Employment Opportunities
Job Details

Job Description

The Governance, Risk, and Compliance (GRC) Analyst is responsible for assessing, documenting, and reporting on the compliance and risk posture of the institution as it relates to information assets.

The purpose of this position is to provide highly skilled technical and information security expertise for development and implementation of the information security risk management function. Responsibilities require leadership and project management experience, as well as expertise to ensure effective system-wide security analysis; intrusion detection; standards and testing; risk assessment; awareness and education; and development of policies, standards, and guidelines.

Additionally, this position will serve as a liaison to internal and external auditors to facilitate the response to inquiries and requests for materials during audit cycles.

Qualifications

Required Qualifications
At least five years of work experience in an Information Technology role.
At least two years of work experience in an Information Security role.
Strong project management skills and experience in creating and managing project plans, including budgeting and resource allocation.
Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.
Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
An understanding of operating system internals and network protocols.
Familiarity with information security management frameworks including but not limited to: International Standards Organization (ISO) 2700x, IT Infrastructure Library (ITIL), Center for Internet Security (CIS) Controls, and the NIST Cybersecurity Framework (CSF).
Familiarity with applicable legal and regulatory requirements, including but not limited to: Gramm-Leach-Bliley Act (GLBA), the U.S. Health Insurance Portability and Accountability Act (HIPAA), the Family Educational Rights and Privacy Act (FERPA), the Payment Card Industry Data Security Standard (PCI DSS), and similar state of Illinois acts, statutes, and agency rules.
Excellent oral and written communication skills.

Desired Qualifications
Bachelor’s degree in information systems, information security, information technology, or a closely related field
Information security experience in higher education or state/local government
Information security related training or certifications such as CISSP or CRISC
Information Technology Infrastructure Library (ITIL) Foundation certification
Experience performing information security audits or risk assessments

Salary

$55,000 - $70,000 annual

Links

ISU Jobs Website

Contact Information

University/Agency	Illinois State University
Department/College	Human Resources
Contact	Kira Shelton
Phone Number	309-438-8311
Address
Comments	Please fully complete the entire application including, but not limited to, the education and work experience portions. Please list all education and all jobs you have had. Do not leave gaps in employment. You must list all duties you performed in the job duties section (Phrases such as "See Resume" are not acceptable). Failure to follow any of these instructions may constitute an incomplete application. Incomplete applications will not be considered. In order to be eligible for Veteran's Preference points on the exam, a copy of your DD-214 must be submitted prior to the application deadline. DD-214 paperwork may be faxed or mailed to Human Resources by the application deadline: Fax: 309.438.0011, Attn: Kira Shelton Address: Illinois State University Human Resources Campus Box 1300 Normal, IL 61790-1300 The Civil Service examination for this classification is based on your application materials. No participation other than submission of applicant materials is required from applicants that qualify to take the exam. If you meet the minimum required qualifications for this position, you will receive a score calculated based on your education and experience, and your name will be placed on the active employment register by exam score. After the application deadline, the names within the top three scores will be referred to the department for interview. The active register for this classification will be voided when the position is filled.