×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security Data Security IT Consultant

Senior GRC Risk Analyst

Job in San Diego, San Diego County, California, 92189, USA
Listing for: Intuit Inc.
Full Time position
Listed on 2026-01-13
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, Data Security, IT Consultant
Salary/Wage Range or Industry Benchmark: 125000 - 150000 USD Yearly USD 125000.00 150000.00 YEAR
Job Description & How to Apply Below

Come join the Governance, Risk, and Compliance (GRC) team at Intuit! We are looking for an exceptional, results-driven professional to join our world-class team and drive the maturity of our enterprise security risk program.

The cybersecurity risk landscape is constantly evolving. The Senior GRC Risk Analyst will play a crucial role in protecting our customers and our company by performing comprehensive security and compliance reviews of our vendors and partners and ensuring they meet our rigorous security requirements and regulatory obligations.

This role will also be instrumental in managing and maintaining the Enterprise Security Risk Register and the Security Issue Tracking process. The analyst will be responsible for identifying, assessing, mitigating, monitoring, and reporting on information security risks, ensuring timely remediation and providing transparent metrics to executive leadership. Finally, this position will actively support and maintain Intuit's security policies and standards, while tracking and implementing security controls aligned with frameworks such as ISO 27001 and PCI DSS
.

We pride ourselves on being innovative and agile. This is an exciting opportunity to work across all business units, influence our security control environment, and contribute directly to the financial trust and stability of our platform.

Responsibilities

  • Third-Party Security

    Risk Management:

     Lead and execute end-to-end security assessments (initial and ongoing) of third-party vendors, suppliers, and partners, focusing on inherent risk, control maturity, and compliance with industry standards and contractual obligations.

  • Risk Register & Issue Management: Own the management and maintenance of the Enterprise Security Risk Register, ensuring accurate categorization, impact analysis, and consistent scoring of identified risks.

  • Remediation Tracking: Oversee the security issue tracking process, working closely with control owners across Engineering, Product, and IT teams to define appropriate remediation plans, monitor progress, and elevate overdue items to GRC leadership.

  • Policy & Control Implementation: Actively support the ongoing lifecycle of our Information Security Policies and Standards by reviewing, updating, and aligning them to current and emerging regulatory and security framework requirements (e. g. NIST 800-53, PCI DSS).

  • Security Control Assessments: Participate in internal security control self-assessments and evidence collection efforts, helping to ensure continuous compliance and audit readiness.

  • Executive Reporting: Develop clear, concise, and actionable risk reporting and metrics (KRIs) for GRC leadership and executive stakeholders, translating technical security issues into business risk context.

  • Cross-Functional Collaboration: Establish strong, trusted partnerships with internal stakeholders (e.g., Legal, Procurement, Engineering, Product) to embed security and risk management practices early in the business lifecycle.

  • Process Improvement: Identify and advocate for opportunities to leverage automation and tooling to streamline risk and vendor assessment processes, enhancing efficiency and accuracy.

Qualifications

  • Experience: 4+ years of hands‑on experience in Information Security, focusing on GRC, security risk management, third-party risk, or technical security auditing within a regulated industry, preferably fintech.

  • Domain Expertise: Strong functional knowledge of widely adopted security frameworks, including NIST CSF, NIST 800‑53, ISO 27001
    , and proven experience with PCI DSS compliance requirements.

  • Third-Party Assessment

    Skills:

     Demonstrated ability to perform detailed security reviews of third-party documentation (e.g., SOC reports, penetration tests, security questionnaires) to identify security gaps and associated risks.

  • Risk Methodology: Experienced in applying risk management methodologies, covering the full lifecycle of activities: identification, quantitative/qualitative assessment, mitigation planning, monitoring, and reporting.

  • Technical Acumen: Foundational understanding of common enterprise technology concepts, including cloud environments (AWS, Azure, GCP), network security,…

Position Requirements
10+ Years work experience
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search