"*GRC Analyst Intermediate"

*GRC Analyst Intermediate

Company:
University of Oklahoma

Job Location:

Category:
Software Engineer/Programmer

Type:
Full-Time

* Job Number:
260246

Organization: Information Technology

Job Location: Oklahoma-Norman

Schedule:

Work Schedule: Normal Business Hours are 8:00am-5:00pm, M - F

Work Type: Hybrid

Salary Range: Targeted salary: $55,000 - $70,000 annually, based on experience

Benefits Provided: Yes

Required Attachments: Resume

Job Description

*

Responsible for ensuring the organization's information systems and processes align with established cybersecurity, privacy, and regulatory standards. This role conducts in-depth security consultations and risk assessments to evaluate the effectiveness of security controls, identify vulnerabilities, and recommend mitigation strategies

Duties:

• Plan, coordinate, and facilitate IT disaster recovery (DR) tests and tabletop exercises; evaluate results against requirements and document findings.
• Develop and maintain auditable evidence of implemented security measures to support compliance and assurance activities.
• Conduct privacy impact assessments (PIAs), document risks, and prepare formal reports with recommendations.
• Collect, examine, and preserve forensic images and other digital evidence using validated investigative techniques in support of research integrity investigations and incident response.
• Collaborate with vendors to coordinate incident response activities and ensure timely resolution of security events.
• Analyze digital evidence from security incidents to identify root causes, assess vulnerabilities, and recommend corrective actions.
• Review contracts, data governance requests, and system security plans (SSPs) to ensure alignment with cybersecurity, privacy, and regulatory requirements.
• Monitor relevant cybersecurity, data privacy, and legal regulations to provide informed recommendations and support compliance initiatives.
• Performs other duties as assigned

Job Requirements

*

Required: Bachelors Degree in Computer Science, Information Technology, or related discipline, AND:

• 3 years of experience in governance, risk, and compliance (GRC), cybersecurity, information assurance or related field

Equivalency/Substitution: Experience or a combination of education & related experience can be considered in lieu of degree. A one-to-one ratio is used to determine the number of years of experience required in place of a degree.

Skills:

• Ability to perform effectively in high-pressure, fast-paced environment.
• In-depth understanding of cybersecurity frameworks and standards
• Strong verbal and written communication skills, with the ability to convey complex information clearly to both technical and non-technical audiences.
• Excellent interpersonal and mentoring skills, with the ability to teach and guide others.
• Familiarity with regulatory and compliance requirements
• Understanding of network and system architecture, including common security configurations and vulnerabilities
• Strong analytical and problem-solving skills for identifying security risks and evaluating mitigation strategies
• Skilled in using risk assessment and compliance tools, vulnerability scanners, and GRC platforms
• Ability to effectively interpret and apply security policies, procedures, and technical standards
• Ability to assess technical environments for compliance with security and privacy requirements
• Ability to maintain confidentiality and handle sensitive information with discretion
• Ability to adapt to changing technologies, threats, and regulatory landscapes

Certifications: None

Working Conditions:

• Requires extended periods of sitting, working at a computer, and using a phone.
• Requires sound judgment under pressure and the ability to manage multiple competing priorities effectively.
• Office Work Environment.
• Occasional evening, weekend, or on-call availability during critical incidents or high-severity events.

Departmental Preferences: None

Special Instructions: If you are selected as a final candidate for this position, you will be subject to The University of Oklahoma Norman Campus Tuberculosis Testing policy. To view the policy, visit https://hr.ou.edu/Policies-Handbooks/TB-Testing.

Why You Belong at the University of Oklahoma: The University of Oklahoma values our community's unique talents, perspectives, and experiences. At OU, we aspire to harness our innovation, creativity, and collaboration for the advancement of people everywhere. You Belong Here!

Equal Employment Opportunity Statement: The University, in compliance with all applicable federal and state laws and regulations, does not discriminate on the basis of race, color, national origin, sex, sexual orientation, marital status, genetic information, gender identity/expression (consistent with applicable law), age (40 or older), religion, disability, political beliefs, or status as a veteran in any of its policies, practices, or procedures. This includes but is not limited to admissions, employment, housing, financial aid, and educational services.

Hiring contingent upon a Background Check?: Yes

Special Indications: None

Job Posting: Feb 10, 2026