"Cybersecurity Governance, Risk and Compliance Analyst-1"

Job Description Summary

Under the supervision of the Cybersecurity Governance, Risk, and Compliance Manager, the GRC Analyst assumes a pivotal position within the GRC team, ensuring our organization adheres to regulatory frameworks, effectively manages risks, and upholds exemplary governance standards. The GRC Analyst serves as a vital resource for staff and leadership, offering expertise in information security policy development, implementation, interpretation, and compliance. Additionally, they play a crucial role in fostering a security-first culture throughout the organization by spearheading comprehensive training and awareness programs.

Description of Duties and Tasks

• Assists with the development of System Security Plans, Continuous Monitoring, Plan of Action and Milestones, Security Controls Assessment, Risk Exposure analysis, all in accordance with TCF/NIST requirements
• Researches, recommends, and contributes to information security policies, standards, and procedure development. Assists with the lifecycle management of information security policies and supporting documents.
• Manages an exception review and approval process, and assures exceptions are documented and periodically reviewed
• Updates security controls and provides support to all stakeholders on information security controls covering internal assessments, regulations, and protecting FERPA and Personally Identifying Information (PII).
• Assists and performs IT security control effectiveness reviews. Manage remediation efforts for the identified gaps including assessment of new or enhanced implemented controls.
• Collaborates with internal teams to conduct regular assessments of information security policies, procedures, and controls to ensure compliance with relevant regulations and standards
• Prepare detailed reports on assessment findings, monitor status updates, and ensure that corrective actions are implemented effectively and sustainably.
• Creates information security and cyber awareness communications and training content for all employees.
• Supports the development and upkeep of a measured and managed Security and Privacy training program tailored to roles, with oversight of phishing campaigns.
• Keeps abreast of security industry trends, emerging threats, pertinent regulatory compliance requirements, and best practices in security.
• Participates in cross-functional projects related to risk management, data protection, and security governance.
• Conducts third-party supplier risk assessments to oversee supply chain risk across the supplier's lifecycle. Evaluates and communicates business risks and benefits, and enforces supplier compliance mandates.

Knowledge

• Working knowledge of various Security Frameworks, primarily NIST.
• Knowledge of information security management, governance, and compliance principles, practices, laws, rules and regulations.
• Knowledge of information technology systems and processes, network infrastructure and data architecture
• Knowledge of best practices in security training and awareness.

Skills

• Skills and or/experience in developing/delivering security awareness training either directly or through managed third party providers/tools.
• Skills in business process mapping and documentation as well as policy and procedure development.
• Recent experience in Information Security with up-to-date knowledge of the current threat landscape.
• Analytical, conceptual thinking and strategic planning skills.
• Proactive self-starter with the talent to think through technical solutions to potentially open-ended problems.
• Maintaining an established work schedule.
• Effectively using interpersonal and communications skills.
• Effectively using organizational and planning skills with attention to detail and follow-through.
• Maintaining confidentiality of work-related information and materials.
• Establishing and maintaining effective working relationships, including the ability to coordinate the work of others.
• Strong oral and written communication skills and the ability to work well with people from many different disciplines with varying degrees of technical expertise.
• Ability to prioritize assignments while working on multiple projects.

Required Work Experience

Two (2) years related experience

Preferred Work Experience

• Work experience specifically in cybersecurity governance, risk and compliance or related roles.
• Work experience in a Texas government or government-adjacent organization
• Work experience in an institution that is FERPA regulated.
• Working knowledge of the concepts of data privacy regulations, including FERPA requirements or similar regulated data classifications.

Required Education

Bachelor's degree in computer science, Information Technology, or related field. 4 Years of relevant work experience may be substituted for the degree requirement

Licenses/Certifications; Other

Reliable transportation for travel in the Austin area as required.

Other Preferred Qualifications

• ITIL Foundation-level certification or above preferred but not required.
• Relevant certifications such as CISSP, CISA, CRISC are preferred but not required.

Physical Requirements

Work is performed in a standard office or similar environment. Subject to standing, walking, sitting, bending, reaching, pushing, and pulling. Occasional lifting of objects up to 10 pounds.

Safety

Work safely and follow safety rules. Report unsafe working conditions and behavior. Take reasonable and prudent actions to prevent others from engaging in unsafe practices.

Salary Range

$76,693 - $95,866

Number of Openings:

1

Job Posting Close Date:

September 23, 2025