Governance, Risk, and Compliance Analyst

Build a Career That Builds Your Future — with PulteGroup! 

Welcome to PulteGroup where we believe in building more than just homes—we believe in building inspired employees, meaningful careers, and a legacy of excellence. If you're looking for work that moves you, a team that values your ideas, and a company that brings you pride, you’ve come to the right place. 

As one of the nation’s largest and most respected homebuilders, PulteGroup offers opportunities to grow within a Fortune 500 company that’s consistently recognized as a Fortune 100 Best Company to Work For and a certified Great Place to Work. We’re driven by the bold purpose of Building Incredible Places for People to Live Their Dreams.   

For over 70 years, we’ve been building more than homes—we’ve been building trust, innovation, and a culture where every team member is empowered to thrive. Join a company that champions inclusion, celebrates diversity, and supports your personal and professional journey. 

Headquartered in vibrant Atlanta, Georgia, and operating in over 45 markets nationwide, we’re proud to build homes through our trusted family of brands—including Innovative Construction Group, Centex, Pulte Homes, Del Webb, DiVosta Homes, American West, and John Wieland Homes and Neighborhoods, Pulte Mortgage, PGP Title, Pulte Insurance Agency —all united under the PulteGroup name. 

Apply now and discover a career where your contributions are valued, your growth is supported, and your work makes a lasting impact

Job Summary:

The GRC Analyst maintains and contributes to the design of the Company’s cybersecurity Governance, Risk, and Compliance program (GRC). Plays a key role in assessing technology-related risks and ensuring compliance with relevant regulations, policies, standards, and controls designed to protect the organization’s information assets. Provides guidance to less experienced GRC Analysts and leads process improvement efforts within the Information Security team.

Primary Job Responsibilities

Policies/Standards/Controls:

• Develops and maintains cybersecurity policies, standards, and guidelines.
• Implements and monitors compliance with cybersecurity control framework.
• Ensures policies are up-to-date and align with industry best practices, regulatory requirements, and cyber frameworks.
• Communicates policies to relevant stakeholders.

Security Awareness:

• Independently develops security awareness training programs and materials.
• Plans and executes cybersecurity awareness events and communication campaigns.
• Develops, organizes, and delivers training sessions to employees on security policies and best practices.
• Monitors and reports on the effectiveness of security awareness initiatives.

Cyber Risk Management:

• Collects, analyzes, and presents cybersecurity program performance metrics and key risk indicators (KRIs).
• Independently conducts regular assessments of cyber risks within applications, platforms, and processes.
• Identifies risks and develops mitigation strategies and risk management plans
• Manages third-party risk by assessing the security posture of external vendors and partners,
• implementing risk mitigation measures and fostering secure third-party relationships.

PCI, SOX, and Privacy Compliance:

• Ensures appropriate design and operating effectiveness of regulatory and PCI-DSS controls.
• Manages privacy-related data subject access requests.
• Monitors compliance and reports effectiveness.
• Independently performs periodic gap assessments to validate compliance.
• Monitors regulatory environment and performs impact assessments.
• Partners with auditors and manages action plans in response to audit discoveries.
• Performs other duties as assigned.

Career Level (P2)

Organizational Impact:

• Works to achieve day-to-day objectives with moderate impact on the area.
• Works independently on larger, moderately complex projects/assignments.
• Sets objectives for own area to meet the objectives or goals of projects and assignments.
• May assist other professionals with tasks and assignments.

Leadership & Talent Management: 

• May provide guidance and assistance to entry level professionals and/or support employees.

Knowledge & Experience: 

• Requires practical knowledge of area typically obtained through advanced education combined with experience.
• Minimum high school diploma or equivalent (GED) required.
• Typically requires a university degree or equivalent experience and minimum 2-4 years of prior relevant experience.

Required Skills

• Depth of knowledge with cybersecurity control frameworks (NIST CSF preferred)
• Working knowledge of cybersecurity policy lifecycle, standards, and guidelines.
• Experience with PCI-DSS and SOX
• Working knowledge of data governance and privacy regulations
• Experience with security awareness techniques and processes in an enterprise environment.
• Exceptional written and verbal communication skills that can be adjusted to relevant audiences.
• Analytic and problem-solving skills.

Required Licensing, Registration and/or Certifications

• Not applicable

Physical Requirements:

• May require travel

PulteGroup, Inc. and its affiliates do not accept unsolicited resumes from individual recruiters or third party recruiting agencies (collectively, “Recruiters”) in response to job postings. If Recruiters nevertheless submit one or more unsolicited resumes to any employee at PulteGroup, Inc. or its affiliates without a valid written agreement in place for this position, it will be deemed the sole property of PulteGroup, Inc. and its affiliates. No fee will be owing or paid to Recruiters who submit unsolicited candidates, in the event the candidate is hired by PulteGroup, Inc. or its affiliates as a result of the referral, without a written agreement between PulteGroup, Inc. and through any means other than via our Applicant Tracking System.