Job Description

Extended Job Title
Ent Security GRC Analyst I - IT

Org Level 1
Texas Tech Univ Health Sciences Ctr

Org Level 7
171402 - Security and Risk Lbk

Position Description
The Enterprise Security Analyst I's scope of responsibility includes information security management at the enterprise level. This includes ensuring that necessary safeguards are present, operational, and effective. Discretion and sound judgment is expected. Enterprise positions are restricted for use in central IT Division areas reporting to the institutional CIO and, as such, may interface with key IT leadership and/or other functional leadership from the Texas Tech University System institutions.

Requisition ID

Travel Required

Major/Essential Functions
  • Assist in the development and implementation of system-wide risk management functions of the information security program to ensure information security risks are identified and monitored.

  • Internally assess, evaluate and make recommendations to management regarding the adequacy of security controls for the information and technology systems.

  • Assist in developing and maintaining Key Performance Indicators (KPIs), Key Risk Indicators (KRIs), and  Key Control Effectiveness Indicator (KCI) for the IT Governance Program and initiatives.

  • Support the system-wide information security compliance program, ensuring IT activities, processes and procedures meet and support the defined policies, procedures and processes.

  • Develop and implement effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legal and regulatory interpretation.

  • Implement strategies and project plans for dealing with audits, compliance checks, external assessment processes for internal and external auditors related to information security programs.

  • Provide guidance, evaluation and input on responses to audits impacting information security programs.

  • Conduct Information Security due diligence on third party vendors to ensure adherence to organizational, regulatory or legal standards and respond to customer initiated requests for regulatory compliance information.

  • Develop routine reports in accordance with GRC metrics

  • Works with Supervisor to determine the acceptable level of risk for enterprise computing platforms.

  • Liaise with key functional teams to identify new applications and service providers in use and the associated security controls to secure the data.

  • Investigates incidents and events that include potential HIPAA and other data breaches, data leakage, brand reputational risks, system compromises etc.

  • Work with Supervisor to ensure the Information Security team stays abreast of new regulatory, legal and/or compliance data security requirements.

  • Ensure compliance with HIPAA and applicable legal and regulatory requirements.

  • Other Security GRC-related projects that may be assigned according to skills and organizational priorities.

  • Adheres to all appropriate Institutional policies (including IT OPs) and other relevant internal departmental policies.

Grant Funded?

Minimum Hire Rate

Pay Basis

Work Location

Preferred Qualifications
  • Knowledge of security and risk frameworks, standards, best practices (e.g., HITRUST CSF, NIST CSF, ISO/IEC 27001, COBIT) preferred.

  • Knowledge and understanding of governance, risk, compliance technology tools, solutions, and trends to improve work results.

  • Knowledge and understanding of the healthcare industry preferred

  • Experience working with and/or implementing Governance, Risk & Compliance (GRC) solutions.

  • Effective written and verbal communication skills and the ability to tailor communication style to the audience at hand.

  • Experience in coordination and execution of the audit lifecycle, including evidence collection, review, observation tracking, management response collection and auditor relations and communication.

  • Strong demonstration of problem-solving and decision-making ability.

  • Experience working on testing of IT controls across systems, databases, applications and operating systems.

  • Strong ability to frame and deliver messages based on experience and level of the listener.

  • Strong critical thinking skills to actively pursue opportunities to develop and implement solutions to solve work problems. Must be able to solve problems, handle conflict, and make effective decisions under pressure with a highly professional demeanor.

  • Strong organizational skills

  • Strong ability to adjust to changing priorities while multitasking effectively.

  • Self-directed and works with minimal guidance. Proactively seeks guidance when needed.

  • CISSP, CISA, or CISM certification is desired but not required.

HSC - Lubbock

Security and Risk Lbk

Required Attachments
Resume / CV

Job Type
Full Time

Pay Statement
Compensation is commensurate upon the qualifications of the individual selected and budgetary guidelines of the hiring department, as well as, the institutional pay plan. For additional information, please reference the institutional pay plan on the Human Resources webpage.

Job Group
Enterprise IT


EEO Statement

As an EEO/AA employer, the Texas Tech University System and its components will not discriminate in our employment practices based on an applicant’s race, ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, genetic information or status as a protected veteran.

Required Qualifications
Bachelor's degree with coursework in computer science, MIS, IT, or other related area OR a combination of related education and/or experience. 

Does this position work in a research laboratory?

Application Instructions

Please click on the link below to apply for this position. A new window will open and direct you to apply at our corporate careers page. We look forward to hearing from you!

Apply Online