Cyber Information Assurance Analyst
Penn State University Park, United States
CURRENT PENN STATE EMPLOYEE (faculty, staff, technical service, or student), please login to Workday to complete the internal application process. Please do not apply here, apply internally through Workday.
CURRENT PENN STATE STUDENT (not employed previously at the university) and seeking employment with Penn State, please login to Workday to complete the student application process. Please do not apply here, apply internally through Workday.
If you are NOT a current employee or student, please click “Apply” and complete the application process for external applicants.
JOB DESCRIPTION AND POSITION REQUIREMENTS:
Penn State Information Technology is seeking a Governance Risk and Compliance (GRC) Analyst. The GRC analyst will play a pivotal role in assessing and prioritizing information, security, and cybersecurity risk across the organization. The GRC Analysts' technical skills, combined with their ability to manage risks and ensure compliance, make them a key player in Penn States cybersecurity strategy. GRC Analysts ensure that an organization’s operations and procedures meet government and industry compliance standards. They research regulations and policies on behalf of the enterprise, communicate the necessary requirements, and serve as a subject matter expert on all risk-related matters. This position will act as a LionSHIELD specialist, they will focus on the controlled unclassified information (CUI) environment at Penn State.
- Managing risks related to the use of Information Technology, Information Security, Regulatory Compliance, and Governance.
- Lead the enforcement of compliance programs that address internal and external requirements, ensuring individuals understand and adhere to relevant policies and regulations.
- Collaborate with internal stakeholders to ensure compliance requirements are integrated into systems, processes, and data management practices.
- Conducting gap analysis and implementing frameworks and standards such as NIST, FERPA, CMMC, HIPAA, GDPR, PCI, etc.
- Developing and revising policies, standards, processes, and guidelines for the organization.
- Conducting vendor risk assessments against organizational security requirements.
- Continually assessing and monitoring the effectiveness of security controls.
- Conducting research to aid threat assessment or risk mitigation activities.
- Developing mechanisms to align with the adoption and usage of current and emerging technologies.
Education and Experience
This position minimally requires a bachelor's degree and 6+ years of experience or an equivalent combination of education and experience. Preferred field of study: Information Security, Risk Management, Legal Studies or related field or discipline. Applicants with an Associate degree and additional experience and competencies are encouraged to apply. Candidates must be US citizens to apply.
Preferred experience and knowledge:
- Azure Gov Cloud
- CUI
- NIST SP 800-171 compliance
Location
This position is flexible and can operate fully remote, the office location for the position is at the University Park campus, in State College, PA., and will require occasional work on campus. Candidates should live in the local area or be willing to travel to campus as needed at their own expense.
The Pennsylvania State University is committed to and accountable for advancing diversity, equity, inclusion, and sustainability in all of its forms. We embrace individual uniqueness, foster a culture of inclusion that supports both broad and specific diversity initiatives, leverage the educational and institutional benefits of diversity in society and nature, and engage all individuals to help them thrive. We value inclusion as a core strength and an essential element of our public service mission.
The salary range for this position, including all possible grades is:
$86,300.00 - $129,500.00Salary Structure - additional information on Penn State's job and salary structure.
CAMPUS SECURITY CRIME STATISTICS:
Pursuant to the Jeanne Clery Disclosure of Campus Security Policy and Campus Crime Statistics Act and the Pennsylvania Act of 1988, Penn State publishes a combined Annual Security and Annual Fire Safety Report (ASR). The ASR includes crime statistics and institutional policies concerning campus security, such as those concerning alcohol and drug use, crime prevention, the reporting of crimes, sexual assault, and other matters. The ASR is available for review here.
Employment with the University will require successful completion of background check(s) in accordance with University policies.
EEO IS THE LAW
Penn State is an equal opportunity, affirmative action employer, and is committed to providing employment opportunities to all qualified applicants without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability or protected veteran status. If you are unable to use our online application process due to an impairment or disability, please contact 814-865-1473.
Federal Contractors Labor Law Poster
University Park, PA ApplyJob Profile
Fully remote Must be a U.S. Citizen Occasional on-campus work required
Benefits/PerksDiversity and inclusion initiatives Flexible remote work Fully remote
Tasks- Assess cybersecurity risks
- Collaborate with stakeholders
- Conduct gap analysis
- Develop policies and guidelines
- Ensure compliance
- Ensure compliance with regulations
- Research
Azure Gov Cloud C CMMC Compliance Cybersecurity Data Management FERPA Gap Analysis GDPR Governance risk and compliance HIPAA Information security Monitoring NIST Organization Organizational PCI Policy Development Reporting Research Risk Management Security Controls Technology Vendor risk assessments Workday
Experience6 years
EducationAssociate degree Bachelor's Bachelor's degree Degree Equivalent combination of education and experience
TimezonesAmerica/Anchorage America/Chicago America/Denver America/Los_Angeles America/New_York Pacific/Honolulu UTC-10 UTC-5 UTC-6 UTC-7 UTC-8 UTC-9