GRC Analyst  

Job Summary:

A Governance, Risk and Compliance Analyst is responsible for assessing and documenting all requirements of the organization for realignment with certain standards, performing risk and posture assessments, and maintaining and updating the I.T and Cybersecurity policy of the organization.

Duties and Responsibilities:

• Perform other duties assigned to ensure the smooth functioning of the department and maintain the reputation of the organization as a viable business partner
• Recommend programmatic and technical directions and operate with a high degree of independence in matters relating to the investigation, impact, and analysis of security incidents, decisions regarding risk, and measures for computer and network security
• Operate with a high degree of independence with regard to project management activities, including development of project plans and budget/resource estimates.
• Lead the development and implementation of the system-wide risk management function of the information security program to ensure information security risks are identified and monitored.
• Internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls for the Organization's information and technology systems.
• Lead the system-wide information security compliance program, ensuring IT activities, processes, and procedures meet defined requirements, policies and regulations.
• Develop and implement effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
• Execute strategy for dealing with increasing number of audits, compliance checks and external assessment processes for internal/external auditors, PCI DSS, ISO27001, DPA
• Interacts in both oral and written communications with all levels of System staff including; Computer center staff, developers and other ITS staff, campus technical staff, general counsel, auditors, and all System staff and students and technology vendors and contractors, in matters related to information security and security awareness materials.
• Work as Internal Audit, Legal Department, H.R Department and outside consultants as appropriate on required security assessments and audits
• Coordinate and track all information technology and security related audits including scope of audits, units involved, timelines, auditing agencies and outcomes. Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provide a consistent perspective that continually puts the institution in its best light. Provide guidance, evaluation and advocacy on audit responses.
• Familiarity with Incident Response, Business Continuity and Disaster Risk Management and Planning

• 2-3 years of advanced IT skills with high level of information security experience and expertise
• Knowledge of information security risk management frameworks and compliance practices.
• Knowledge of securing network technologies, client, and server operating systems.
• Ability to develop security standards and guidelines based on best practices and industry standards
• Experience responding to, analyzing, and communicating information security incidents
• 2 years of planning and managing security projects
• Excellent interpersonal, communication, and presentation skills, including formal report writing experience
• Understanding of common security standards and regulations relating to a higher education environment (e.g., PCI DSS, FERPA, ISO2700x, etc.)