Cybersecurity GRC Analyst

Job Posting Title Cybersecurity GRC Analyst---- Hiring Department Information Security Office---- Position Open To All Applicants---- Weekly Scheduled Hours 40---- FLSA Status Exempt from FLSA---- Earliest Start Date Immediately---- Position Duration Expected to Continue---- Location AUSTIN, TX---- Job Details General Notes This position can be a completely remote opportunity (within most of the United States) and provides life/work balance with typically a 40-hour work week. Flexible work arrangements are available for this position along with a competitive salary and benefits (and an amazing opportunity to make an impact and do good across the planet). The position resides within the Information Security Office (ISO) and plays a vital role in supporting the governance, risk, and compliance program—particularly in the area of controlled research and CUI (Controlled Unclassified Information) compliance. This person will work closely with the UTISO and campus partners to provide support for security controls, assessments, risk analysis, GRC tools, policies, processes, and industry framework review. You will get to work with a very intelligent and dedicated team to address enterprise cybersecurity challenges through novel approaches in an office that highly values work-life balance, the freedom to explore out of the box ideas, and serving others. Most importantly, you will help our researchers to securely advance their pursuits. What starts here changes the world! Your skills will make a difference You'll be working for a university that is internationally recognized for research and the work you do will make a difference in the lives of our students, faculty and staff. You’ll also be working for a team that is nationally respected by their peer community. If you're the type of person that wants to know your work has meaning and impact, you'll like working for our team. The Information Security Office at The University of Texas at Austin provides an outstanding benefits package to our staff. Those benefits include Competitive health benefits (employee premiums covered at 100%, family premiums at 50%) Voluntary Vision, Dental, Life, and Disability insurance options Generous paid vacation, sick time, and holidays Teachers Retirement System of Texas, a defined benefit retirement plan, with employer matching funds Additional Voluntary Retirement Programs Tax Sheltered Annuity 403(b) and a Deferred Compensation program 457(b) Flexible spending account options for medical and childcare expenses Robust free training access through LinkedIn Learning plus professional conference opportunities An exclusive incentive pay program A great physical office space should you prefer to work from campus Tuition assistance Expansive employee discount program including athletic tickets Free access to UT Austin's libraries and museums with staff ID card Free rides on all UT Shuttle and Austin CapMetro buses with staff ID card For more details, please see https//hr.utexas.edu/prospective/benefits and https//hr.utexas.edu/current/services/my-total-rewards. This position requires you to maintain Internet service and a mobile phone with voice and data plans to be used when required for work. You must also be authorized to work in the United States on a full-time basis for any employer without sponsorship (e.g., US citizen, US resident, US asylee). Purpose The Cybersecurity GRC Analyst will focus on the development, maintenance, and execution of governance, risk, and compliance activities that support the university’s Controlled Research Program, including programs operating under NIST 800-171, DFARS, ITAR, and CMMC requirements. This position is part of the larger GRC function within the Information Security Office (ISO) and collaborates closely with researchers, sponsored programs offices, and technical teams to build and maintain compliant environments.

Responsibilities

Support and maintain the university’s cybersecurity GRC program, with a focus on research computing environments that handle Controlled Unclassified Information (CUI) or other regulated data. Coordinate and perform security assessments and risk evaluations of research systems and projects against applicable regulatory frameworks (e.g., NIST 800-171, CMMC, DFARS, ITAR). Collaborate with research IT, sponsored programs, legal, and research stakeholders to support secure and compliant research practices across the institution. Create, update, and cross-reference controls and documentation across multiple regulatory frameworks to support streamlined and unified GRC practices. Develop and maintain System Security Plans (SSPs), Plans of Action and Milestones (POA&Ms), and other required compliance documentation for research programs. Work with ISO staff to extend enterprise policies and GRC tooling to meet the specialized needs of controlled research. Provide consulting and support to researchers and administrators on CUI compliance requirements, secure system design, and data handling best practices. Track and manage identified compliance gaps and risks in alignment with risk management strategies and institutional priorities. Contribute to broader ISO GRC initiatives such as policy development, compliance reporting, and framework alignment activities. Stay up to date on emerging federal compliance regulations and frameworks related to controlled research and incorporate into institutional practices as appropriate. Perform other duties as assigned to support the ISO’s cybersecurity and compliance objectives.

