Technology Risk & Compliance Analyst

Built on meritocracy, our unique company culture rewards self-starters and those who are committed to doing what is best for our customers.

Brown & Brown is seeking a Technology Risk & Compliance Analyst to manage technology risk and ensure compliance across the Retail Technology portfolio. This role embeds risk and compliance into delivery as an integrated capability that enables speed, quality, and regulatory alignment.

The ideal candidate will partner with portfolio leaders, delivery teams, security, and business stakeholders to proactively identify, prioritize, and manage risks, enforce compliance standards, and drive remediation across applications, infrastructure, and data environments. This role aligns to the Retail OCIO objective of managing risk within defined appetite while enabling scalable, secure technology delivery.

How you will Contribute:

Technology Risk Management

• Identify, assess, and document technology risks across projects, products, and platforms within the Retail portfolio.

• Facilitate the prioritization of technology risks based on business impact, regulatory exposure, and defined risk appetite.

• Conduct risk assessments for new initiatives, including M&A integrations and platform implementations.

• Partner with project managers and product teams to integrate risk mitigation into delivery plans and milestones.

• Ensure risk mitigation strategies align to enterprise risk appetite and portfolio priorities.

• Monitor risk exposure and ensure remediation activities are tracked through completion.

Compliance Oversight & Governance

• Ensure alignment with internal policies and external regulatory requirements (e.g., SOX, SOC controls, data privacy standards).

• Support implementation and maintenance of IT governance, risk, and compliance (GRC) frameworks.

• Evaluate and ensure technology policies, standards, and procedures are fit for purpose and aligned to regulatory and business requirements.

• Recommend updates to policies and standards based on regulatory changes, audit findings, and evolving risk landscape.

• Maintain compliance documentation, control narratives, and evidence repositories.

• Monitor and report adherence to policies, standards, and standard operating procedures across the portfolio.

Audit & Control Effectiveness

• Support internal and external audit activities, including evidence collection, walkthroughs, and remediation tracking.

• Partner with internal and external Audit to support successful audit outcomes, including SOX compliance, evidence validation, and timely remediation of findings.

• Assess effectiveness of IT controls and identify gaps across applications, infrastructure, and processes.

• Partner with control owners to strengthen control design and execution.

• Drive timely closure of audit findings and control deficiencies.

Vendor & Third-Party Risk

• Partner with Vendor Management and enterprise third- and fourth-party risk teams to ensure technology-related vendor risks are identified and addressed.

• Incorporate vendor-related risks into portfolio-level risk visibility and reporting.

• Support tracking and remediation of vendor-related control gaps impacting Retail Technology delivery.

Reporting & Decision Support

• Prepare and deliver transparent, decision-ready reporting for governance forums, including Steering Committees and OCIO leadership.

• Provide insights that enable leadership to evaluate risk exposure alongside investment, delivery progress, and business outcomes.

• Highlight trade-offs, emerging risks, and areas requiring leadership attention or decision.

• Track key risk indicators (KRIs), control effectiveness, and remediation progress.

Continuous Improvement

• Identify opportunities to streamline and improve GRC processes, tooling, and operating model effectiveness.

• Contribute to the evolution of OCIO governance, risk, and control frameworks.

Skills and Experience to be Successful:

• Bachelor’s degree in Information Technology, Cybersecurity, Business, or related field.

• 3–7 years of experience in IT risk, compliance, audit, or cybersecurity.

• Strong working knowledge of GRC frameworks (e.g., NIST, ISO 27001, COBIT).

• Knowledge of regulatory standards (SOX, SOC, GDPR, or similar).

• Experience with risk assessment, control design, and audit support.

• Ability to translate technical risk into business impact and executive-level messaging.

• Strong collaboration and stakeholder management across technology and business teams.

• High attention to detail with disciplined documentation practices.

• Able to travel up to 30%.

Pay Range

The pay range provided above is made in good faith and based on our lowest and highest annual salary or hourly rate paid for the role and takes into account years of experience required, geography, and/or budget for the role.

Teammate Benefits & Total Well-Being

We go beyond standard benefits, focusing on the total well-being of our teammates, including:

• Health Benefits: Medical/Rx, Dental, Vision, Life Insurance, Disability Insurance
• Financial Benefits: ESPP; 401k; Student Loan Assistance; Tuition Reimbursement
• Mental Health & Wellness: Free Mental Health & Enhanced Advocacy Services
• Beyond Benefits: Paid Time Off, Holidays, Preferred Partner Discounts and more.

Not reflective of all benefits. Enrollment waiting periods or eligibility criteria may apply to certain benefits. Benefit details and offerings may vary for subsidiary entities or in specific geographic locations.

The Power To Be Yourself

As an Equal Opportunity Employer, we are committed to fostering an inclusive environment comprised of people from all backgrounds, with a variety of experiences and perspectives, guided by our Diversity, Inclusion & Belonging (DIB) motto, “The Power to Be Yourself”.