What are the responsibilities and job description for the Information Security GRC Analyst Sr/UKHC position at Inside Higher Ed?
Job Title
Information Security GRC Analyst Sr/UKHC
Requisition Number
RE54252
Working Title
Information Security, Governance, Risk and Compliance Analyst Senior
Department Name
H3997:EVPHA Information Technology
Work Location:
Lexington, KY
Grade Level
12
Salary Range
$62,400-111,634/year
Type Of Position
Staff
Position Time Status
Full-Time
Required Education
BS
Click here for more information about equivalencies::
https://hr.uky.edu/employment/working-uk/equivalencies
Required Related Experience
5 yrs
Required License/Registration/Certification
CISA (Certified Information Systems Auditor) or CRISC (Certified in Risk and Information Systems Control) or equivalent certification.
Physical Requirements
The physical requirements of this position include: Mobility to work from several locations depending on business needs; occasionally lifting, pushing, and/or pulling objects up to 50lbs; occasionally standing or walking with objects up to 10lbs; regularly sitting at a computer workstation for extended periods of time with regular repetitive motions (such as typing); occasionally dealing with combative/violent people; and occasional job-related travel.
Shift
Primarily Monday through Friday 8am-5pm, with evening, night, and weekend requirements per departmental needs.
Job Summary
Responsible for conducting risk assessments, gap analysis and compliance initiatives across the organization in alignment with NIST, HIPAA, GDPR, etc. Creates reports and presentations for reporting to senior management. Coordinates with IT teams, business stakeholders, and vendors to support security control implementation and remediation of findings. Contributes to process improvements and helps maintain the organization’s overall security posture. Mentors and trains other analysts to support knowledge transfer and enhance team effectiveness. This position is hybrid.
Essential Functions
N/A
Does this position have supervisory responsibilities? :
No
Preferred Education/Experience
Bachelor’s degree in cybersecurity, computer science, or a related field.
Deadline To Apply
05/10/2026
Our University Community
We value the well-being of each of our employees and are dedicated to creating a healthy place for everyone to work, learn and live. In the interest of maintaining a safe and healthy environment for our students, employees, patients and visitors, the University of Kentucky is a Tobacco & Drug Free campus.
The University follows both the federal and state Constitutions as well as all applicable federal and state laws on nondiscrimination. The University provides equal opportunities for qualified persons in all aspects of institutional operations and does not discriminate on the basis of race, color, national origin, ethnic origin, religion, creed, age, physical or mental disability, veteran status, uniformed service, political belief, sex, sexual orientation, gender identity, gender expression, pregnancy, marital status, genetic information or social or economic status.
Any candidate offered a position may be required to pass pre-employment screenings as mandated by University of Kentucky Human Resources. These screenings may include a national background check and/or drug screen.
Information Security GRC Analyst Sr/UKHC
Requisition Number
RE54252
Working Title
Information Security, Governance, Risk and Compliance Analyst Senior
Department Name
H3997:EVPHA Information Technology
Work Location:
Lexington, KY
Grade Level
12
Salary Range
$62,400-111,634/year
Type Of Position
Staff
Position Time Status
Full-Time
Required Education
BS
Click here for more information about equivalencies::
https://hr.uky.edu/employment/working-uk/equivalencies
Required Related Experience
5 yrs
Required License/Registration/Certification
CISA (Certified Information Systems Auditor) or CRISC (Certified in Risk and Information Systems Control) or equivalent certification.
Physical Requirements
The physical requirements of this position include: Mobility to work from several locations depending on business needs; occasionally lifting, pushing, and/or pulling objects up to 50lbs; occasionally standing or walking with objects up to 10lbs; regularly sitting at a computer workstation for extended periods of time with regular repetitive motions (such as typing); occasionally dealing with combative/violent people; and occasional job-related travel.
Shift
Primarily Monday through Friday 8am-5pm, with evening, night, and weekend requirements per departmental needs.
Job Summary
Responsible for conducting risk assessments, gap analysis and compliance initiatives across the organization in alignment with NIST, HIPAA, GDPR, etc. Creates reports and presentations for reporting to senior management. Coordinates with IT teams, business stakeholders, and vendors to support security control implementation and remediation of findings. Contributes to process improvements and helps maintain the organization’s overall security posture. Mentors and trains other analysts to support knowledge transfer and enhance team effectiveness. This position is hybrid.
Essential Functions
- Conducts risk assessments, gap analysis, and compliance initiatives for departments, systems, applications and vendors.
- Prepares reports for senior management and advises on risk mitigation.
- Evaluates controls and compensating controls and ensures that remediation plans are acceptable and in place.
- Communicates and implements control framework and automation.
- Tracks remediation of identified risks and collaborates with stakeholders to ensure timely resolution.
- Maintains security and compliance metrics, reporting findings to management.
- Prepares materials for internal and external audits, supporting audit readiness and evidence collection.
- Collaborates with IT and business teams to ensure adherence to regulatory requirements (HIPAA, SOX, PCI-DSS, GDPR, etc.).
- Participates in continuous improvement of GRC processes and documentation practices.
- Performs other duties as assigned.
N/A
Does this position have supervisory responsibilities? :
No
Preferred Education/Experience
Bachelor’s degree in cybersecurity, computer science, or a related field.
Deadline To Apply
05/10/2026
Our University Community
We value the well-being of each of our employees and are dedicated to creating a healthy place for everyone to work, learn and live. In the interest of maintaining a safe and healthy environment for our students, employees, patients and visitors, the University of Kentucky is a Tobacco & Drug Free campus.
The University follows both the federal and state Constitutions as well as all applicable federal and state laws on nondiscrimination. The University provides equal opportunities for qualified persons in all aspects of institutional operations and does not discriminate on the basis of race, color, national origin, ethnic origin, religion, creed, age, physical or mental disability, veteran status, uniformed service, political belief, sex, sexual orientation, gender identity, gender expression, pregnancy, marital status, genetic information or social or economic status.
Any candidate offered a position may be required to pass pre-employment screenings as mandated by University of Kentucky Human Resources. These screenings may include a national background check and/or drug screen.
Salary : $62,400 - $111,634