Shuvel Digital
Description:
The IT Risk and Compliance Analyst will carry out IT security assessment activities, including IT risk assessments and security reviews for university departments, as well as evaluations of third-party technology solutions, to ensure alignment with university policies, standards, and external compliance regulations. Assessment activities may include developing asset inventories, assessing endpoint and application security controls and configurations, examining procedures, and more. The analyst will contribute to creating and maintaining documentation and procedures for the IT Risk and Compliance program, and should identify opportunities for automation to improve data consistency and process efficiency. The analyst may also provide training and outreach to the university community, coordinate updates for the IT Continuity of Operations plan, and assist units with disaster recovery planning and other security initiatives. This role is vital for managing audit processes and risk mitigation efforts to ensure accurate reporting and communication of the university's risk and compliance posture.
Risk Management:
Organize and execute annual risk control self-assessments.
Establish and maintain open communication channels with stakeholders.
Assist in identifying potential risks and treatment strategies.
Become proficient with the ServiceNow IRM module.
Provide input and guidance on risk mitigation.
Maintain an accurate and comprehensive risk register.
Compliance Management:
Create, update, and maintain policies, procedures, and standards.
Assist in identifying appropriate IT General Controls (ITGC).
Help develop and validate control metrics.
Lead internal audit processes for control validation.
Assist with achieving and maintaining compliance with industry and business requirements.
Requirements:
Bachelor's degree in business, information technology, accounting, or a related field, or equivalent experience.
Experience performing IT security reviews, risk assessments, or audits.
Strong understanding of key information security concepts.
Experience in promoting security awareness across technical teams.
Knowledge of security frameworks such as NIST, PCI-DSS, ISO 27001, CIS Controls.
Effective communication skills across diverse audiences.
Preferred Qualifications:
Advanced degree in a related field.
Professional certifications like CISA, CISM, CRISC, CISSP.
Experience assessing SaaS security.
Knowledge of compliance regulations like FERPA, GLBA.
Experience with GRC and security tools (ServiceNow, OneTrust, Lockpath).
Skills in data analysis and scripting (Python, PowerShell, Bash).
Experience managing IT security risks in higher education.
#J-18808-Ljbffr
#J-18808-Ljbffr