IT Security Engineer (GRC)

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Technology, or a related field.
• 2-4 years of experience in IT security, risk management, compliance or audit required.
• Strong understanding of GRC principles, risk assessment methodologies, and regulatory frameworks.
• Experience with security frameworks and standards (e.g., NIST, ISO 27001, SOC, PCI-DSS).
• Hands-on experience with GRC platforms (ServiceNow GRC, Archer, OneTrust, LogicGate, ZenGRC).
• Working knowledge of cloud platforms (Azure, AWS, or GCP) and associated security controls.
• Experience with Microsoft security platforms.
• Ability to efficiently collect, manage, and present audit evidence.
• Strong documentation, reporting, and policy development skills.
• Strong analytical, organizational, and problem-solving skills.
• Experience working in a collaborative, team-oriented environment.
• Exposure to ITIL fundamentals.
• Ability to support offsite events, including extended on-location assignments.
• This position will be based out of the national office in Indianapolis, Indiana.
• Current work environment is hybrid; 2 days in the office and 3 days remote.
• Relocation is expected.

Nice To Haves

• 3-7 years preferred experience in IT security, risk management, compliance or audit.
• Industry certifications such as CISSP, CISM, CRISC, CISA, or CompTIA Security+.
• Active pursuit or attainment of CISSP.

Responsibilities

• Monitor and analyze security events, logs, and alerts to identify vulnerabilities, threats, and potential breaches.
• Investigate security incidents, perform forensic analysis, conduct root cause analysis, and recommend corrective actions.
• Support incident response activities and post-incident reviews from a governance, risk, and compliance perspective.
• Develop, maintain, and enforce information security policies, standards, and procedures aligned with business objectives and regulatory requirements.
• Lead IT risk management activities, including risk assessments, risk registers, mitigation plans, and remediation tracking.
• Map security controls to regulatory and framework requirements and maintain audit documentation and evidence.
• Monitor and report on control effectiveness, overall risk posture, and compliance status to leadership.
• Ensure compliance with applicable legal, regulatory, and contractual obligations (e.g., NIST, ISO 27001, SOC, PCI-DSS, HIPAA, GDPR).
• Coordinate and support internal and external security audits, assessments, and certifications.
• Manage third-party and vendor security risk assessments and ongoing compliance reviews.
• Design, implement, and maintain enterprise security controls and perimeter protections.
• Collaborate with IT teams to deploy and support security technologies such as firewalls, intrusion detection/prevention systems, endpoint protection, and authentication mechanisms.
• Maintain accurate documentation, inventories, and diagrams of the security environment.
• Develop and deliver security awareness and training programs to promote a strong security culture.
• Partner with IT, Security Operations, Legal, Privacy, and business teams to embed security governance into systems, projects, and processes.
• Work closely with the NCAA Information Security Officer to support enterprise security strategy and policy development.
• Provide guidance and escalation support to the Service Desk for security-related issues.
• Support disaster recovery and business continuity planning, including backup, restoration, and testing activities.
• Prepare and maintain security documentation, incident records, and KPI-based reports to measure security effectiveness.
• Provide IT security support for offsite events, including meetings and championships, with flexibility for after-hours, weekend, and extended remote assignments.
• Perform other duties as assigned.