University of Nebraska System

Job Summary:

The Governance, Risk, and Compliance Analyst (GRC Analyst) will serve as a key member of the Research IT team at the University of Nebraska. The GRC Analyst for Research is responsible for the assessment and documentation of the University's compliance and risk posture as they relate to its Research information assets. The person in this position will focus on collaboration, review, and compliance with regulatory standards by campus research entities. The regulatory standards include, but are not limited to, NIST 800-171, CMMC, and DFARS.

Responsible for developing and maintaining cybersecurity control documentation and complying with cybersecurity standards.

This position will uphold the ITS core principles of outstanding collaboration and communication, a drive to succeed, a passion for higher learning, and acting with integrity.

Additional Info

About Us:

University of Nebraska employees enjoy a flexible benefits program allowing you to customize your benefits to suit your personal needs; paid vacation and sick leave in addition to 13 paid holidays; access to career-advancing educational programs, including and employee and dependent tuition benefit applicable at any of the NU campuses; and immediate vesting pre-tax retirement benefits.

Required Qualifications:

Bachelor's degree

3 years experience in Information Technology or with risk management frameworks and compliance practices

Knowledge of NIST standards and other applicable research compliance frameworks

Demonstrated ability to interpret and implement standards, guidelines, compliance frameworks and best practices

Experience performing risk assessments

Equivalent combination of education and experience, that provides the required knowledge, skills, and abilities may be considered.

(SR GRC Level)

Bachelor’s degree

5 years’ experience in information technology preferably in IT security

Demonstrated knowledge of NIST standards and other applicable research compliance frameworks

Knowledge of securing network technologies, client, and server operating systems

Ability to develop security standards and guidelines based on security compliance frameworks and best practices

Experience using security tools (vulnerability scanners, intrusion prevention systems, firewalls, VPN’s, data loss prevention, etc.)

Equivalent combination of education and experience, that provides the required knowledge, skills, and abilities may be considered.

Preferred Qualifications:

Master's degree

Information security and compliance related training or certifications such as CISSP or CRISC

Understanding of information security standards and regulatory regulations related to higher education (FERPA, PCI, HIPAA)

Experience within a higher education environment

Experience using security tools (vulnerability scanners, intrusion prevention systems, firewalls, VPN's, data loss prevention, etc.)

Knowledge of securing network technologies, client, and server operating systems

(SR GRC Level)

Master’s degree

Experience performing information security audits or risk assessments

Experience with security audit or assessment processes

Information security related training or certifications such as CISSP or CRISC

Experience within a higher education environment

Additional Information:

The ideal candidate is an agile professional with strong interpersonal communication skills, flexibility and responsiveness; exhibits high ethical standards; proficient in managing time and competing priorities; responsive and committed to supporting University staff; committed to the ideals of a major public research university.

Special Instructions:

Please note:  Sponsorship will not be offered for this position.

This position is not eligible for an alternative worksite arrangement and is categorized as on-site.  Once a candidate is hired into this role, hybrid work arrangements (defined by NU ITS as a minimum of three days per week on NU Campus and up to two days per week remote) may be available for candidatses who successfully meet minimum performance criteria during the initial probationary employment period.

Position title and salary will be determined based on education and experience of candidate.