Cybersecurity GRC Team Lead

About The Position

Requirements

• U.S. Citizen, resident, or officially recognized asylee - Applicant selected will be subject to government security investigation and must meet eligibility requirements for access to classified information at the level appropriate to the project requirements of the position.
• Minimum of 5 years of experience in cybersecurity, risk management, compliance, or audit, with at least 2 years of leadership or supervisory experience.
• Demonstrated experience with multiple compliance frameworks, including NIST 800-171, NIST 800-53, HIPAA, PCI-DSS, or similar.
• Strong understanding of controlled research requirements, particularly CUI, DFARS, and CMMC frameworks.
• Excellent verbal and written communication skills, including the ability to explain regulatory requirements to technical and non-technical audiences.
• Experience creating, managing, or reviewing compliance documentation such as SSPs, POA&Ms, or risk registers.
• Proven ability to manage and prioritize multiple projects across a distributed team.
• Familiarity with GRC platforms or tooling (e.g., IsoraGRC, ServiceNow GRC).
• Relevant education and experience may be substituted as appropriate.
• Must maintain Internet service and a mobile phone with voice and data plans to be used when required for work.
• Must be authorized to work in the United States on a full-time basis for any employer without sponsorship (e.g., US citizen, US resident, US asylee).

Nice To Haves

• Experience working in higher education or academic research settings.
• Experience with CMMC Level 2 compliance readiness or pre-assessments.
• Experience managing or mentoring a cybersecurity or compliance team.
• Certifications such as CISSP, CAP, CISM, CISA, or relevant NIST/CMMC credentials.
• Familiarity with UT Austin’s information security policies, research infrastructure, or compliance structure.

Responsibilities

• Lead and manage a team of cybersecurity GRC analysts responsible for: Supporting the Controlled Research Program and ensuring alignment with CUI-related frameworks (e.g., NIST 800-171, CMMC, DFARS, ITAR)
• Conducting risk assessments, gap analyses, control reviews, and compliance documentation for enterprise-wide regulatory frameworks, such as HIPAA, PCI-DSS, NIST 800-53, GLBA, and others.
• Advising on appropriate security controls, documenting implementation strategies, and helping units align with both external requirements and internal policy.
• Oversee development and maintenance of security compliance documentation including System Security Plans (SSPs), POA&Ms, risk registers, and internal/external audit response materials.
• Work with stakeholders across the institution—including IT leadership, research administration, legal, and compliance offices—to interpret regulatory requirements and provide practical guidance.
• Serve as a liaison between the ISO and external auditors, assessors, and institutional compliance teams.
• Maintain awareness of emerging regulatory requirements (e.g., new CMMC versions, updated HIPAA guidance, changes in PCI-DSS) and proactively update practices and communications.
• Guide and mentor team members, supporting both professional development and technical growth.
• Participate in strategic planning and contribute to the long-term vision of a cohesive, risk-informed GRC program that supports research and administrative operations.
• Ensure continuous improvement of GRC processes, templates, and tools; support GRC platform management (e.g., IsoraGRC).
• Perform other duties as assigned to support the Information Security Office’s mission.

Benefits

• Competitive health benefits (employee premiums covered at 100%, family premiums at 50%)
• Voluntary Vision, Dental, Life, and Disability insurance options
• Generous paid vacation, sick time, and holidays
• Teachers Retirement System of Texas, a defined benefit retirement plan, with employer matching funds
• Additional Voluntary Retirement Programs: Tax Sheltered Annuity 403(b) and a Deferred Compensation program 457(b)
• Flexible spending account options for medical and childcare expenses
• Robust free training access through LinkedIn Learning plus professional conference opportunities
• An exclusive incentive pay program
• A great physical office space should you prefer to work from campus
• Tuition assistance
• Expansive employee discount program including athletic tickets
• Free access to UT Austin's libraries and museums with staff ID card
• Free rides on all UT Shuttle and Austin CapMetro buses with staff ID card