Information Security GRC Analyst Sr/UKHC in Lexington, Kentucky at University of Kentucky

5 yrs

CISA (Certified Information Systems Auditor) or CRISC (Certified in Risk and Information Systems Control) or equivalent certification.

The physical requirements of this position include: Mobility to work from several locations depending on business needs; occasionally lifting, pushing, and/or pulling objects up to 50lbs; occasionally standing or walking with objects up to 10lbs; regularly sitting at a computer workstation for extended periods of time with regular repetitive motions (such as typing); occasionally dealing with combative/violent people; and occasional job-related travel.

Primarily Monday through Friday 8am-5pm, with evening, night, and weekend requirements per departmental needs.

Responsible for conducting risk assessments, gap analysis and compliance initiatives across the organization in alignment with NIST, HIPAA, GDPR, etc. Creates reports and presentations for reporting to senior management. Coordinates with IT teams, business stakeholders, and vendors to support security control implementation and remediation of findings. Contributes to process improvements and helps maintain the organization’s overall security posture. Mentors and trains other analysts to support knowledge transfer and enhance team effectiveness. This position is hybrid.

Essential Functions:
• Conducts risk assessments, gap analysis, and compliance initiatives for departments, systems, applications and vendors.
• Prepares reports for senior management and advises on risk mitigation.
• Evaluates controls and compensating controls and ensures that remediation plans are acceptable and in place.
• Communicates and implements control framework and automation.
• Tracks remediation of identified risks and collaborates with stakeholders to ensure timely resolution.
• Maintains security and compliance metrics, reporting findings to management.
• Prepares materials for internal and external audits, supporting audit readiness and evidence collection.
• Collaborates with IT and business teams to ensure adherence to regulatory requirements (HIPAA, SOX, PCI-DSS, GDPR, etc.).
• Participates in continuous improvement of GRC processes and documentation practices.
• Performs other duties as assigned.

N/A

Bachelor’s degree in cybersecurity, computer science, or a related field.

We value the well-being of each of our employees and are dedicated to creating a healthy place for everyone to work, learn and live. In the interest of maintaining a safe and healthy environment for our students, employees, patients and visitors, the University of Kentucky is a Tobacco & Drug Free campus.

The University follows both the federal and state Constitutions as well as all applicable federal and state laws on nondiscrimination. The University provides equal opportunities for qualified persons in all aspects of institutional operations and does not discriminate on the basis of race, color, national origin, ethnic origin, religion, creed, age, physical or mental disability, veteran status, uniformed service, political belief, sex, sexual orientation, gender identity, gender expression, pregnancy, marital status, genetic information or social or economic status.

Any candidate offered a position may be required to pass pre-employment screenings as mandated by University of Kentucky Human Resources. These screenings may include a national background check and/or drug screen.