Cybersecurity GRC Analyst

Job Posting Title:Cybersecurity GRC Analyst* ---Hiring Department:Information Security Office* ---Position Open To:All Applicants* ---Weekly Scheduled Hours:40* ---FLSA Status:Exempt* ---Earliest Start Date:Immediately* ---Position Duration:Expected to Continue* ---Location:AUSTIN, TX* ---Job Details:General NotesSo.. Do you enjoy thinking about how many jellybeans could fit into a Boeing 747? Do you have strong feelings about how to store Tupperware, how to work a jigsaw puzzle, or when to use an Oxford comma?

Do you sometimes think your Excel skills could be weaponized for the good of society? Do you possess an uncanny ability to spot things that are uneven, unlevel, or out of plumb? Are your perpetually annoyed that eggs are in the grocery's dairy section?

Me neither, but if you are still reading, you might be a good fit for our team.The Cybersecurity Governance, Risk, and Compliance (GRC) Analyst will support cybersecurity, compliance, risk, and information security program initiatives for the UT Austin Information Security Office (UTISO). This person will work closely with the UTISO and campus partners to provide support for security controls, assessments, risk analysis, GRC tools, policies, processes, and industry framework review.The threat landscape we operate in is diverse and requires a diverse team to respond appropriately; therefore, please apply even if you are unsure if your experience is relevant. The most important ingredients for success on this team are a strong ability to think creatively about problems, very strong communication skills, and a passion to learn and share knowledge.You will get to work with a very intelligent and dedicated team to address enterprise cybersecurity challenges through novel approaches in an office that highly values work-life balance, the freedom to explore out of the box ideas, and serving others.Most importantly, you will help take our tools and ideas to the next level.

What starts here changes the world!Your skills will make a difference.You'll be working for a university that is internationally recognized for our academic programs and research. Your work will contribute to operational excellence and enhance the student experience. If you're the type of person that wants to know your work has meaning and impact, you'll like working in our department and for UT Austin.

UT Austin provides an outstanding benefits package including but not limited to:* Competitive health benefits (employee premiums covered at 100%, family premiums at 50%)* Voluntary Vision, Dental, Life, and Disability insurance options* Generous paid vacation, sick time, and holidays* Teachers Retirement System of Texas, a defined benefit retirement plan, with employer matching funds* Additional Voluntary Retirement Programs: Tax Sheltered Annuity 403(b) and a Deferred Compensation program 457(b)* Flexible spending account options for medical and childcare expenses* Robust free training access through LinkedIn Learning plus professional conference opportunities* Tuition Assistance* Expansive employee discount program including athletic tickets* Free access to UT Austin's libraries and museums with staff ID card* Free rides on all UT Shuttle and Austin CapMetro buses with staff ID card* For more details, please see: https://hr.utexas.edu/prospective/benefits and https://hr.utexas.edu/current/services/my-total-rewards .Remote work allowed. Remote work for individuals who reside outside Texas but within the United States and its territories will be considered and requires Central Office approval.This position requires you to maintain Internet service and a mobile phone with voice and data plans to be used when required for work.Must be authorized to work in the United States on a full-time basis for any employer without sponsorship.PurposeThis position will support cybersecurity, compliance, risk, and information security program initiatives for the UTISO. This role will work closely with the UTISO and campus partners to provide support for security controls, assessments, risk analysis, GRC tools, policies, processes, and industry framework review.Responsibilities* Assess, evaluate, and make recommendations regarding the adequacy of the cybersecurity controls for the university's environment and business objectives* Develop policies, procedures, and processes based on audit findings or compliance framework requirements* Crosswalk controls across multiple security compliance frameworks and regulation to foster adoption and identify gaps* Advise and develop security standards, guidelines, and controls based on best practices and compliance frameworks* Analyze and suggest improvements for cybersecurity or IT controls in both design and operation effectiveness* Develop risk registers, aligned to NIST controls, and execute basic risk assessment and management practices* Perform various risk or compliance assessments to evaluate and improve campus compliance* Develop plans and tracking for non-compliance with applicable controls, POA&Ms, and monitoring remediation progress against agreed upon timelines* Evaluate new and existing technologies for compliance with information governance controls (e.g., access, authentication, encryption, logging, retention)* Perform other duties as assigned to best serve the UTISO's information security program.Required Qualifications* U.S.

