GRC Analyst Intermediate

University of Oklahoma•Norman, OK

9d•Onsite

About The Position

Join OU Information Technology and be part of a team that advances the University of Oklahoma’s purpose: We Change Lives. Our work supports student success, research innovation, operational excellence, and meaningful service to our university community. If you are driven to solve complex problems, strengthen critical systems, and use technology to create lasting impact across One OU, we invite you to bring your talent, curiosity, and commitment to a team where your work matters... The GRC Security Analyst is responsible for ensuring the organization's information systems and processes align with established cybersecurity, privacy, and regulatory standards. This role conducts in-depth security consultations and risk assessments to evaluate the effectiveness of security controls, identify vulnerabilities, and recommend mitigation strategies.

Requirements

Bachelor's Degree in Computer Science, Information Technology, or related discipline
3 years of experience in governance, risk, and compliance (GRC), cybersecurity, information assurance or related field
Experience or a combination of education & related experience can be considered in lieu of degree. A one-to-one ratio is used to determine the number of years of experience required in place of a degree.
No certifications or licenses required.

Nice To Haves

Ability to perform effectively in high-pressure, fast-paced environments.
In-depth understanding of cybersecurity frameworks and standards.
Strong verbal and written communication skills, with the ability to convey complex information clearly to both technical and non-technical audiences.
Excellent interpersonal and mentoring skills, with the ability to teach and guide others.
Familiarity with regulatory and compliance requirements.
Understanding of network and system architecture, including common security configurations and vulnerabilities.
Strong analytical and problem-solving skills for identifying security risks and evaluating mitigation strategies.
Skilled in using risk assessment and compliance tools, vulnerability scanners, and GRC platforms.
Ability to effectively interpret and apply security policies, procedures, and technical standards.
Ability to assess technical environments for compliance with security and privacy requirements.
Ability to maintain confidentiality and handle sensitive information with discretion.
Ability to adapt to changing technologies, threats, and regulatory landscapes.
Extended periods of sitting, working at a computer, and using a phone.
Requires sound judgment under pressure and the ability to manage multiple competing priorities effectively.
Occasional evening, weekend, or on-call availability during critical incidents or high-severity events.

Responsibilities

Ensuring the organization's information systems and processes align with established cybersecurity, privacy, and regulatory standards.
Conducting in-depth security consultations and risk assessments to evaluate the effectiveness of security controls, identify vulnerabilities, and recommend mitigation strategies.