GRC Analyst
Job Description
GRC Analyst
Job ID: 278769
Location: Augusta University
Full/Part Time: Full Time
Regular/Temporary:
*
About Us
Augusta University is Georgia's innovation center for education and health care, training the next generation of innovators, leaders, and healthcare providers in classrooms and clinics on four campuses in Augusta and locations across the state. More than 10,500 students choose Augusta for educational opportunities at the center of Georgia's cybersecurity hub and experiential learning that blends arts and application, humanities, and the health sciences. Augusta is home to Georgia's only public academic health center, where groundbreaking research is creating a healthier, more prosperous Georgia, and world-class clinicians are bringing the medicine of tomorrow to patient care today. Our mission and values make Augusta University an institution like no other.
The University System of Georgia is comprised of our 26 institutions of higher education and learning as well as the System Office. Our USG Statement of Core Values are Integrity, Excellence, Accountability, and Respect. These values serve as the foundation for all that we do as an organization, and each USG community member is responsible for demonstrating and upholding these standards. More details on the USG Statement of Core Values and Code of Conduct are available in USG Board Policy 8.2.18.1.2 and can be found online at https://www.usg.edu/policymanual/section8/C224/#p8.2.18_personnel_conduct.
Additionally, USG supports Freedom of Expression as stated in Board Policy 6.5 Freedom of Expression and Academic Freedom found online at https://www.usg.edu/policymanual/section6/C2653.
Location
Augusta University -
Our Health Sciences Campus: 1120 15th Street, Augusta, GA 30912
College/Department Information
The Division of Information Technology aims to deliver innovative, reliable, and secure services to support students, educators, clinicians, researchers, and administrators. As Augusta University's central IT provider, we manage essential IT resources such as the wired and wireless network, email, telephony, online collaboration tools, information security, software licensing, websites, and various other systems and applications.
Job Summary
The GRC Analyst contributes to the Augusta University Cybersecurity GRC management program. Perform risk assessments, evaluate, monitor and recommend mitigation controls In order to reduce identified risks. Utilizes their working knowledge of HIPAA, FERPA, PCI DSS, and GDPR to work collaboratively with risk management, internal auditing and other various technical teams in the design and implementation of audits, risk assessments and regulatory compliance practices for IT.
Must be able to assess computer hardware, software, and systems for security risks or violations and work with ITS and campus staff and technology vendors to recommend solutions. Must be able to assess the status of complex multi-location projects as well as Identify and implement appropriate corrective measures to resolve issues as they arise.
Experience working with Enterprise risk management and governance toolsets (Lockpath, MetricStream, Modulo, ZenGRC, etc.). Solid grasp of risk management concepts - impact, likelihood, ALE, SLE, ARO, threat, vulnerability, asset, risk identification, risk owner, risk profile, risk appetite. Is an individual contributor to audit, regulatory, and risk management activities across IT functional areas, such as the development and maintenance of regulatory documentation.
Responsibilities
Duties include, but are not limited to:
SECURITY CONTROLS ADEQUACY: Assess, evaluate, and make recommendations to management regarding the adequacy of the security controls for the University's Information and technology systems and services.
IMPLEMENTATION REVIEWS: Performs implementation reviews and renewals of contracts or projects to ensure Cybersecurity requirements are identified and fulfilled. Applies IT-related guidance throughout the total technology contract acquisition cycle. Conducts reviews of Contracts, Hardware, and Software for risk. Assesses risk and provides recommendations for remediation. Consults on project efforts by performing risk analysis and providing remediation advice and counsel.
COORDINATE & TRACK AUDITS: Coordinates and documents information technology and security audits, including scope of audits, colleges/units involved, timelines, auditing agencies, and findings. Coordinates with auditors as appropriate to keep audit focus in scope, maintains excellent relationships with audit entities, and advocates on all audit responses. Performs functions regarding audit, regulatory compliance, and risk management to include work with Internal Audit, State Board of Regents, Auditor General's Office, and outside consultants as appropriate on required security assessments and audits. Tracks auditing schedules and provides required responses to all auditing events. Provides input on all audit responses. Consults on projects efforts by performing risk analysis, remediation advice, and counsel.
DEVELOP TRAINING: Develops training for the security awareness program for the organization to include the design, development, implementation, and assessment of organizational security training, role-based training, Payment Card Industry (PCI), phishing, and all other training as required. Performs critical analysis of training data maintained in a software solution and provides executive leadership with detailed, consistent, and accurate trends and findings.
DEVELOP AND MAINTAIN IT STANDARDS: Assists with the development and maintenance of written IT policy, standards, guidelines, processes, and procedures as part of the organization's overall Cybersecurity and Compliance programs. Performs reviews of organizational policies on a rotational basis. Works closely with key stakeholders to review and improve upon policies to reach and maintain organizational goals and objectives.