Citizen, resident, or officially recognized asylee - Applicant selected will be subject to government security investigation and must meet eligibility requirements for access to classified information at the level appropriate to the project requirements of the position.* Minimum of 3 years of experience in a cybersecurity, audit, risk, compliance, or GRC role* Strong familiarity of common security and privacy frameworks and regulation (e.g. NIST 800-53, NIST 800-171, CIS, HIPAA, DFARS/CUI, HECVAT)* Strong familiarity and knowledge of fundamental cybersecurity or IT concepts (e.g., retention, data classification, change management, access control, asset management, third party risk)* Strong proficiency operating with a high degree of independence executing with excellent follow-through for assigned tasks, while also knowing when to stop, ask questions, and seek input from the team or management* Demonstrated ability to manage and execute numerous parallel activities in a fast-paced, dynamic team environment* Strong synchronous and asynchronous communication skills* Self-motivated to learn and share knowledge.Relevant education and experience may be substituted as appropriate.Preferred Qualifications* Experience with HIPAA, NIST 800-171 (CUI).* Experience with Splunk* Experience successfully working in a remote and/or hybrid work environments.Salary Range$125,000 + depending on qualificationsWorking Conditions* May work around standard office conditions* Repetitive use of a keyboard at a workstation* This position provides life/work balance with typically a 40-hour work week. Flexible work arrangements are available for this position.Required Materials* Resume/CV* 3 work references with their contact information; at least one reference should be from a supervisor* Letter of interestImportant for applicants who are NOT current university employees or contingent workers: You will be prompted to submit your resume the first time you apply, then you will be provided an option to upload a new Resume for subsequent applications.

Any additional Required Materials (letter of interest, references, etc.) will be uploaded in the Application Questions section; you will be able to multi-select additional files. Before submitting your online job application, ensure that ALL Required Materials have been uploaded. Once your job application has been submitted, you cannot make changes.Important for Current university employees and contingent workers: As a current university employee or contingent worker, you MUST apply within Workday by searching for Find UT Jobs.

If you are a current University employee, log-in to Workday, navigate to your Worker Profile, click the Career link in the left hand navigation menu and then update the sections in your Professional Profile before you apply. This information will be pulled in to your application. The application is one page and you will be prompted to upload your resume.

In addition, you must respond to the application questions presented to upload any additional Required Materials (letter of interest, references, etc.) that were noted above.#LI-Remote* ---Employment Eligibility:Regular staff who have been employed in their current position for the last six continuous months are eligible for openings being recruited for through University-Wide or Open Recruiting, to include both promotional opportunities and lateral transfers. Staff who are promotion/transfer eligible may apply for positions without supervisor approval.* ---Retirement Plan Eligibility:The retirement plan for this position is Teacher Retirement System of Texas (TRS), subject to the position being at least 20 hours per week and at least 135 days in length.* ---Background Checks:A criminal history background check will be required for finalist(s) under consideration for this position.* ---Equal Opportunity Employer:The University of Texas at Austin, as an equal opportunity/affirmative action employer, complies with all applicable federal and state laws regarding nondiscrimination and affirmative action. The University is committed to a policy of equal opportunity for all persons and does not discriminate on the basis of race, color, national origin, age, marital status, sex, sexual orientation, gender identity, gender expression, disability, religion, or veteran status in employment, educational programs and activities, and admissions.* ---Pay Transparency:The University of Texas at Austin will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant.

However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information.* ---Employment Eligibility Verification:If hired, you will be required to complete the federal Employment Eligibility Verification I-9 form. You will be required to present acceptable and original documents to prove your identity and authorization to work in the United States. Documents need to be presented no later than the third day of employment.

Failure to do so will result in loss of employment at the university.* ---E-Verify:The University of Texas at Austin use E-Verify to check the work authorization of all new hires effective May 2015. The university's company ID number for purposes of E-Verify is 854197. For more information about E-Verify, please see the following:* E-Verify Poster (English) [PDF]* E-Verify Poster (Spanish) [PDF]* Right To Work Poster (English) [PDF]* Right To Work Poster (Spanish) [PDF]* ---Compliance:Employees may be required to report violations of law under Title IX and the Jeanne Clery Disclosure of Campus Security Policy and Crime Statistics Act (Clery Act).

If this position is identified a Campus Security Authority (Clery Act), you will be notified and provided resources for reporting. Responsible employees under Title IX are defined and outlined in HOP-3031.The Clery Act requires all prospective employees be notified of the availability of the Annual Security and Fire Safety report. You may access the most recent report here or obtain a copy at University Compliance Services, 1616 Guadalupe Street, UTA 2.206, Austin, Texas 78701.