"GRC Analyst Lead"

OU Information Technology is searching for a Lead GRC Analyst who will be responsible for ensuring the organization's information systems and processes align with established cybersecurity, privacy, and regulatory standards. This role conducts in-depth security consultations and risk assessments to evaluate the effectiveness of security controls, identify vulnerabilities, and recommend mitigation strategies.

Why OU? In addition to a job that gives fulfillment and your salary, you will also have access to a generous benefits package that includes: 14 holidays each year and 18 - 22 hours of earned PTO per month, Insurance plans for you and your family, Retirement options that require no contributions from the employee, And much more! For a list of OU's benefits, click here!

Duties:

• Develop and maintain IT security policies, strategies, and governance documentation, including required TEA content, to ensure organizational compliance with applicable laws, regulations, and standards.
• Analyze data from multiple sources to provide actionable insights on cybersecurity and privacy risks, trends, and opportunities for improvement.
• Evaluate technology programs and components for compliance with published security and privacy standards; recommend and oversee corrective actions.
• Anticipate and respond to changes in cybersecurity policy, regulations, technology, and staffing requirements to maintain organizational readiness.
• Lead and coordinate defined security programs, ensuring overall success, alignment with organizational priorities, and effective communication with stakeholders.
• Provide guidance, direction, and mentorship to security analysts at all levels, ensuring consistent application of policies, procedures, and best practices across the team.
• Performs other duties as assigned. The position will be located on the OKC campus with a hybrid work model option for experienced candidates.

Job Requirements:

Required Education: Bachelor's Degree in Computer Science, Information Technology, or related discipline, AND: 7 years of experience in governance, risk, and compliance (GRC), cybersecurity, information assurance or related field. Equivalency/Substitution: Experience or a combination of education & related experience can be considered in lieu of degree. A one-to-one ratio is used to determine the number of years of experience required in place of a degree.

Skills: Ability to perform effectively in high-pressure, fast-paced environments, In-depth understanding of cybersecurity frameworks and standards, Strong verbal and written communication skills, with the ability to convey complex information clearly to both technical and non-technical audiences, Excellent interpersonal and mentoring skills, with the ability to teach and guide others, Familiarity with regulatory and compliance requirements, Understanding of network and system architecture, including common security configurations and vulnerabilities, Strong analytical and problem-solving skills for identifying security risks and evaluating mitigation strategies, Skilled in using risk assessment and compliance tools, vulnerability scanners, and GRC platforms, Ability to effectively interpret and apply security policies, procedures, and technical standards, Ability to assess technical environments for compliance with security and privacy requirements, Ability to maintain confidentiality and handle sensitive information with discretion, Ability to adapt to changing technologies, threats, and regulatory landscapes, Ability to lead and train junior level staff.

Certifications: None.

Working Conditions: Requires extended periods of sitting, working at a computer, and using a phone, Requires sound judgment under pressure and the ability to manage multiple competing priorities effectively, Office Work Environment, Occasional evenings, weekend, or on-call availability during critical incidents or high-severity events.

Supervision: Yes.