OTHER DUTIES: Perform other duties as assigned.
Required Qualifications
Bachelor's degree from an accredited college or university in Cybersecurity or a related field of study and two (2) years of relevant work experience
OR
Associate's degree from an accredited college or university in Cybersecurity or a related field of study and four (4) years of relevant work experience
OR
DoD-affiliated service with five (5) years of relevant IT or Cybersecurity work experience.
Preferred Qualifications
Certified Information Systems Auditor
Certified in the Governance of Enterprise IT
Certified In Risk and Information Systems Control
Certified Information System Security Professional Certification
Knowledge, Skills, & Abilities
KNOWLEDGE
Proficient in Microsoft Office and other computer software/databases.
Knowledge of security and access control issues and standards in various environments and applications and system backup and data security techniques.
Knowledge of complex information technology security infrastructure hardware and software and of complex software applications running on LANS, PCs, and file servers.
Knowledge of cyber defense and Information security policies, procedures, and regulations and laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
Knowledge of training and education principles and methods for curriculum design, teaching, and instruction for individuals and groups and the measurement of training and education effects.
Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data and complex multi-user network systems utilizing PCs, routers, switches, and end servers.
SKILLS
Excellent interpersonal, written, and verbal communication skills.
Critical Thinking -Strong analytical and problem-solving skills; ability to evaluate data, assess alternatives, and make appropriate decisions/recommendations.
ABILITIES
Ability to maintain confidentiality.
Ability to develop security standards and guidelines based on best practices and industry standards.
Knowledge of the organization's risk tolerance and/or risk management approach and computer system support functions.
Excellent interpersonal, written, and verbal communication skills through formal presentations at the technical and non-technical levels.
Knowledge of common security standards and regulations relating to a higher education environment (e.g., PCI DSS, FERPA, IS02700x, etc.).
Knowledge of complex multi-user application programming technology and techniques, as well as troubleshooting and problem-resolution techniques.
Shift/Salary/Benefits
Shift: Days; Monday-Friday (work outside of normal business hours may be required)
Pay Band: B14
Salary: $75,300/annually
Salary to be commensurate with qualifications of the selected candidate within the established range (generally minimum-midpoint) of the position
Recruitment Period: Until Filled
Augusta University offers a variety of benefits to full-time benefits-eligible employees and some of our half-time (or more) employees.
Benefits that may be elected could include health insurance, dental insurance, life insurance, Teachers Retirement System (or Optional Retirement Plan), as well as earned vacation time, sick leave, and 13 paid holidays.
Also, our full-time employees who have been employed with us successfully for more than 6 months can be considered for the Tuition Assistance Program. Consider applying with us today!
Conditions of Employment
All selected candidates are required to successfully pass a Background Check review prior to starting with Augusta University.
If applicable for the specific position based on the duties: the candidate will also need to have a credit check completed for Positions of Trust and or approved departmental Purchase Card usage.
Motor vehicle reports are required for positions that are required to drive an Augusta University vehicle.
For Faculty Hires: Final candidates will be required to provide proof of completed academic degree(s) as well as post-secondary coursework in the form of original transcript(s). Those candidates trained by a foreign institution will also be required to provide an educational/credential evaluation.
All employees are responsible for ensuring the confidentiality, availability, and integrity of sensitive [patient, student, employee, financial, business, etc.] information by exercising sound judgment and adhering to cybersecurity and privacy policies during their employment and beyond.
Other Information
This position is also responsible for promoting a customer-friendly environment and providing superior service to our patients, students, faculty, and employees. "Augusta University is a patient-and family-centered care institution, where employees partner every day with patients and families for success."
Augusta University is a tobacco-free environment, and the use of any tobacco products on any part of the campus, both inside and outside, is strictly prohibited.
Equal Employment Opportunity
Augusta University is proud to be an equal opportunity employer welcoming applicants from underrepresented groups, including individuals with disabilities and veterans.
How To Apply
Consider applying with us today!
https://www.augusta.edu/hr/jobs/ Search Job ID: 278769
Select University Faculty & Staff > External Applicants if you are a candidate from outside the university
Select University Faculty & Staff > Internal Applicants if you are a current university employee
If you need further assistance, please contact us at 706-721-9365
To apply, visit https://careers.hprod.onehcm.usg.edu/psp/careers/CAREERS/HRMS/c/HRS_HRAM_FL.HRS_CG_SEARCH_FL.GBL?Page=HRS_APP_JBPST_FL&Action=U&FOCUS=Applicant&SiteId=12000&JobOpeningId=278769&PostingSeq=1
jeid-f96bfaf0356c4a489b26ccbef52922fb