Risk And Compliance Green Card Jobs
Risk and compliance roles qualify for employment-based green card sponsorship under EB-2 for advanced-degree professionals or EB-3 for experienced specialists. Your employer files a PERM labor certification with DOL before sponsoring your I-140 petition, putting you on the path to permanent residency rather than a renewable temporary status.
See All Risk And Compliance JobsOverview
Showing 5 of 723+ Risk And Compliance jobs
Have you applied for this role?
Have you applied for this role?
Have you applied for this role?
Have you applied for this role?
Have you applied for this role?
See all 723+ Risk And Compliance jobs
Sign up for free to unlock all listings, filter by visa type, and get alerts for new Risk And Compliance roles.
Get Access To All JobsRole Overview
As a Security Risk and Compliance Analyst you will play a hands-on role in maturing and operating Asana's compliance and certification programme—specifically across controls maturity, policy governance, and audit execution. This role sits at the intersection of traditional GRC work and compliance engineering: you will help maintain our control frameworks and run our audit cycles, while also contributing to the automation initiatives that make our compliance programme scalable and repeatable.
This is an excellent opportunity for someone with early-career GRC experience who is excited to grow their technical skills and help shape how a high-growth SaaS company approaches compliance automation. You will partner closely with Security Engineering, Legal, Privacy, and R&D to ensure our controls are effective, our evidence pipelines are reliable, and our certifications—SOC 2, ISO 27001, and FedRAMP—are maintained with rigour.
This role is based in our San Francisco office with an office-centric hybrid schedule. The standard in-office days are Monday, Tuesday, and Thursday. Most Asanas have the option to work from home on Wednesdays. If you're interviewing for this role, your recruiter will share more about the in-office requirements.
What You'll Achieve
Controls Maturity & Certifications
- Support the maintenance and continuous improvement of Asana's control framework, tracking control effectiveness across SOC 2, ISO 27001, FedRAMP Moderate, and other applicable standards.
- Proactively engage with a wide range of teams—including Engineering, IT, and People—to work through controls maturity activities, close existing gaps, and drive remediation efforts to completion with clear documentation of progress.
- Build strong working relationships across the business so that control owners feel supported and accountability is shared, not siloed within the compliance team.
- Contribute to controls maturity scoring and reporting, providing ongoing visibility into programme health for senior leadership.
- Support external compliance audits end-to-end: coordinating evidence requests, liaising with auditors, and tracking findings through to closure.
FedRAMP Continuous Monitoring
- Own the monthly FedRAMP ConMon package submission, ensuring it is accurate, complete, and delivered on time every month.
- Track and drive completion of all timebound FedRAMP requirements by working closely with Engineering, People, and other responsible teams.
- Maintain a clear calendar of FedRAMP deliverables and proactively flag risks to timelines, escalating where needed to ensure nothing slips.
- Serve as a day-to-day point of contact for FedRAMP-related queries from internal teams, helping them understand their obligations and what good looks like.
Evidence Collection & Automation
- Own evidence collection workflows within our GRC platform, ensuring controls are reliably mapped, evidence is current, and audit artefacts are ready year-round.
- Where possible, identify opportunities to automate repetitive evidence-gathering tasks—this is a nice-to-have rather than a core requirement, but curiosity and initiative here will be valued.
- Document evidence collection procedures so that processes are transparent, auditable, and maintainable by the broader team.
About You
- 3+ years of experience in Governance, Risk, and Compliance (GRC), information security, or a closely related field—internships and co-ops count.
- Foundational knowledge of security compliance frameworks such as SOC 2, ISO 27001, NIST CSF, or FedRAMP; you don't need to be an expert in all of them.
- Comfortable engaging with a wide variety of teams—Engineering, People, IT, Legal—to explain compliance requirements, gather evidence, and build the relationships needed to close control gaps.
- Organised and deadline-driven: you can manage multiple workstreams, track time-sensitive obligations (like monthly FedRAMP submissions), and keep audit artefacts tidy without being reminded.
