Governance, Risk & Compliance Analyst II

Governance, Risk & Compliance Analyst II

UDR, Inc. is now hiring a Governance, Risk & Compliance Analyst II to join our team at our corporate office in Highlands Ranch.

General Summary Of Duties: The GRC Analyst role(s) will be responsible for the implementation, operation, and maintenance of UDR's IT Governance, Risk & Compliance (GRC) program in accordance with business objectives and legal requirements. All levels will work on growing and maintaining the enterprise's audit readiness, AI governance, third-party risk management, and consumer privacy programs. These roles collaborate closely with appropriate business personnel to support the confidentiality, integrity, and availability of enterprise data and the responsible deployment of AI systems.

GRC Analyst II shall take increased ownership of GRC processes and tool utilization while working towards delivery of strategic goals, including AI governance initiatives.

Supervision Received: Reports directly to the Director Cyber Risk and Privacy

Supervision Exercised: N/A

Essential Functions:

• Lead evidence collection and coordination for external and internal audits, including Sarbanes-Oxley (SOX) and NIST CSF, working directly with both internal and external auditors as well as internal control owners.
• Identify control gaps and remediation opportunities through audit findings and proactively communicate recommendations to management.
• Lead AI governance implementation tasks, including maintaining enterprise AI technical feasibility assessments, conducting AI vendor risk assessments, and supporting the development of AI use policies and standards.
• Advise business stakeholders on AI-related risks, including fair-housing implications of AI-assisted leasing or screening tools, and SEC disclosure obligations related to material AI risks.
• Manage vendor due diligence and third-party risk assessments, with specialized focus on evaluating AI-enabled vendor tools for algorithmic transparency, bias testing, and data governance practices.
• Manage and track vendor certification/recertification status and maintain the approved vendor list.
• Manage the program to document, analyze, and fulfill all consumer data privacy requests received by UDR, including state-specific requirements.
• Advise the business on federal and state privacy compliance issues and best practices in accordance with applicable state laws.
• Research new and evolving legal requirements as they relate to consumer privacy, AI governance, and relevant GRC domain areas.
• Advise project teams on data privacy and AI risks associated with specific business activities and data use.
• Create and edit organizational policies as they pertain to information technology, AI governance, and GRC.
• Lead the implementation and maintenance of GRC applications, tools, and systems in accordance with program policy and industry best practice.
• Create and design reporting, metrics, and dashboards to support compliant and transparent IT operations.
• Communicate with consumers and across the enterprise in a timely, professional, and precise manner.
• Manage processes for digital forensics and evidence chain of custody for any incident or investigation related to data privacy.
• Consult with key stakeholders on privacy and AI governance assessments; serve as a subject matter expert for IT Operations.
• Lead organizational data privacy and AI governance training and awareness efforts.
• Perform other duties as assigned or as necessary.

Education And Experience:

• Bachelor's degree in Information Systems, Cybersecurity, a related field, or equivalent experience required.
• Minimum of three years' experience in GRC, data privacy, risk management, audit support, and/or information security.
• Demonstrable advanced knowledge and understanding of data privacy laws, including state-specific laws in Colorado, California, and emerging state privacy laws.
• Hands-on experience supporting SOX and/or NIST CSF audits, including evidence gathering and control testing.
• Experience evaluating third-party and vendor risk, including vendors utilizing AI-enabled tools.
• Working knowledge of AI governance principles, including AI risk assessment, vendor transparency requirements, and fair-housing implications of automated decision-making tools.
• Work experience with data privacy, third-party risk management, and contract lifecycle management software and tools.
• Work experience with policy lifecycle processes to include drafting, editing, and publishing preferred.
• CIPP/US, CIPM, CIPT, CISA, or other related certification preferred.

Benefits Offered:

• Medical, Dental, Vision Plans
• Medical Flexible Spending Account
• Dependent Care Spending Account
• Lifestyle Spending Account
• Supplemental Term Life Insurance
• Critical Illness Plan
• Supplemental Short-Term Disability Insurance / AD&D Insurance
• Voluntary Long Term Care Insurance
• 401(k) Plan with company match

Salary Range: $85,000.00/yr. $100,000.00/yr., depends on experience

Bonus Potential: Eligible for 10% annual bonus potential, based on personal and company performance

Anticipated Close Date: July 1, 2026

UDR is proud to provide equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.

UDR is committed to providing and maintaining a diverse workforce and an inclusive work environment with equitable access and opportunity for associates to participate, grow, and reach their full potential.

Equal Opportunity Employer This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights notice from the Department of Labor.