GRC Analyst Intermediate

Required: Bachelors Degree in Computer Science Information Technology or related discipline AND:

• 3 years of experience in governance risk and compliance (GRC) cybersecurity information assurance or related field

Equivalency/Substitution: Experience or a combination of education & related experience can be considered in lieu of degree. A one-to-one ratio is used to determine the number of years of experience required in place of a degree.

Skills:

• Ability to perform effectively in high-pressure fast-paced environment.
• In-depth understanding of cybersecurity frameworks and standards
• Strong verbal and written communication skills with the ability to convey complex information clearly to both technical and non-technical audiences.
• Excellent interpersonal and mentoring skills with the ability to teach and guide others.
• Familiarity with regulatory and compliance requirements
• Understanding of network and system architecture including common security configurations and vulnerabilities
• Strong analytical and problem-solving skills for identifying security risks and evaluating mitigation strategies
• Skilled in using risk assessment and compliance tools vulnerability scanners and GRC platforms
• Ability to effectively interpret and apply security policies procedures and technical standards
• Ability to assess technical environments for compliance with security and privacy requirements
• Ability to maintain confidentiality and handle sensitive information with discretion
• Ability to adapt to changing technologies threats and regulatory landscapes

Certifications: None

Working Conditions:

• Requires extended periods of sitting working at a computer and using a phone.
• Requires sound judgment under pressure and the ability to manage multiple competing priorities effectively.
• Office Work Environment.
• Occasional evening weekend or on-call availability during critical incidents or high-severity events.

Departmental Preferences: None

Special Instructions: If you are selected as a final candidate for this position you will be subject to The University of Oklahoma Norman Campus Tuberculosis Testing policy. To view the policy visit You Belong at the University of Oklahoma: The University of Oklahoma values our communitys unique talents perspectives and experiences. At OU we aspire to harness our innovation creativity and collaboration for the advancement of people everywhere. You Belong Here!

Equal Employment Opportunity Statement: The University in compliance with all applicable federal and state laws and regulations does not discriminate on the basis of race color national origin sex sexual orientation marital status genetic information gender identity/expression (consistent with applicable law) age (40 or older) religion disability political beliefs or status as a veteran in any of its policies practices or procedures. This includes but is not limited to admissions employment housing financial aid and educational services.

Responsible for ensuring the organizations information systems and processes align with established cybersecurity privacy and regulatory standards. This role conducts in-depth security consultations and risk assessments to evaluate the effectiveness of security controls identify vulnerabilities and recommend mitigation strategies

Duties:

• Plan coordinate and facilitate IT disaster recovery (DR) tests and tabletop exercises; evaluate results against requirements and document findings.
• Develop and maintain auditable evidence of implemented security measures to support compliance and assurance activities.
• Conduct privacy impact assessments (PIAs) document risks and prepare formal reports with recommendations.
• Collect examine and preserve forensic images and other digital evidence using validated investigative techniques in support of research integrity investigations and incident response.
• Collaborate with vendors to coordinate incident response activities and ensure timely resolution of security events.
• Analyze digital evidence from security incidents to identify root causes assess vulnerabilities and recommend corrective actions.
• Review contracts data governance requests and system security plans (SSPs) to ensure alignment with cybersecurity privacy and regulatory requirements.
• Monitor relevant cybersecurity data privacy and legal regulations to provide informed recommendations and support compliance initiatives.
• Performs other duties as assigned