IS GRC ANALYST

About The Position

Requirements

• Experience in information security, IT risk management, and/or third-party IT risk management.
• Experience assessing and documenting risk related to IT systems, applications, or third-party technology solutions.
• Working knowledge of IT and cybersecurity risk frameworks and assessment practices.
• Experience communicating risk assessment results through written reports or documentation.
• Experience working in a collaborative, cross-functional, or distributed environment.

Nice To Haves

• Bachelor’s degree in a related field.
• Strong analytical, organizational, and problem-solving skills.
• Experience conducting IT risk assessments
• Experience supporting IT audits or compliance efforts.
• Hands-on experience operationalizing GRC tools (e.g., OneTrust, ServiceNow)
• Experience in higher education
• Experience assessing IT risk related to emerging technologies such as artificial intelligence, cloud services, or data-driven platforms.
• Familiarity with applicable standards and regulatory requirements (e.g., NIST CSF, NIST SP 800-171, FERPA, GLBA, HIPAA).
• Professional certification (e.g., CISSP, CGRC, CRISC) or willingness to pursue one.

Responsibilities

• Enterprise IT Risk Management Contribute to the continuous improvement of UW’s IT risk management program by developing standardized processes, workflows, templates, and guidance.
• Identify, assess, document, and monitor IT risks affecting universities and shared services.
• Assist in the technical rollout and ongoing support of enterprise IT risk management tools.
• Assist in developing program reports, metrics, and summaries
• Third-Party IT Risk Management Conduct IT risk assessments of third-party vendors, services, and technology solutions.
• Develop written assessment reports to support informed IT risk decision making.
• Integrate emerging technology risks, including artificial intelligence and data privacy considerations, into third-party IT risk reviews.
• Policy and Audit Support Assist in the creation, and revision of enterprise information security policies, standards, and guidance.
• Align policies and standards with National Institute of Standards and Technology (NIST) Frameworks.
• Assist with coordinating internal and external risk assessments
• Track assessment and audit findings and support remediation efforts
• Analyze assessment, audit, and survey data to identify trends and opportunities for targeted improvements.
• Professional Development Stay informed of emerging technologies and evolving IT and cybersecurity risks.
• Continuously develop skills through training and professional development opportunities aligned with enterprise IT risk management and GRC practices

Benefits

• Universities of Wisconsin employees receive an excellent benefits package.
• To learn more about the benefits package, review the Faculty, Academic Staff & Limited Appointees or University Staff
• Please see this link for total compensation information: Universities of Wisconsin Health & Retirement Contributions Estimator to provide you with total compensation information.