Governance Risk and Compliance (GRC) Analyst

APPLICATION INSTRUCTIONS:

• CURRENT PENN STATE EMPLOYEE (faculty, staff, technical service, or student), please login to Workday to complete the internal application process. Please do not apply here, apply internally through Workday.

• CURRENT PENN STATE STUDENT (not employed previously at the university) and seeking employment with Penn State, please login to Workday to complete the student application process. Please do not apply here, apply internally through Workday.

• If you are NOT a current employee or student, please click “Apply” and complete the application process for external applicants.

JOB DESCRIPTION AND POSITION REQUIREMENTS:

Penn State Information Technology is seeking a Governance Risk and Compliance (GRC) Analyst. The GRC Analyst proactively evaluates the system and network enterprise environments of University units and uses technical knowledge and analytical skill to determine the optimum mix of technology, policy, procedures, and education to implement effective cyber security programs and strategies; determines security controls, configurations, procedures, and policies based off industrial standards, best practices, University, federal, and state regulations, and contractual requirements; establishes and manages program control processes and compliance assessments to determine deviations from acceptable configurations, policy, or standards; assists with the identification and mitigation of risk posed to the confidentially, integrity, and availability of information systems.

• Conduct risk assessments and provide recommendations for system, network, and application design, implementation, and operation of departmental systems
• With minimal supervision conduct gap analysis and implement frameworks and standards such as NIST, FERPA, CMMC, HIPAA, GDPR, PCI, etc.
• Conducting vendor risk assessments against organizational security requirements with minimal supervision
• Monitor the corrective actions of departmental system audits; draft documentation of Plan of Action and Milestones (POAM) for review
• Meet with stakeholders regularly to assess needs and requirements at a departmental level
• Obtain certification and accreditation for departmental systems through the creation of process documentation support; may assist with unit or University wide process documentation
• Establish program control processes to ensure risk mitigation
• Implement required policies, procedures, and configurations; make recommendations for improvements
• Research and stay current on industry best practices

Education and Experience

This position minimally requires a bachelor's degree and 3+ years of experience or an equivalent combination of education and experience.   Preferred field of study: Information Security, Risk Management, Governance Risk and Compliance or related field or discipline.

Preferred knowledge, skills, and experience:

• Cybersecurity Maturity Model Certification  (CMMC)
• Controlled Unclassified Information  (CUI)
• Certified in Risk and Information Systems Control (CRISC)
• Certified in Governance, Risk, and Compliance (CGRC)
• Certified Information Systems Auditor  (CISA)

Location

This position is flexible and can operate fully remote, the office location for the position is at the University Park campus, in State College, PA., and will require occasional work on campus.  Candidates should live in the local area or be willing to travel to campus as needed at their own expense.

The Pennsylvania State University is committed to and accountable for advancing equity, respect, and belonging in all its forms. We embrace individual uniqueness, as well as a culture of belonging that supports both broad and specific equity initiatives, leverages the educational and institutional benefits of inclusion in society, and provides opportunities for engagement intended to help all members of the community thrive.  We value belonging as a core strength and an essential element of the university’s teaching, research, and service mission. 

The salary range for this position, including all possible grades is:

$76,700.00 - $115,100.00

Salary Structure - additional information on Penn State's job and salary structure. 

CAMPUS SECURITY CRIME STATISTICS:

Pursuant to the Jeanne Clery Disclosure of Campus Security Policy and Campus Crime Statistics Act and the Pennsylvania Act of 1988, Penn State publishes a combined Annual Security and Annual Fire Safety Report (ASR). The ASR includes crime statistics and institutional policies concerning campus security, such as those concerning alcohol and drug use, crime prevention, the reporting of crimes, sexual assault, and other matters. The ASR is available for review here.

Employment with the University will require successful completion of background check(s) in accordance with University policies. 

EEO IS THE LAW

Penn State is an equal opportunity, affirmative action employer, and is committed to providing employment opportunities to all qualified applicants without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability or protected veteran status. If you are unable to use our online application process due to an impairment or disability, please contact 814-865-1473.

Federal Contractors Labor Law Poster

PA State Labor Law Poster

Affirmative Action

Penn State Policies

Copyright Information

Hotlines

University Park, PA