Senior Governance & Risk Analyst

Senior Governance & Risk Analyst

Zs is a management consulting and technology firm focused on improving life and how we live it. As a senior analyst on our IT Governance, Risk and Compliance team, you will partner with internal stakeholders and external partners to strengthen our IT risk posture and ensure compliance across the organization.

We are seeking an experienced analyst to support governance and risk initiatives, providing comprehensive risk assessments and maintaining the organization’s risk register. Your work will directly protect the integrity and stability of our infrastructure.

• Perform comprehensive vendor, process, and project security risk assessments and identify security gaps.
• Evaluate risks across IT systems, applications, infrastructure, and third‑party engagements.
• Document findings with clear rationale and actionable recommendations.
• Maintain and update the risk register, including classification, ownership, and closure tracking.
• Collaborate with security, legal, procurement, and other internal teams to ensure documentation aligns with business priorities.
• Conduct periodic risk hygiene activities such as archival of outdated risks and evidence collection.
• Apply industry regulatory standards (ISO, NIST, GDPR) to assess and document compliance.
• Support the implementation of security policies and control frameworks.
• Monitor control effectiveness and recommend improvements.
• Prepare risk reports with findings, impact analysis, and mitigation plans.
• Share risk trend updates and exception tracking on a regular cadence.
• Communicate technical risk concepts in a clear, accessible format for non‑technical audiences.

• Bachelor’s degree in Computer Science, Information Systems, or related field (master’s preferred).
• 4‑6 years of experience in IT risk management, governance, or related field.
• In‑depth knowledge of IT risk assessment methodologies, industry best practices, and regulatory requirements (GDPR, HIPAA, PCI DSS).
• Strong experience with vendor risk management and security risk assessments.
• Proficiency in risk assessment tools and technologies.
• Excellent analytical and problem‑solving skills.
• Strong written and verbal communication skills, including the ability to explain technical concepts to non‑technical audiences.
• Strong organizational and time‑management skills, with the ability to manage multiple priorities and deadlines.
• Preferred certifications: CRISC, CISSP, CISM, ISO 27001.
• Professional appearance and demeanor, with good judgment and discretion.
• Proven ability to work creatively and analytically in a problem‑solving environment.

• Cross‑functional skills development & custom learning pathways.
• Milestone training programs aligned to career progression opportunities.
• Internal mobility paths that empower growth via s‑curves, individual contribution, and role expansion.

ZS is committed to a flexible and connected way of working. ZSers are on‑site at clients or ZS offices three days a week, with the option to work remotely two days a week.

ZS offers a comprehensive rewards package including health and well‑being support, financial planning, annual leave, personal growth and professional development plans, and multiple career progression options.

Travel is required for client‑facing ZSers. Projects may vary from local to international travel; these opportunities support client relationships and professional growth.

At ZS we honor diverse identities, experiences, and perspectives. We are committed to building a team that reflects a wide range of backgrounds, and we provide supportive networks and resources to help you thrive.

ZS is an equal opportunity employer and is committed to providing equal employment and advancement opportunities without regard to any class protected by applicable law.

Candidates must possess or be able to obtain work authorization for their intended country of employment and submit an online application including a full set of official or unofficial transcripts.

Agency or recruiting firm representatives should not contact the hiring team directly.