GRC Analyst

SUMMARY: The Information Security Analyst - GRC is a hybrid business and technical position within the Information Security Office requiring knowledge of information security controls and procedures, regulations, legal requirements and applicable compliance frameworks. This position is responsible for ensuring compliance, providing governance support for adhering to security and compliance standards and quantifying risk levels from aggregate security and compliance concerns. ESSENTIAL DUTIES, RESPONSIBLITIES, AND EXPECTATIONS: Ensure compliance with applicable standards, such as SOX, PCI DSS, HIPAA, FERPA, CCPA, GDPR, etc. – leading the audit, evidence collection and reporting processes. Create and maintain internal policies, standards and security baselines, oriented toward compliance and regulatory standards – as well as, enforcement of secure practices. Manage risk acceptance and policy exception processes, ingesting risks and creating tracking, reporting and accountability mechanisms. Perform vendor and product risk assessments, to align vendors and products with applicable standards, policies and security baselines. Track inputs from penetration tests and vulnerability scans and create exceptions as needed and help facilitate remediation and/or risk reporting over time. Other duties as assigned. SUPERVISORY RESPONSIBILITIES: None QUALIFICATIONS: The requirements listed below are representative of the knowledge, skills, and/or abilities required to successfully perform the job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Education and Experience: Bachelors degree in Computer Science, Information Systems, Business or related field or equivalent work experience required. Requires 1-3 years of relevant IT or business experience. Professional certifications not required, however preference will be given to candidates with one or more relevant certifications such as CISSP, PCI DSS/QSA, CISA, CCPA, CISM, GIAC, GSEC, CEH, CNA/CCNP, CCSP, MCSE. Specific compliance or regulatory certifications are a huge plus. Knowledge, Skills and Abilities: Previous experience in GRC, security or other technology roles – with solid foundation in documentation, meeting facilitation and risk reporting. Ability to find required answers to compliance / risk questions using existing security tools, typically starting from the SEIM. A strong curiosity, sense of focus and willingness to perform deep research and analysis to find and resolve issues that relate to audits / findings. Team player with demonstrated ability to work without guidance. Strong written and oral communication skills. At Grand Canyon Education, it is our privilege to serve students and those who support academic advancement. We lead educational transformation by developing superior ways to help schools grow and prosper. We provide transparent programs, intuitive online learning technologies and well-established academic models that promote student success and institutional growth. Employment is contingent upon the satisfactory outcome (as determined by the university) of pre-employment screening activities, including a background check. For assistance with your job application please use our External Candidate Job Application Guide. All staff candidates will be asked to review GCE’s staff expectations as part of the application process. Our partner in education, Grand Canyon University, is Arizona’s premier private Christian university. GCU serves traditional and online students by offering quality academic degree programs, experienced leadership and transformative learning experiences both on our growing campus and digitally. If you’re interested in working for Grand Canyon University, visit jobs.gcu.edu. For more information about Grand Canyon Education, Inc., visit gce.com