Cybersecurity GRC Analyst

About The Position

Requirements

• U.S. Citizen, resident, or officially recognized asylee - Applicant selected will be subject to government security investigation and must meet eligibility requirements for access to classified information at the level appropriate to the project requirements of the position.
• Minimum of 3 years of experience in cybersecurity, audit, compliance, risk management, or GRC, with at least 1 year involving NIST 800-171, DFARS, CUI, or similar compliance frameworks.
• Familiarity with controlled research environments and compliance programs such as CMMC, ITAR, or FISMA.
• Solid understanding of information security principles, IT governance, and technical controls (access management, system hardening, auditing, data protection, etc.).
• Strong analytical, documentation, and project management skills.
• Excellent interpersonal and communication skills to interface with a diverse campus community including researchers, IT staff, and administrators.
• Demonstrated ability to work independently and collaboratively in a fast-paced, distributed team environment.
• Strong synchronous and asynchronous communication skills
• Self-motivated to learn and share knowledge.
• Relevant education and experience may be substituted as appropriate.
• Must maintain Internet service and a mobile phone with voice and data plans to be used when required for work.
• Must be authorized to work in the United States on a full-time basis for any employer without sponsorship (e.g., US citizen, US resident, US asylee).

Nice To Haves

• Experience developing or maintaining System Security Plans (SSPs), POA&Ms, or other compliance documentation in research settings.
• Experience with CMMC Level 2 compliance initiatives or pre-assessment support.
• Familiarity with GRC platforms and tools (e.g., IsoraGRC).
• Experience supporting academic or research institutions in regulated environments.
• Knowledge of UT Austin’s research infrastructure, policies, and governance (a plus but not required).

Responsibilities

• Support and maintain the university’s cybersecurity GRC program, with a focus on research computing environments that handle Controlled Unclassified Information (CUI) or other regulated data.
• Coordinate and perform security assessments and risk evaluations of research systems and projects against applicable regulatory frameworks (e.g., NIST 800-171, CMMC, DFARS, ITAR).
• Collaborate with research IT, sponsored programs, legal, and research stakeholders to support secure and compliant research practices across the institution.
• Create, update, and cross-reference controls and documentation across multiple regulatory frameworks to support streamlined and unified GRC practices.
• Develop and maintain System Security Plans (SSPs), Plans of Action and Milestones (POA&Ms), and other required compliance documentation for research programs.
• Work with ISO staff to extend enterprise policies and GRC tooling to meet the specialized needs of controlled research.
• Provide consulting and support to researchers and administrators on CUI compliance requirements, secure system design, and data handling best practices.
• Track and manage identified compliance gaps and risks in alignment with risk management strategies and institutional priorities.
• Contribute to broader ISO GRC initiatives such as policy development, compliance reporting, and framework alignment activities.
• Stay up to date on emerging federal compliance regulations and frameworks related to controlled research and incorporate into institutional practices as appropriate.
• Perform other duties as assigned to support the ISO’s cybersecurity and compliance objectives.

Benefits

• Competitive health benefits (employee premiums covered at 100%, family premiums at 50%)
• Voluntary Vision, Dental, Life, and Disability insurance options
• Generous paid vacation, sick time, and holidays
• Teachers Retirement System of Texas, a defined benefit retirement plan, with employer matching funds
• Additional Voluntary Retirement Programs: Tax Sheltered Annuity 403(b) and a Deferred Compensation program 457(b)
• Flexible spending account options for medical and childcare expenses
• Robust free training access through LinkedIn Learning plus professional conference opportunities
• An exclusive incentive pay program
• A great physical office space should you prefer to work from campus
• Tuition assistance
• Expansive employee discount program including athletic tickets
• Free access to UT Austin's libraries and museums with staff ID card
• Free rides on all UT Shuttle and Austin CapMetro buses with staff ID card