The Governance, Risk, and Compliance (GRC) Analyst is responsible for assessing, documenting, and reporting on the compliance and risk posture of the institution as it relates to information assets.
The purpose of this position is to provide highly skilled technical and information security expertise for development and implementation of the information security risk management function. Responsibilities require leadership and project management experience, as well as expertise to ensure effective system-wide security analysis; intrusion detection; standards and testing; risk assessment; awareness and education; and development of policies, standards, and guidelines.
Additionally, this position will serve as a liaison to internal and external auditors to facilitate the response to inquiries and requests for materials during audit cycles.
At least five years of work experience in an Information Technology role.
At least two years of work experience in an Information Security role.
Strong project management skills and experience in creating and managing project plans, including budgeting and resource allocation.
Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.
Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
An understanding of operating system internals and network protocols.
Familiarity with information security management frameworks including but not limited to: International Standards Organization (ISO) 2700x, IT Infrastructure Library (ITIL), Center for Internet Security (CIS) Controls, and the NIST Cybersecurity Framework (CSF).
Familiarity with applicable legal and regulatory requirements, including but not limited to: Gramm-Leach-Bliley Act (GLBA), the U.S. Health Insurance Portability and Accountability Act (HIPAA), the Family Educational Rights and Privacy Act (FERPA), the Payment Card Industry Data Security Standard (PCI DSS), and similar state of Illinois acts, statutes, and agency rules.
Excellent oral and written communication skills.
Bachelor’s degree in information systems, information security, information technology, or a closely related field
Information security experience in higher education or state/local government
Information security related training or certifications such as CISSP or CRISC
Information Technology Infrastructure Library (ITIL) Foundation certification
Experience performing information security audits or risk assessments
$55,000 - $70,000 annual
ISU Jobs Website
Illinois State University