Information Security GRC Analyst/UKHC at University of Kentucky – Lexington, Kentucky

BA/BS

3 yrs

None

The physical requirements of this position include: Mobility to work from several locations depending on business needs; occasionally lifting, pushing, and/or pulling objects up to 50lbs; occasionally standing or walking with objects up to 10lbs; regularly sitting at a computer workstation for extended periods of time with regular repetitive motions (such as typing); occasionally dealing with combative/violent people; and occasional job-related travel.

Primarily Monday through Friday 8am-5pm, with evening, night, and weekend requirements per departmental needs.

Responsible for supporting IT governance, risk management, and compliance (GRC) activities across the organization. Provides monitoring, documentation, and reporting to ensure alignment with policies, regulatory requirements, and industry standards. Assists in risk assessments, compliance reviews, and audit preparation. Coordinates with IT teams, business stakeholders, and vendors to support security control implementation. Contributes to process improvements and helps maintain the organization’s overall security posture. Essential Functions: • Supports governance activities by documenting IT policies, procedures, and compliance evidence. • Assists in conducting risk assessments and compliance reviews for systems, applications, and vendors. • Monitors security and compliance metrics, reporting findings to senior analysts or management. • Tracks remediation of identified risks and follows up with stakeholders to ensure timely resolution. • Prepares materials for internal and external audits, supporting audit readiness and evidence collection. • Collaborates with IT and business teams to ensure adherence to regulatory requirements (HIPAA, SOX, PCI-DSS, GDPR, etc.). • Assists in evaluating third-party vendor contracts for security and compliance requirements. • Contributes to security awareness and compliance training efforts for employees and staff. • Participates in continuous improvement of GRC processes and documentation practices. • Performs other duties as assigned. Please note: Effective 7/1/2026, this position will be titled Information Security Governance, Risk, and Compliance Analyst and will report through Information Technology Services in Beyond Blue.

Bachelor’s degree in cybersecurity, computer science, or a related field.

We value the well-being of each of our employees and are dedicated to creating a healthy place for everyone to work, learn and live. In the interest of maintaining a safe and healthy environment for our students, employees, patients and visitors, the University of Kentucky is a Tobacco & Drug Free campus.

The University follows both the federal and state Constitutions as well as all applicable federal and state laws on nondiscrimination. The University provides equal opportunities for qualified persons in all aspects of institutional operations and does not discriminate on the basis of race, color, national origin, ethnic origin, religion, creed, age, physical or mental disability, veteran status, uniformed service, political belief, sex, sexual orientation, gender identity, gender expression, pregnancy, marital status, genetic information or social or economic status.

Any candidate offered a position may be required to pass pre-employment screenings as mandated by University of Kentucky Human Resources. These screenings may include a national background check and/or drug screen.