GRC Analyst Intermediate

About The Position

Requirements

• Bachelors Degree in Computer Science, Information Technology, or related discipline, AND:
• 3 years of experience in governance, risk, and compliance (GRC), cybersecurity, information assurance or related field
• Equivalency/Substitution: Experience or a combination of education & related experience can be considered in lieu of degree. A one-to-one ratio is used to determine the number of years of experience required in place of a degree.
• Ability to perform effectively in high-pressure, fast-paced environment.
• In-depth understanding of cybersecurity frameworks and standards
• Strong verbal and written communication skills, with the ability to convey complex information clearly to both technical and non-technical audiences.
• Excellent interpersonal and mentoring skills, with the ability to teach and guide others.
• Familiarity with regulatory and compliance requirements
• Understanding of network and system architecture, including common security configurations and vulnerabilities
• Strong analytical and problem-solving skills for identifying security risks and evaluating mitigation strategies
• Skilled in using risk assessment and compliance tools, vulnerability scanners, and GRC platforms
• Ability to effectively interpret and apply security policies, procedures, and technical standards
• Ability to assess technical environments for compliance with security and privacy requirements
• Ability to maintain confidentiality and handle sensitive information with discretion
• Ability to adapt to changing technologies, threats, and regulatory landscapes

Responsibilities

• Plan, coordinate, and facilitate IT disaster recovery (DR) tests and tabletop exercises; evaluate results against requirements and document findings.
• Develop and maintain auditable evidence of implemented security measures to support compliance and assurance activities.
• Conduct privacy impact assessments (PIAs), document risks, and prepare formal reports with recommendations.
• Collect, examine, and preserve forensic images and other digital evidence using validated investigative techniques in support of research integrity investigations and incident response.
• Collaborate with vendors to coordinate incident response activities and ensure timely resolution of security events.
• Analyze digital evidence from security incidents to identify root causes, assess vulnerabilities, and recommend corrective actions.
• Review contracts, data governance requests, and system security plans (SSPs) to ensure alignment with cybersecurity, privacy, and regulatory requirements.
• Monitor relevant cybersecurity, data privacy, and legal regulations to provide informed recommendations and support compliance initiatives.
• Performs other duties as assigned