University of Arkansas
Director, Cybersecurity Governance, Risk and Compliance
University of Arkansas, Fayetteville, Arkansas, us, 72702
Overview
Director, Cybersecurity Governance, Risk and Compliance. The Cybersecurity Governance, Risk, and Compliance (GRC) Director is a leadership position responsible for overseeing the university's cybersecurity governance, risk management, and compliance programs and staff. Reporting to the Chief Information Security Officer (CISO), the GRC Director ensures information security practices align with regulatory requirements, industry standards, and best practices. This role involves developing and implementing policies, conducting risk assessments, managing compliance initiatives, and fostering a culture of security awareness across the university. Responsibilities
Develop and maintain the university\'s cybersecurity governance framework, including policies, procedures, and standards. Conduct regular risk assessments and audits to identify and mitigate security risks. Ensure compliance with federal, state, and local regulations, as well as industry standards (e.g., NIST, PCI, GDPR, HIPAA, FERPA). Oversee the implementation of IT operations, applications, infrastructure, and data risk management strategies and controls. Collaborate with internal and external stakeholders, including the University Enterprise Risk Manager, to address compliance and risk management issues. Develop and deliver training programs to promote security awareness and compliance. Monitor and report on the university\'s cybersecurity risk posture and compliance status to senior leadership. Lead the response to regulatory inquiries and audits. Stay current with emerging cybersecurity threats, regulations, and best practices. Maintain regular, reliable, and non-disruptive attendance and foster collegial working relationships. Qualifications
Minimum Qualifications
Bachelor\'s degree in Computer Science, Information Technology, Cybersecurity, or a related field At least five (5) years of experience in cybersecurity governance, risk management, and compliance, with a minimum of three (3) years in a leadership and management role Professional certifications such as CISSP, CISM, CRISC, CGRC, or CISA Strong knowledge of information security frameworks, standards, and best practices as evidenced by application materials Experience with risk assessment methodologies and compliance management Preferred Qualifications
Master\'s degree in a related field Experience working in a higher education environment Additional certifications such as CGEIT, CIPT, or CIPM Experience with cloud security and privacy Knowledge of data protection regulations such as GDPR, HIPAA, and FERPA Proven track record of successfully managing compliance initiatives and risk management programs Knowledge, Skills, and Abilities
In-depth understanding of cybersecurity governance, risk management, and compliance principles Excellent communication and interpersonal skills Strong analytical and problem-solving skills Ability to lead and motivate a team of security professionals Excellent project management skills, with the ability to manage multiple projects simultaneously Strong understanding of privacy laws and regulations Ability to communicate complex security concepts to non-technical stakeholders High level of integrity and ethical conduct Salary and Benefits
Salary Information: $114,205 - $148,466; Commensurate with education and experience Benefits: University contributions to health, dental, life and disability insurance, tuition waivers for employees and families, 12 official holidays, immediate leave accrual, and retirement programs with university contributions 5–10% of salary Application Information
Required Documents To Apply: Cover Letter/Letter of Application, List of three Professional References (name, email, business title), Resume Optional Documents: Proof of Veteran Status Recruitment Contact: Crystal Ellis, Strategic Talent Acquisition Specialist, ce031@uark.edu All application materials must be uploaded to the University of Arkansas System Career Site Disability accommodations information and general application assistance are available. Applicants should submit a request per position. The University of Arkansas is an equal opportunity employer. Background checks may be required as part of pre-employment screening. For more information, review the Special Instructions to Applicants and the University\'s Title IX and equal opportunity statements. Details
Seniority level: Director Employment type: Full-time Job function: Information Technology Industries: Higher Education
#J-18808-Ljbffr
Director, Cybersecurity Governance, Risk and Compliance. The Cybersecurity Governance, Risk, and Compliance (GRC) Director is a leadership position responsible for overseeing the university's cybersecurity governance, risk management, and compliance programs and staff. Reporting to the Chief Information Security Officer (CISO), the GRC Director ensures information security practices align with regulatory requirements, industry standards, and best practices. This role involves developing and implementing policies, conducting risk assessments, managing compliance initiatives, and fostering a culture of security awareness across the university. Responsibilities
Develop and maintain the university\'s cybersecurity governance framework, including policies, procedures, and standards. Conduct regular risk assessments and audits to identify and mitigate security risks. Ensure compliance with federal, state, and local regulations, as well as industry standards (e.g., NIST, PCI, GDPR, HIPAA, FERPA). Oversee the implementation of IT operations, applications, infrastructure, and data risk management strategies and controls. Collaborate with internal and external stakeholders, including the University Enterprise Risk Manager, to address compliance and risk management issues. Develop and deliver training programs to promote security awareness and compliance. Monitor and report on the university\'s cybersecurity risk posture and compliance status to senior leadership. Lead the response to regulatory inquiries and audits. Stay current with emerging cybersecurity threats, regulations, and best practices. Maintain regular, reliable, and non-disruptive attendance and foster collegial working relationships. Qualifications
Minimum Qualifications
Bachelor\'s degree in Computer Science, Information Technology, Cybersecurity, or a related field At least five (5) years of experience in cybersecurity governance, risk management, and compliance, with a minimum of three (3) years in a leadership and management role Professional certifications such as CISSP, CISM, CRISC, CGRC, or CISA Strong knowledge of information security frameworks, standards, and best practices as evidenced by application materials Experience with risk assessment methodologies and compliance management Preferred Qualifications
Master\'s degree in a related field Experience working in a higher education environment Additional certifications such as CGEIT, CIPT, or CIPM Experience with cloud security and privacy Knowledge of data protection regulations such as GDPR, HIPAA, and FERPA Proven track record of successfully managing compliance initiatives and risk management programs Knowledge, Skills, and Abilities
In-depth understanding of cybersecurity governance, risk management, and compliance principles Excellent communication and interpersonal skills Strong analytical and problem-solving skills Ability to lead and motivate a team of security professionals Excellent project management skills, with the ability to manage multiple projects simultaneously Strong understanding of privacy laws and regulations Ability to communicate complex security concepts to non-technical stakeholders High level of integrity and ethical conduct Salary and Benefits
Salary Information: $114,205 - $148,466; Commensurate with education and experience Benefits: University contributions to health, dental, life and disability insurance, tuition waivers for employees and families, 12 official holidays, immediate leave accrual, and retirement programs with university contributions 5–10% of salary Application Information
Required Documents To Apply: Cover Letter/Letter of Application, List of three Professional References (name, email, business title), Resume Optional Documents: Proof of Veteran Status Recruitment Contact: Crystal Ellis, Strategic Talent Acquisition Specialist, ce031@uark.edu All application materials must be uploaded to the University of Arkansas System Career Site Disability accommodations information and general application assistance are available. Applicants should submit a request per position. The University of Arkansas is an equal opportunity employer. Background checks may be required as part of pre-employment screening. For more information, review the Special Instructions to Applicants and the University\'s Title IX and equal opportunity statements. Details
Seniority level: Director Employment type: Full-time Job function: Information Technology Industries: Higher Education
#J-18808-Ljbffr