State Universities Civil Service System

Employment Opportunities
Job Details

Governance, Risk, and Compliance Analyst

University/Agency Illinois State University
Civil Service Classification Information Technology Technical Associate
View Class Spec Details
Posting Duration 11/23/2021 - 12/6/2021
Probationary Period 12 months

Job Description

The Governance, Risk, and Compliance (GRC) Analyst is responsible for assessing, documenting, and reporting on the compliance and risk posture of the institution as it relates to information assets.

The purpose of this position is to provide highly skilled technical and information security expertise for development and implementation of the information security risk management function. Responsibilities require leadership and project management experience, as well as expertise to ensure effective system-wide security analysis; intrusion detection; standards and testing; risk assessment; awareness and education; and development of policies, standards, and guidelines.

Additionally, this position will serve as a liaison to internal and external auditors to facilitate the response to inquiries and requests for materials during audit cycles.


Required Qualifications
At least five years of work experience in an Information Technology role.
At least two years of work experience in an Information Security role.
Strong project management skills and experience in creating and managing project plans, including budgeting and resource allocation.
Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.
Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
An understanding of operating system internals and network protocols.
Familiarity with information security management frameworks including but not limited to: International Standards Organization (ISO) 2700x, IT Infrastructure Library (ITIL), Center for Internet Security (CIS) Controls, and the NIST Cybersecurity Framework (CSF).
Familiarity with applicable legal and regulatory requirements, including but not limited to: Gramm-Leach-Bliley Act (GLBA), the U.S. Health Insurance Portability and Accountability Act (HIPAA), the Family Educational Rights and Privacy Act (FERPA), the Payment Card Industry Data Security Standard (PCI DSS), and similar state of Illinois acts, statutes, and agency rules.
Excellent oral and written communication skills.

Desired Qualifications
Bachelor’s degree in information systems, information security, information technology, or a closely related field
Information security experience in higher education or state/local government
Information security related training or certifications such as CISSP or CRISC
Information Technology Infrastructure Library (ITIL) Foundation certification
Experience performing information security audits or risk assessments


$55,000 - $70,000 annual


ISU Jobs Website

Contact Information

University/Agency Illinois State University
Department/College Human Resources
Contact Kira Shelton
Phone Number 309-438-8311
Comments Please fully complete the entire application including, but not limited to, the education and work experience portions. Please list all education and all jobs you have had. Do not leave gaps in employment. You must list all duties you performed in the job duties section (Phrases such as "See Resume" are not acceptable). Failure to follow any of these instructions may constitute an incomplete application. Incomplete applications will not be considered.

In order to be eligible for Veteran's Preference points on the exam, a copy of your DD-214 must be submitted prior to the application deadline.

DD-214 paperwork may be faxed or mailed to Human Resources by the application deadline:

Fax: 309.438.0011, Attn: Kira Shelton
Address: Illinois State University
Human Resources
Campus Box 1300
Normal, IL 61790-1300

The Civil Service examination for this classification is based on your application materials. No participation other than submission of applicant materials is required from applicants that qualify to take the exam. If you meet the minimum required qualifications for this position, you will receive a score calculated based on your education and experience, and your name will be placed on the active employment register by exam score. After the application deadline, the names within the top three scores will be referred to the department for interview. The active register for this classification will be voided when the position is filled.