- A clear communicator who can translate compliance requirements into plain language for both technical and non-technical stakeholders.
- Exposure to compliance automation or evidence collection tooling (GRC platforms, scripting, API integrations) is a plus, but not essential—curiosity and a willingness to grow technically matter more.
- Curious about how modern SaaS engineering works—comfortable asking questions and learning the technical context behind a control.
At Asana, we're committed to building teams that include a variety of backgrounds, perspectives, and skills, as this is critical to helping us achieve our mission. If you're interested in this role and don't meet every listed requirement, we still encourage you to apply.
What We'll Offer
Our comprehensive compensation package plays a big part in how we recognize you for the impact you have on our path to achieving our mission. We believe that compensation should be reflective of the value you create relative to the market value of your role. To ensure pay is fair and not impacted by biases, we're committed to looking at market value, which is why we check ourselves and conduct a yearly pay equity audit.
For this role, the estimated base salary range is between $130,000–$160,000. The actual base salary will vary based on various factors, including market and individual qualifications objectively assessed during the interview process. In addition to base salary, your compensation package may include equity and benefits. Speak with your Talent Acquisition Partner to learn more.
We strive to provide equitable and competitive benefits packages that support our employees worldwide and include:
- Mental health, wellness & fitness benefits
- Career coaching & support
- Inclusive family building benefits
- Long-term savings or retirement plans
- In-office culinary options to cater to your dietary preferences
These are just some of the benefits we offer, and benefits may vary based on role, country, and local regulations.
About Asana
Asana helps teams orchestrate their work, from small projects to strategic initiatives. Millions of teams around the world rely on Asana to achieve their most important goals, faster. Asana has been named a Top 10 Best Workplace for 5 years in a row, is Fortune's #1 Best Workplace in the Bay Area, and one of Glassdoor's and Inc.'s Best Places to Work.
We believe in supporting people to do their best work and thrive, and building a diverse, equitable, and inclusive company is core to our mission. Our goal is to ensure that Asana upholds an inclusive environment where all people feel equally respected and valued, whether they are applying for an open position or working at the company. We provide equal employment opportunities to all applicants without regard to race, colour, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by law. We also comply with the San Francisco Fair Chance Ordinance and similar laws in other locations.
LI-Hybrid
Role Overview
As a Security Risk and Compliance Analyst you will play a hands-on role in maturing and operating Asana's compliance and certification programme—specifically across controls maturity, policy governance, and audit execution. This role sits at the intersection of traditional GRC work and compliance engineering: you will help maintain our control frameworks and run our audit cycles, while also contributing to the automation initiatives that make our compliance programme scalable and repeatable.
This is an excellent opportunity for someone with early-career GRC experience who is excited to grow their technical skills and help shape how a high-growth SaaS company approaches compliance automation. You will partner closely with Security Engineering, Legal, Privacy, and R&D to ensure our controls are effective, our evidence pipelines are reliable, and our certifications—SOC 2, ISO 27001, and FedRAMP—are maintained with rigour.
This role is based in our San Francisco office with an office-centric hybrid schedule. The standard in-office days are Monday, Tuesday, and Thursday. Most Asanas have the option to work from home on Wednesdays. If you're interviewing for this role, your recruiter will share more about the in-office requirements.
What You'll Achieve
Controls Maturity & Certifications
- Support the maintenance and continuous improvement of Asana's control framework, tracking control effectiveness across SOC 2, ISO 27001, FedRAMP Moderate, and other applicable standards.
- Proactively engage with a wide range of teams—including Engineering, IT, and People—to work through controls maturity activities, close existing gaps, and drive remediation efforts to completion with clear documentation of progress.
- Build strong working relationships across the business so that control owners feel supported and accountability is shared, not siloed within the compliance team.
- Contribute to controls maturity scoring and reporting, providing ongoing visibility into programme health for senior leadership.