Required Qualifications

U.S. Citizen, resident, or officially recognized asylee - Applicant selected will be subject to government security investigation and must meet eligibility requirements for access to classified information at the level appropriate to the project requirements of the position. Minimum of 3 years of experience in cybersecurity, audit, compliance, risk management, or GRC, with at least 1 year involving NIST 800-171, DFARS, CUI, or similar compliance frameworks. Familiarity with controlled research environments and compliance programs such as CMMC, ITAR, or FISMA. Solid understanding of information security principles, IT governance, and technical controls (access management, system hardening, auditing, data protection, etc.). Strong analytical, documentation, and project management skills. Excellent interpersonal and communication skills to interface with a diverse campus community including researchers, IT staff, and administrators. Demonstrated ability to work independently and collaboratively in a fast-paced, distributed team environment. Strong synchronous and asynchronous communication skills Self-motivated to learn and share knowledge. Relevant education and experience may be substituted as appropriate.

Preferred Qualifications

Experience developing or maintaining System Security Plans (SSPs), POA&Ms, or other compliance documentation in research settings. Experience with CMMC Level 2 compliance initiatives or pre-assessment support. Familiarity with GRC platforms and tools (e.g., IsoraGRC). Experience supporting academic or research institutions in regulated environments. Knowledge of UT Austin’s research infrastructure, policies, and governance (a plus but not required). Salary Range $125,000 + depending on qualifications Working Conditions May work around standard office conditions Repetitive use of a keyboard at a workstation Use of manual dexterity This position can be a completely remote opportunity (within most of the United States) and provides life/work balance with typically a 40-hour work week. Required Materials Resume/CV 3 work references with their contact information; at least one reference should be from a supervisor Letter of interest Important for applicants who are NOT current university employees or contingent workers You will be prompted to submit your resume the first time you apply, then you will be provided an option to upload a new Resume for subsequent applications. Any additional Required Materials (letter of interest, references, etc.) will be uploaded in the Application Questions section; you will be able to multi-select additional files. Before submitting your online job application, ensure that ALL Required Materials have been uploaded. Once your job application has been submitted, you cannot make changes. Important for Current university employees and contingent workers As a current university employee or contingent worker, you MUST apply within Workday by searching for Find UT Jobs. If you are a current University employee, log-in to Workday, navigate to your Worker Profile, click the Career link in the left hand navigation menu and then update the sections in your Professional Profile before you apply. This information will be pulled in to your application. The application is one page and you will be prompted to upload your resume. In addition, you must respond to the application questions presented to upload any additional Required Materials (letter of interest, references, etc.) that were noted above. ---- Employment Eligibility Regular staff who have been employed in their current position for the last six continuous months are eligible for openings being recruited for through University-Wide or Open Recruiting, to include both promotional opportunities and lateral transfers. Staff who are promotion/transfer eligible may apply for positions without supervisor approval.---- Retirement Plan Eligibility The retirement plan for this position is Teacher Retirement System of Texas (TRS), subject to the position being at least 20 hours per week and at least 135 days in length.---- Background Checks A criminal history background check will be required for finalist(s) under consideration for this position. ---- Equal Opportunity Employer The University of Texas at Austin, as an equal opportunity/affirmative action employer, complies with all applicable federal and state laws regarding nondiscrimination and affirmative action. The University is committed to a policy of equal opportunity for all persons and does not discriminate on the basis of race, color, national origin, age, marital status, sex, sexual orientation, gender identity, gender expression, disability, religion, or veteran status in employment, educational programs and activities, and admissions. ---- Pay Transparency The University of Texas at Austin will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. ---- Employment Eligibility Verification If hired, you will be required to complete the federal Employment Eligibility Verification I-9 form. You will be required to present acceptable and original documents to prove your identity and authorization to work in the United States. Documents need to be presented no later than the third day of employment. Failure to do so will result in loss of employment at the university. ---- E-Verify The University of Texas at Austin use E-Verify to check the work authorization of all new hires effective May 2015. The university’s company ID number for purposes of E-Verify is 854197. For more information about E-Verify, please see the following E-Verify Poster (English and Spanish) [PDF] Right to Work Poster (English) [PDF] Right to Work Poster (Spanish) [PDF] ---- Compliance Employees may be required to report violations of law under Title IX and the Jeanne Clery Disclosure of Campus Security Policy and Crime Statistics Act (Clery Act). If this position is identified a Campus Security Authority (Clery Act), you will be notified and provided resources for reporting. Responsible employees under Title IX are defined and outlined in HOP-3031. The Clery Act requires all prospective employees be notified of the availability of the Annual Security and Fire Safety report. You may access the most recent report here or obtain a copy at University Compliance Services, 1616 Guadalupe Street, UTA 2.206, Austin, Texas 78701. Apply To This Job Apply tot his job Apply To this Job