Ent Security GRC Analyst I - IT
Ent Security GRC Analyst I - IT
Org Level 1
Texas Tech Univ Health Sciences Ctr
Org Level 7
171402 - Security and Risk Lbk
The Enterprise Security Analyst I's scope of responsibility includes information security management at the enterprise level. This includes ensuring that necessary safeguards are present, operational, and effective. Discretion and sound judgment is expected. Enterprise positions are restricted for use in central IT Division areas reporting to the institutional CIO and, as such, may interface with key IT leadership and/or other functional leadership from the Texas Tech University System institutions.
Assist in the development and implementation of system-wide risk management functions of the information security program to ensure information security risks are identified and monitored.
Internally assess, evaluate and make recommendations to management regarding the adequacy of security controls for the information and technology systems.
Assist in developing and maintaining Key Performance Indicators (KPIs), Key Risk Indicators (KRIs), and Key Control Effectiveness Indicator (KCI) for the IT Governance Program and initiatives.
Support the system-wide information security compliance program, ensuring IT activities, processes and procedures meet and support the defined policies, procedures and processes.
Develop and implement effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legal and regulatory interpretation.
Implement strategies and project plans for dealing with audits, compliance checks, external assessment processes for internal and external auditors related to information security programs.
Provide guidance, evaluation and input on responses to audits impacting information security programs.
Conduct Information Security due diligence on third party vendors to ensure adherence to organizational, regulatory or legal standards and respond to customer initiated requests for regulatory compliance information.
Develop routine reports in accordance with GRC metrics
Works with Supervisor to determine the acceptable level of risk for enterprise computing platforms.
Liaise with key functional teams to identify new applications and service providers in use and the associated security controls to secure the data.
Investigates incidents and events that include potential HIPAA and other data breaches, data leakage, brand reputational risks, system compromises etc.
Work with Supervisor to ensure the Information Security team stays abreast of new regulatory, legal and/or compliance data security requirements.
Ensure compliance with HIPAA and applicable legal and regulatory requirements.
Other Security GRC-related projects that may be assigned according to skills and organizational priorities.
Adheres to all appropriate Institutional policies (including IT OPs) and other relevant internal departmental policies.
Minimum Hire Rate
Knowledge of security and risk frameworks, standards, best practices (e.g., HITRUST CSF, NIST CSF, ISO/IEC 27001, COBIT) preferred.
Knowledge and understanding of governance, risk, compliance technology tools, solutions, and trends to improve work results.
Knowledge and understanding of the healthcare industry preferred
Experience working with and/or implementing Governance, Risk & Compliance (GRC) solutions.
Effective written and verbal communication skills and the ability to tailor communication style to the audience at hand.
Experience in coordination and execution of the audit lifecycle, including evidence collection, review, observation tracking, management response collection and auditor relations and communication.
Strong demonstration of problem-solving and decision-making ability.
Experience working on testing of IT controls across systems, databases, applications and operating systems.
Strong ability to frame and deliver messages based on experience and level of the listener.
Strong critical thinking skills to actively pursue opportunities to develop and implement solutions to solve work problems. Must be able to solve problems, handle conflict, and make effective decisions under pressure with a highly professional demeanor.
Strong organizational skills
Strong ability to adjust to changing priorities while multitasking effectively.
Self-directed and works with minimal guidance. Proactively seeks guidance when needed.
CISSP, CISA, or CISM certification is desired but not required.
HSC - Lubbock
Security and Risk Lbk
Resume / CV
Compensation is commensurate upon the qualifications of the individual selected and budgetary guidelines of the hiring department, as well as, the institutional pay plan. For additional information, please reference the institutional pay plan on the Human Resources webpage.
As an EEO/AA employer, the Texas Tech University System and its components will not discriminate in our employment practices based on an applicant’s race, ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, genetic information or status as a protected veteran.
Bachelor's degree with coursework in computer science, MIS, IT, or other related area OR a combination of related education and/or experience.
Does this position work in a research laboratory?