- Support external compliance audits end-to-end: coordinating evidence requests, liaising with auditors, and tracking findings through to closure.
FedRAMP Continuous Monitoring
- Own the monthly FedRAMP ConMon package submission, ensuring it is accurate, complete, and delivered on time every month.
- Track and drive completion of all timebound FedRAMP requirements by working closely with Engineering, People, and other responsible teams.
- Maintain a clear calendar of FedRAMP deliverables and proactively flag risks to timelines, escalating where needed to ensure nothing slips.
- Serve as a day-to-day point of contact for FedRAMP-related queries from internal teams, helping them understand their obligations and what good looks like.
Evidence Collection & Automation
- Own evidence collection workflows within our GRC platform, ensuring controls are reliably mapped, evidence is current, and audit artefacts are ready year-round.
- Where possible, identify opportunities to automate repetitive evidence-gathering tasks—this is a nice-to-have rather than a core requirement, but curiosity and initiative here will be valued.
- Document evidence collection procedures so that processes are transparent, auditable, and maintainable by the broader team.
About You
- 3+ years of experience in Governance, Risk, and Compliance (GRC), information security, or a closely related field—internships and co-ops count.
- Foundational knowledge of security compliance frameworks such as SOC 2, ISO 27001, NIST CSF, or FedRAMP; you don't need to be an expert in all of them.
- Comfortable engaging with a wide variety of teams—Engineering, People, IT, Legal—to explain compliance requirements, gather evidence, and build the relationships needed to close control gaps.
- Organised and deadline-driven: you can manage multiple workstreams, track time-sensitive obligations (like monthly FedRAMP submissions), and keep audit artefacts tidy without being reminded.
- A clear communicator who can translate compliance requirements into plain language for both technical and non-technical stakeholders.
- Exposure to compliance automation or evidence collection tooling (GRC platforms, scripting, API integrations) is a plus, but not essential—curiosity and a willingness to grow technically matter more.
- Curious about how modern SaaS engineering works—comfortable asking questions and learning the technical context behind a control.
At Asana, we're committed to building teams that include a variety of backgrounds, perspectives, and skills, as this is critical to helping us achieve our mission. If you're interested in this role and don't meet every listed requirement, we still encourage you to apply.
What We'll Offer
Our comprehensive compensation package plays a big part in how we recognize you for the impact you have on our path to achieving our mission. We believe that compensation should be reflective of the value you create relative to the market value of your role. To ensure pay is fair and not impacted by biases, we're committed to looking at market value, which is why we check ourselves and conduct a yearly pay equity audit.
For this role, the estimated base salary range is between $130,000–$160,000. The actual base salary will vary based on various factors, including market and individual qualifications objectively assessed during the interview process. In addition to base salary, your compensation package may include equity and benefits. Speak with your Talent Acquisition Partner to learn more.
We strive to provide equitable and competitive benefits packages that support our employees worldwide and include:
- Mental health, wellness & fitness benefits
- Career coaching & support
- Inclusive family building benefits
- Long-term savings or retirement plans
- In-office culinary options to cater to your dietary preferences
These are just some of the benefits we offer, and benefits may vary based on role, country, and local regulations.
About Asana
Asana helps teams orchestrate their work, from small projects to strategic initiatives. Millions of teams around the world rely on Asana to achieve their most important goals, faster. Asana has been named a Top 10 Best Workplace for 5 years in a row, is Fortune's #1 Best Workplace in the Bay Area, and one of Glassdoor's and Inc.'s Best Places to Work.
We believe in supporting people to do their best work and thrive, and building a diverse, equitable, and inclusive company is core to our mission. Our goal is to ensure that Asana upholds an inclusive environment where all people feel equally respected and valued, whether they are applying for an open position or working at the company. We provide equal employment opportunities to all applicants without regard to race, colour, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by law. We also comply with the San Francisco Fair Chance Ordinance and similar laws in other locations.
