The Enterprise Governance Risk Compliance Analyst's I scope of responsibilities includes the enterprise-wide identification and assessment of risks; validation of internal controls; and assessment and validation of compliance with applicable state and federal laws, regulations, university operating policies, and industry standards to safeguard the institution's information resources. This position may also assist with training and development of team members and manage risk, compliance, and assurance projects.
The Enterprise Governance Risk Compliance Analyst may work with other departments and areas at tactical and strategic levels and may also interface with external community, stakeholders, vendors, and other partners in providing risk, compliance, and assurance services.
Discretion and sound judgment are expected. Enterprise positions are restricted for use in central IT Division areas reporting to the institutional CIO and, as such, may interface with key IT leadership and/or other functional leadership within the institutions.
- Ability to assess, document, make recommendations, and report information technology and related security risks and controls in accordance with legal requirements, standards, institutional policies and directives, and industry best practices.
- Ability to perform follow-up activities to validate implementation of remediation plans as part of the governance, risk, and compliance life cycle.
- Ability to work with internal and third-party assessors, auditors, and consultants as directed.
- Assist in the creation of governance, risk, and compliance metrics, analytics, and reports.
- Contribute to the advancement of the institution's governance, risk, and compliance program.
- Assist in the review of IT policies, procedures, standards, strategic plans, and contracts.
- Conduct GRC activities such as IT reviews, audits, and assessments as directed.
- May train and will provide support to team members and other staff regarding effective governance, risk, and compliance practices.
- Provide support to Texas Tech University's Enterprise IT Security team members.
- Assists with other relevant activities as requested by departmental and other IT Leadership.
- Maintains an active awareness of the evolving compliance and security threat landscapes. Maintains an active awareness of federal, state, and local regulations and policies.
- May assist with and may lead and/or manage projects involving internal and/or external team members.
- Interface with users, vendors, or other stakeholders. May interface with key IT leadership and/or other functional leadership from the Texas Tech University System institutions.
- Adheres to all appropriate institutional policies (including IT Ops) and other relevant internal department policies.
REQUIRED KNOWLEDGE,SKILLS, AND ABILITIES Ability to:
- Develop strategies and execute effective solutions within complex systems and environments.
- Exercise judgment based on an understanding of applicable laws, regulations, organizational policies, and activities.
- Plan and organize effectively, prioritize goals, use time efficiently, and stay on task.
- Communicate effectively, both orally and in writing.
- Establish and maintain effective work relationships.
- Apply specialized knowledge in information technology risk identification, assessment, and mitigation; controls validation; compliance verification; and policy governance.
Knowledge of:
- Information security risks, controls, & control validation techniques.
- Information security industry standards and frameworks (e.g., NIST, ISO, SANS, SDLC, etc.)
- Laws & regulations impacting information security (e.g., HIPAA, TAC 202, FERPA, PCI-DSS, etc.)
Bachelor's degree with coursework in cybersecurity, computer science, MIS, IT, business, or other related area plus three years related full-time paid experience OR a combination of related education and/or experience.