Apply now »

GRC Analyst

Date:  Apr 29, 2026
Location: 

Overland Park, KS, US Cary, NC, US

Company:  Black & Veatch Family of Companies

 

Together, we own our company, our future, and our shared success.

 

As an employee-owned company, our people are Black & Veatch. We put them at the center of everything we do and empower them to grow, explore new possibilities and use their diverse talents and perspectives to solve humanity's biggest challenges in an ever-evolving world. With over 100 years of innovation in sustainable infrastructure and our expertise in engineering, procurement, consulting and construction, together we are building a world of difference.

 

Company : Black & Veatch Corporation

Req Id : 114723

Opportunity Type : Staff

Relocation eligible : No

Full time/Part time : Full-Time

Project Only Hire : No

Visa Sponsorship Available: No

 

Why Black & Veatch?

 

Black & Veatch allows you to lend your talent and perspective to humanity’s biggest challenges in a flexible environment where you are empowered to grow and explore new possibilities. We offer competitive compensation, 401k match and benefits that start day one.

 

Our hybrid environment allows you to balance your work and personal life. At Black & Veatch, you own your career with purpose and meaning. You are empowered to grow and explore new possibilities at every step of your career journey. Bring your big ideas knowing you are safe to be who you are and speak up with concerns or questions and put your diverse talents and perspectives to use.

 

The Opportunity

The GRC (Governance, Risk, and Compliance) Analyst  plays an important role in the GRC delivery framework, ensuring Black & Veatch’s compliance with regulatory and contractual requirements, assisting with third-party risk management, and promoting a culture of risk awareness across the enterprise among other responsibilities. With an emphasis on cyber and compliance risk management, the ideal candidate should be able to contribute to measuring success, identifying improvement opportunities and carrying out actions to implement those improvements and mature controls.


This role is ideal for a detail-oriented and self-driven professional with a passion for cyber and compliance risk management.

Key Responsibilities

Cyber Risk Management

  • Collaborate with peer D&IT groups to collect KPI’s, KRI’s and drive efficiency through automation and other means
  • Support establishment, collection, and ongoing improvement of metrics to measure effectiveness of cyber risk management and provide data-driven insight to decision makers and control owners

Compliance Risk Management

  • Monitor regulatory and legal landscape at a global scale and maintain awareness of compliance requirements
  • Review and monitor compliance to client contractual requirements related to data security, risk management/cyber resilience, and breach reporting
  • Request and review documentation and evidence from control owners to certify and validate compliance to regulatory requirements
  • Support independent certification and audit by working with D&IT peer groups and lines of business to collect documentation and evidence

IT Governance

  • Contribute to policy development aligned with regulatory and contractual requirements
  • Maintain and assist updating standards of practice documentation to be referenced by architecture and operations teams
  • Participate in regularly scheduled governance forums and contribute process knowledge

Supplier/Third Party Risk Management

  • Actively participate in third party risk assessment process including reviewing input from third parties and offering opinion of risk factors 
  • Assist review of client security requirements in contracts and aggregate relevant clauses to inform contractual risk

Miscellaneous:

  • Leverage tools, including GenAI in a secure manner to gain efficiencies in delivery of functions
  • Assist in conducting user training in SETA tool + help establish and optimize metrics and feedback with business stakeholders
  • Support internal audit 
  • Assist with security certification/attestations/audits to demonstrate control effectiveness to independent service auditors/assessors and C3PAO’s
  • Assist in development of risk mitigation plans and monitoring progress of actions.
  • Collaborate with members of the GRC team to ensure timely and quality deliverables to internal and external consumers
  • Organize, prioritize, and with input from team members, respond to incoming GRC related requests from IT and other business units

Management Responsibilities

Individual Contributor

Minimum Qualifications

  • Bachelor’s degree in Information Systems, Computer Science or a related field, or relevant years of experience to substitute for a degree.  
  • 2–3 years of experience in a GRC role
  • All applicants must be able to complete pre-employment onboarding requirements (if selected) which may include any/all of the following: criminal/civil background check, drug screen, and motor vehicle records search, in compliance with any applicable laws and regulations.

Preferred Qualifications

  • Strong analytical, organizational, and communication skills
  • Professional certifications such as CRISC, CISSP or others
  • Exposure to and knowledge of privacy laws
  • Experience with GRC platforms and risk management methodologies
  • Ability to work independently and collaboratively as required+ Accountability in projects and tasks, following through to completion with minimum supervision
  • Strong collaboration with IT teams
  • Familiarity with regulatory frameworks and best practices (e.g., NIST, ISO 27001, CIS CISC, UK Cyber Essentials, CMMC, SCF)
  • Proficiency in information security principles and concepts
  • Attention to detail and critical thinking
  • Ethical judgment and integrity
  • Ability to manage multiple tasks and deadlines
  • Strong interpersonal and stakeholder engagement skills

Work Environment/Physical Demands

Hybrid or flexible work options may be offered after the first 90 days of employment based upon manager discretion, job performance and work assignments.

Salary Plan

ITS: Information Technology Service

Job Grade

015

Black & Veatch endeavors to make www.bv.com/careers accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process because of a disability, please contact the Employee Relations Department at +1-913-359-1622 or via our accommodations request form. This contact information is for disability accommodation requests only; you may not use this contact information to inquire about the status of applications. General inquiries about the status of applications will not be returned.

 

Black & Veatch is committed to being an employer of choice by creating a valuable work experience that keeps our people engaged, productive, safe and healthy.

 

Our comprehensive benefits portfolio is a key component of this commitment and offers an array of health care benefits including but not limited to medical, dental and vision insurances along with disability and a robust wellness program.

 

To support a healthy work-life balance, we offer flexible work schedules, paid vacation and holiday time, sick time, and dependent sick time.

 

A variety of additional benefits are available to our professionals, including a company-matched 401k plan, adoption reimbursement, tuition reimbursement, vendor discounts, an employment referral program, AD&D insurance, pre-taxed accounts, voluntary legal plan and the B&V Credit Union. Professionals may also be eligible for a performance-based bonus program.

 

We are proud to be a 100 percent ESOP-owned company. As employee-owners, our professionals are empowered to drive not only their personal growth, but the company's long-term achievements - and they share in the financial rewards of the success through stock ownership.

 

By valuing diverse voices and perspectives, we cultivate an authentically inclusive environment for professionals and are able to provide innovative and effective solutions for clients.

 

BVH, Inc., its subsidiaries and its affiliated companies, complies with all Equal Employment Opportunity (EEO) laws and regulations. Black & Veatch does not discriminate on the basis of age, race, religion, color, sex, national origin, marital status, genetic information, sexual orientation, gender Identity and expression, disability, veteran status, pregnancy status or other status protected by law.

 

Notice to External Search Firms: Black & Veatch does not accept unsolicited resumes and will not be obligated to pay a placement fee for unsolicited resumes. Black & Veatch Talent Acquisition engages with search firms directly for hiring needs.


Nearest Major Market: Olathe
Nearest Secondary Market: Kansas City
Job Segment: Engineer, Engineering

Apply now »