Lead GRC Analyst

OU Information Technology is searching for a Lead GRC Analyst who will be responsible for ensuring the organization's information systems and processes align with established cybersecurity, privacy, and regulatory standards. This role conducts in-depth security consultations and risk assessments to evaluate the effectiveness of security controls, identify vulnerabilities, and recommend mitigation strategies.

Why OU?

In addition to a job that gives fulfillment and your salary, you will also have access to a generous benefits package that includes\:

• 14 holidays each year and 18 – 22 hours of earned PTO per month.
• Insurance plans for you and your family.
• Retirement options that require no contributions from the employee.
• And much more! For a list of OU’s benefits, click here!
  

Duties\:

• Develop and maintain IT security policies, strategies, and governance documentation, including required TEA content, to ensure organizational compliance with applicable laws, regulations, and standards.
• Analyze data from multiple sources to provide actionable insights on cybersecurity and privacy risks, trends, and opportunities for improvement.
• Evaluate technology programs and components for compliance with published security and privacy standards; recommend and oversee corrective actions.
• Anticipate and respond to changes in cybersecurity policy, regulations, technology, and staffing requirements to maintain organizational readiness.
• Lead and coordinate defined security programs, ensuring overall success, alignment with organizational priorities, and effective communication with stakeholders.
• Provide guidance, direction, and mentorship to security analysts at all levels, ensuring consistent application of policies, procedures, and best practices across the team.

• Performs other duties as assigned

  **The position will be located on the OKC campus with a hybrid work model option for experienced candidates.**

OU Information Technology is searching for a Lead GRC Analyst who will be responsible for ensuring the organization's information systems and processes align with established cybersecurity, privacy, and regulatory standards. This role conducts in-depth security consultations and risk assessments to evaluate the effectiveness of security controls, identify vulnerabilities, and recommend mitigation strategies.

Why OU?

In addition to a job that gives fulfillment and your salary, you will also have access to a generous benefits package that includes\:

• 14 holidays each year and 18 – 22 hours of earned PTO per month.
• Insurance plans for you and your family.
• Retirement options that require no contributions from the employee.
• And much more! For a list of OU’s benefits, click here!
  

Duties\:

• Develop and maintain IT security policies, strategies, and governance documentation, including required TEA content, to ensure organizational compliance with applicable laws, regulations, and standards.
• Analyze data from multiple sources to provide actionable insights on cybersecurity and privacy risks, trends, and opportunities for improvement.
• Evaluate technology programs and components for compliance with published security and privacy standards; recommend and oversee corrective actions.
• Anticipate and respond to changes in cybersecurity policy, regulations, technology, and staffing requirements to maintain organizational readiness.
• Lead and coordinate defined security programs, ensuring overall success, alignment with organizational priorities, and effective communication with stakeholders.
• Provide guidance, direction, and mentorship to security analysts at all levels, ensuring consistent application of policies, procedures, and best practices across the team.

• Performs other duties as assigned

  **The position will be located on the OKC campus with a hybrid work model option for experienced candidates.**

Required Education\: Bachelor's Degree in Computer Science, Information Technology, or related discipline, AND\:

• 7 years of experience in governance, risk, and compliance (GRC), cybersecurity, information assurance or related field

Equivalency/Substitution\: Experience or a combination of education & related experience can be considered in lieu of degree. A one-to-one ratio is used to determine the number of years of experience required in place of a degree.

Skills\:

• Ability to perform effectively in high-pressure, fast-paced environments.
• In-depth understanding of cybersecurity frameworks and standards
• Strong verbal and written communication skills, with the ability to convey complex information clearly to both technical and non-technical audiences.
• Excellent interpersonal and mentoring skills, with the ability to teach and guide others.
• Familiarity with regulatory and compliance requirements
• Understanding of network and system architecture, including common security configurations and vulnerabilities
• Strong analytical and problem-solving skills for identifying security risks and evaluating mitigation strategies
• Skilled in using risk assessment and compliance tools, vulnerability scanners, and GRC platforms.
• Ability to effectively interpret and apply security policies, procedures, and technical standards
• Ability to assess technical environments for compliance with security and privacy requirements
• Ability to maintain confidentiality and handle sensitive information with discretion
• Ability to adapt to changing technologies, threats, and regulatory landscapes
• Ability to lead and train junior level staff

Certifications\: None

Working Conditions\:

• Requires extended periods of sitting, working at a computer, and using a phone.
• Requires sound judgment under pressure and the ability to manage multiple competing priorities effectively.
• Office Work Environment.
• Occasional evenings, weekend, or on-call availability during critical incidents or high-severity events

Supervision\:Yes

Why You Belong at the University of Oklahoma\: The University of Oklahoma values our community's unique talents, perspectives, and experiences. At OU, we aspire to harness our innovation, creativity, and collaboration for the advancement of people everywhere. You Belong Here!

Equal Employment Opportunity Statement\: The University, in compliance with all applicable federal and state laws and regulations, does not discriminate on the basis of race, color, national origin, sex, sexual orientation, marital status, genetic information, gender identity/expression (consistent with applicable law), age (40 or older), religion, disability, political beliefs, or status as a veteran in any of its policies, practices, or procedures. This includes but is not limited to admissions, employment, housing, financial aid, and educational services.

Required Education\: Bachelor's Degree in Computer Science, Information Technology, or related discipline, AND\:

• 7 years of experience in governance, risk, and compliance (GRC), cybersecurity, information assurance or related field

Equivalency/Substitution\: Experience or a combination of education & related experience can be considered in lieu of degree. A one-to-one ratio is used to determine the number of years of experience required in place of a degree.

Skills\:

• Ability to perform effectively in high-pressure, fast-paced environments.
• In-depth understanding of cybersecurity frameworks and standards
• Strong verbal and written communication skills, with the ability to convey complex information clearly to both technical and non-technical audiences.
• Excellent interpersonal and mentoring skills, with the ability to teach and guide others.
• Familiarity with regulatory and compliance requirements
• Understanding of network and system architecture, including common security configurations and vulnerabilities
• Strong analytical and problem-solving skills for identifying security risks and evaluating mitigation strategies
• Skilled in using risk assessment and compliance tools, vulnerability scanners, and GRC platforms.
• Ability to effectively interpret and apply security policies, procedures, and technical standards
• Ability to assess technical environments for compliance with security and privacy requirements
• Ability to maintain confidentiality and handle sensitive information with discretion
• Ability to adapt to changing technologies, threats, and regulatory landscapes
• Ability to lead and train junior level staff

Certifications\: None

Working Conditions\:

• Requires extended periods of sitting, working at a computer, and using a phone.
• Requires sound judgment under pressure and the ability to manage multiple competing priorities effectively.
• Office Work Environment.
• Occasional evenings, weekend, or on-call availability during critical incidents or high-severity events

Supervision\:Yes

Why You Belong at the University of Oklahoma\: The University of Oklahoma values our community's unique talents, perspectives, and experiences. At OU, we aspire to harness our innovation, creativity, and collaboration for the advancement of people everywhere. You Belong Here!

Equal Employment Opportunity Statement\: The University, in compliance with all applicable federal and state laws and regulations, does not discriminate on the basis of race, color, national origin, sex, sexual orientation, marital status, genetic information, gender identity/expression (consistent with applicable law), age (40 or older), religion, disability, political beliefs, or status as a veteran in any of its policies, practices, or procedures. This includes but is not limited to admissions, employment, housing, financial aid, and educational services.