LI-Hybrid
See all 723+ Risk And Compliance jobs
Sign up for free to unlock all listings, filter by visa type, and get alerts for new Risk And Compliance roles.
Get Access To All JobsTips for Finding Green Card Sponsorship in Risk And Compliance
Document your compliance credentials strategically
Certifications like CRCM, CAMS, or CFE strengthen your PERM case by narrowing the qualifying applicant pool. USCIS scrutinizes specialty occupation evidence closely, so gather degree transcripts, professional licenses, and employer attestation letters before any sponsorship conversation begins.
Target employers with existing PERM infrastructure
Banks, insurance carriers, and healthcare systems with dedicated compliance functions file PERM applications regularly. Focus your search on employers whose legal or HR teams already understand the DOL prevailing-wage determination process for financial risk and regulatory roles.
Search green card sponsoring jobs on Migrate Mate
Migrate Mate filters specifically for employers sponsoring employment-based green cards, including risk and compliance roles. Use it to surface EB-2 and EB-3 opportunities without sorting through listings from employers who sponsor H-1B only or not at all.
Verify your prevailing wage tier before negotiating
DOL assigns a wage level to your PERM application using the OFLC Wage Search. If your offered salary falls below the Level II or III benchmark for your SOC code and metro area, your employer must increase the offer before DOL will certify the application.
Ask about concurrent I-140 and I-485 filing eligibility
If your priority date is current when the I-140 is approved, you can file for adjustment of status at the same time. For many compliance professionals from countries without significant visa backlogs, this dramatically shortens the path to a green card.
Understand how PERM job descriptions affect your future role
DOL requires the PERM job description to represent your actual duties at a minimum qualification level. A description written too narrowly can create complications if your role evolves, so review the draft posting with your employer's immigration counsel before the recruitment phase starts.
Risk And Compliance jobs are hiring across the US. Find yours.
Find Risk And Compliance JobsRisk And Compliance Green Card Sponsorship: Frequently Asked Questions
Do risk and compliance roles qualify for EB-2 or EB-3 green card sponsorship?
Both categories apply depending on your qualifications and the role's requirements. EB-2 covers positions requiring a master's degree or equivalent, which fits many senior compliance officer and risk management roles. EB-3 covers positions requiring a bachelor's degree and at least two years of experience, making it accessible to a broader range of compliance analysts and specialists. Your employer's PERM application defines which category applies.
How does green card sponsorship differ from H-1B sponsorship for compliance professionals?
An H-1B is a temporary work visa with a three-year initial period and a competitive annual lottery. Green card sponsorship through PERM leads to permanent residency with no renewal requirement and no annual cap at the EB-3 level for most nationalities. The PERM process takes longer upfront, typically one to two years from labor certification through I-140 approval, but the outcome is a permanent immigration status rather than a temporary authorization.
What does the PERM labor certification process require from a compliance employer?
Your employer must conduct a DOL-supervised recruitment campaign to demonstrate no qualified U.S. workers are available for the position. This includes posting the job through specific channels, documenting every applicant reviewed, and submitting a prevailing wage determination through OFLC. The job description used in the PERM application becomes the legal definition of your role, so accuracy at this stage matters significantly for your long-term green card case.
How can I find employers actively sponsoring green cards for risk and compliance roles?
Migrate Mate is built specifically for this search. It filters job listings by employers with active employment-based green card sponsorship history, including EB-2 and EB-3 roles in risk and compliance. This saves significant time compared to applying broadly and discovering sponsorship availability only during the offer stage, when changing terms becomes difficult.
Can I change employers after my green card sponsorship process has started?
After your I-140 is approved and has been pending for at least 180 days, federal law allows you to move to a new employer in a same or similar occupational classification without losing your priority date. For compliance professionals, this portability provision means a risk manager role at one firm can often transfer to an equivalent compliance role at another, but you should confirm the occupational match with immigration counsel before accepting any new offer.
See which Risk And Compliance employers are hiring and sponsoring visas right now.
Search Risk And Compliance Jobs