Grc Analyst Green Card Jobs
GRC Analyst roles qualify for EB-2 or EB-3 green card sponsorship through the PERM labor certification process, which requires your employer to demonstrate no qualified U.S. workers are available. Demand for professionals who manage governance, risk, and compliance frameworks has made sponsorship increasingly common across financial services, healthcare, and technology sectors.
See All Grc Analyst JobsOverview
Showing 5 of 22+ Grc Analyst jobs
Have you applied for this role?
Have you applied for this role?
Have you applied for this role?
Have you applied for this role?
Have you applied for this role?
See all 22+ Grc Analyst jobs
Sign up for free to unlock all listings, filter by visa type, and get alerts for new Grc Analyst roles.
Get Access To All JobsJob Title: Information Security GRC Analyst Sr/UKHC
Requisition Number: RE54252
Working Title: Information Security, Governance, Risk and Compliance Analyst Senior
Department Name: H3997:EVPHA Information Technology
Work Location: Lexington, KY
Grade Level: 12
Salary Range: $62,400-111,634/year
Type of Position: Staff
Position Time Status: Full-Time
Required Education
BS
Required Related Experience
5 yrs
Required License/Registration/Certification
CISA (Certified Information Systems Auditor) or CRISC (Certified in Risk and Information Systems Control) or equivalent certification.
Physical Requirements
The physical requirements of this position include: Mobility to work from several locations depending on business needs; occasionally lifting, pushing, and/or pulling objects up to 50lbs; occasionally standing or walking with objects up to 10lbs; regularly sitting at a computer workstation for extended periods of time with regular repetitive motions (such as typing); occasionally dealing with combative/violent people; and occasional job-related travel.
Shift
Primarily Monday through Friday 8am-5pm, with evening, night, and weekend requirements per departmental needs.
Job Summary
Responsible for conducting risk assessments, gap analysis and compliance initiatives across the organization in alignment with NIST, HIPAA, GDPR, etc. Creates reports and presentations for reporting to senior management. Coordinates with IT teams, business stakeholders, and vendors to support security control implementation and remediation of findings. Contributes to process improvements and helps maintain the organization’s overall security posture. Mentors and trains other analysts to support knowledge transfer and enhance team effectiveness. This position is hybrid.
Essential Functions:
- Conducts risk assessments, gap analysis, and compliance initiatives for departments, systems, applications and vendors.
- Prepares reports for senior management and advises on risk mitigation.
- Evaluates controls and compensating controls and ensures that remediation plans are acceptable and in place.
- Communicates and implements control framework and automation.
- Tracks remediation of identified risks and collaborates with stakeholders to ensure timely resolution.
- Maintains security and compliance metrics, reporting findings to management.
- Prepares materials for internal and external audits, supporting audit readiness and evidence collection.
- Collaborates with IT and business teams to ensure adherence to regulatory requirements (HIPAA, SOX, PCI-DSS, GDPR, etc.).
- Participates in continuous improvement of GRC processes and documentation practices.
- Performs other duties as assigned.
Skills / Knowledge / Abilities
N/A
Does this position have supervisory responsibilities? No
Preferred Education/Experience
Bachelor’s degree in cybersecurity, computer science, or a related field.
Deadline to Apply: 05/10/2026
We value the well-being of each of our employees and are dedicated to creating a healthy place for everyone to work, learn and live. In the interest of maintaining a safe and healthy environment for our students, employees, patients and visitors, the University of Kentucky is a Tobacco \& Drug Free campus.
The University follows both the federal and state Constitutions as well as all applicable federal and state laws on nondiscrimination. The University provides equal opportunities for qualified persons in all aspects of institutional operations and does not discriminate on the basis of race, color, national origin, ethnic origin, religion, creed, age, physical or mental disability, veteran status, uniformed service, political belief, sex, sexual orientation, gender identity, gender expression, pregnancy, marital status, genetic information or social or economic status.
Any candidate offered a position may be required to pass pre-employment screenings as mandated by University of Kentucky Human Resources. These screenings may include a national background check and/or drug screen.
Job Title: Information Security GRC Analyst Sr/UKHC
Requisition Number: RE54252
Working Title: Information Security, Governance, Risk and Compliance Analyst Senior
Department Name: H3997:EVPHA Information Technology
Work Location: Lexington, KY
Grade Level: 12
Salary Range: $62,400-111,634/year
Type of Position: Staff
Position Time Status: Full-Time
Required Education
BS
Required Related Experience
5 yrs
Required License/Registration/Certification
CISA (Certified Information Systems Auditor) or CRISC (Certified in Risk and Information Systems Control) or equivalent certification.
Physical Requirements
The physical requirements of this position include: Mobility to work from several locations depending on business needs; occasionally lifting, pushing, and/or pulling objects up to 50lbs; occasionally standing or walking with objects up to 10lbs; regularly sitting at a computer workstation for extended periods of time with regular repetitive motions (such as typing); occasionally dealing with combative/violent people; and occasional job-related travel.
Shift
Primarily Monday through Friday 8am-5pm, with evening, night, and weekend requirements per departmental needs.
Job Summary
Responsible for conducting risk assessments, gap analysis and compliance initiatives across the organization in alignment with NIST, HIPAA, GDPR, etc. Creates reports and presentations for reporting to senior management. Coordinates with IT teams, business stakeholders, and vendors to support security control implementation and remediation of findings. Contributes to process improvements and helps maintain the organization’s overall security posture. Mentors and trains other analysts to support knowledge transfer and enhance team effectiveness. This position is hybrid.
