security certifications (e.g., ISO 27001 Foundations, Security+, CMMC coursework).
**…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search