Essential Functions:
- Conducts risk assessments, gap analysis, and compliance initiatives for departments, systems, applications and vendors.
- Prepares reports for senior management and advises on risk mitigation.
- Evaluates controls and compensating controls and ensures that remediation plans are acceptable and in place.
- Communicates and implements control framework and automation.
- Tracks remediation of identified risks and collaborates with stakeholders to ensure timely resolution.
- Maintains security and compliance metrics, reporting findings to management.
- Prepares materials for internal and external audits, supporting audit readiness and evidence collection.
- Collaborates with IT and business teams to ensure adherence to regulatory requirements (HIPAA, SOX, PCI-DSS, GDPR, etc.).
- Participates in continuous improvement of GRC processes and documentation practices.
- Performs other duties as assigned.
Skills / Knowledge / Abilities
N/A
Does this position have supervisory responsibilities? No
Preferred Education/Experience
Bachelor’s degree in cybersecurity, computer science, or a related field.
Deadline to Apply: 05/10/2026
We value the well-being of each of our employees and are dedicated to creating a healthy place for everyone to work, learn and live. In the interest of maintaining a safe and healthy environment for our students, employees, patients and visitors, the University of Kentucky is a Tobacco \& Drug Free campus.
The University follows both the federal and state Constitutions as well as all applicable federal and state laws on nondiscrimination. The University provides equal opportunities for qualified persons in all aspects of institutional operations and does not discriminate on the basis of race, color, national origin, ethnic origin, religion, creed, age, physical or mental disability, veteran status, uniformed service, political belief, sex, sexual orientation, gender identity, gender expression, pregnancy, marital status, genetic information or social or economic status.
Any candidate offered a position may be required to pass pre-employment screenings as mandated by University of Kentucky Human Resources. These screenings may include a national background check and/or drug screen.
See all 22+ Grc Analyst jobs
Sign up for free to unlock all listings, filter by visa type, and get alerts for new Grc Analyst roles.
Get Access To All JobsTips for Finding Green Card Sponsorship as a Grc Analyst
Document your GRC credentials before applying
Gather certifications like CISA, CRISC, or CGEIT alongside transcripts and employment letters now. PERM requires detailed evidence of your qualifications, and gaps discovered mid-filing delay labor certification by months.
Target employers in regulated industries first
Financial institutions, healthcare systems, and defense contractors face mandatory compliance obligations, which means dedicated GRC teams and recurring sponsorship demand. These employers are far more likely to have established PERM filing workflows than general tech firms.
Search for green card sponsors using Migrate Mate
Filter for GRC Analyst roles where employers have active EB-2 or EB-3 filing history. Migrate Mate surfaces that sponsorship data so you target roles with real permanent residency pathways, not just H-1B holders.
Confirm the job description matches PERM requirements
The PERM application locks in your job duties and minimum qualifications. Ask hiring managers to align the posted requirements with your actual credentials before an offer is signed, since mismatches can trigger DOL audits.
Check prevailing wage before negotiating your offer
Look up your job's wage level using the OFLC Wage Search before accepting any offer. Your employer must pay at least the DOL-certified prevailing wage throughout the PERM process, and negotiating below that level creates a compliance problem later.
Grc Analyst jobs are hiring across the US. Find yours.
Find Grc Analyst JobsGrc Analyst Green Card Sponsorship: Frequently Asked Questions
Do GRC Analyst roles typically qualify for EB-2 or EB-3 sponsorship?
Most GRC Analyst positions qualify under EB-3 as skilled workers requiring at least a bachelor's degree in information systems, computer science, or a related field. Roles that specifically require a master's degree or equivalent, or where you can demonstrate a bachelor's plus five years of progressive GRC experience, may qualify under EB-2, which offers priority date advantages for some nationalities.
How does PERM green card sponsorship differ from H-1B sponsorship for GRC Analysts?
H-1B sponsorship is temporary and subject to annual lottery caps, while PERM-based EB-2 and EB-3 sponsorship is permanent and has no lottery. The PERM process requires your employer to complete a formal recruitment campaign proving no qualified U.S. worker is available, which takes six to twelve months before USCIS even reviews your I-140 petition. The end result is lawful permanent residency, not a renewable work visa.
Which employers sponsor green cards for GRC Analysts most consistently?
Regulated industries with ongoing compliance mandates sponsor the most consistently: large banks, insurance carriers, healthcare networks, and federal contractors all maintain GRC functions that require long-term staffing. These employers have internal immigration counsel and established PERM workflows. Use Migrate Mate to filter GRC Analyst postings by employers with documented EB-2 or EB-3 sponsorship history, so you're not discovering a company's sponsorship policies mid-interview.
Can my employer start the PERM process while I'm on an H-1B or OPT?
Yes. PERM is independent of your current status. Employers can file a labor certification while you're working on H-1B, OPT, or any other authorized status. If you're on OPT with limited time remaining, your employer should file an H-1B cap-subject petition concurrently so your work authorization doesn't lapse while the multi-year PERM and I-140 process runs.
What GRC skills should be documented to support a strong PERM petition?
DOL evaluates whether your qualifications match the minimum requirements stated in the PERM job description exactly. Document hands-on experience with risk frameworks like NIST, ISO 27001, or SOC 2, plus any audit or compliance tool proficiency your role requires. Certifications such as CRISC or CISA should appear in your employment letters and transcripts. Avoid overstating qualifications that exceed the PERM minimum, since that can complicate the DOL's substitutability analysis.
See which Grc Analyst employers are hiring and sponsoring visas right now.
Search Grc Analyst Jobs