Shuvel Digital
Compliance Risk Analysts11891Hybrid
Shuvel Digital, Vienna, Virginia, United States, 22184
Description:
The IT Risk and Compliance Analyst will carry out IT security assessment activities including IT risk assessments and security reviews for university departments, as well as evaluations of third-party technology solutions, to ensure alignment with university policies, standards, and external compliance regulations wherever applicable. Assessment activities may include a wide variety of tasks depending on the scope of the review and the IT capabilities within university departments (e.g. developing asset inventory, assessing endpoint and application security controls and configurations, examining procedures, etc.) The analyst will be expected to make contributions to the creation and maintenance of documentation/procedures in support of the IT Risk and Compliance program, and should identify opportunities for leveraging automation to support data consistency and process efficiencies within the program and as it relates to other university IT services. The analyst may provide training and outreach to the university community as needed and may also be called upon to coordinate updates for the IT Continuity of Operations plan and to assist units within the Division of Information Technology as they conduct disaster recovery planning or on other security-related initiatives as requested. The position is vital to the ongoing management of the audit processes and risk mitigation efforts designed to ensure accurate reporting and communication of Clients risk and compliance posture.
Risk Management:
Organize and execute annual risk control self-assessments
Establish and maintain open communication channels with stakeholders
Assist in the identification of potential risks and treatment
Become proficient in the operations of the ServiceNow IRM module
Provide input and guidance to teams on risk mitigation
Lead the effort in maintaining an accurate and comprehensive risk register
Compliance Management:
Create, update, and maintain Tech's policies, procedures, and standards
Assist in identification of appropriate IT General Controls (ITGC)
Help develop and validate control metrics
Lead internal audit processes for control validation
Assist with achieving and maintaining compliance with industry/business requirements
_ **
Requirements**_
Bachelor's degree in business, information technology, accounting, or a related field; or equivalent combination of education, training, and experience
Demonstrated experience performing IT security reviews, risk assessments, or audits
Strong understanding of key information security concepts and fundamentals
Experience in creating awareness of security practices across multiple technical teams
Knowledge of security frameworks and standards including NIST, PCI-DSS, ISO 27001, CIS Critical Security Controls, etc.
Ability to effectively communicate across a broad range of campus audiences
Exceptional organizational and time-management skills Preferred Qualifications
Advanced degree in a related field
Professional certification such as CISA, CISM, CRISC, or CISSP
Experience performing security assessment of SaaS services
Knowledgeable of relevant compliance regulations (e.g. FERPA, GLBA)
Experience with GRC and Information security tools/technologies to collect and maintain security and risk information
Experience with automation using common scripting tools (e.g. Python, PowerShell, Bash, etc.)
Experience with GRC tools such as ServiceNow, OneTrust, Lockpath, etc. is beneficial
Experience with data analysis and manipulation
Experience managing IT security risk or compliance in a higher education setting
The IT Risk and Compliance Analyst will carry out IT security assessment activities including IT risk assessments and security reviews for university departments, as well as evaluations of third-party technology solutions, to ensure alignment with university policies, standards, and external compliance regulations wherever applicable. Assessment activities may include a wide variety of tasks depending on the scope of the review and the IT capabilities within university departments (e.g. developing asset inventory, assessing endpoint and application security controls and configurations, examining procedures, etc.) The analyst will be expected to make contributions to the creation and maintenance of documentation/procedures in support of the IT Risk and Compliance program, and should identify opportunities for leveraging automation to support data consistency and process efficiencies within the program and as it relates to other university IT services. The analyst may provide training and outreach to the university community as needed and may also be called upon to coordinate updates for the IT Continuity of Operations plan and to assist units within the Division of Information Technology as they conduct disaster recovery planning or on other security-related initiatives as requested. The position is vital to the ongoing management of the audit processes and risk mitigation efforts designed to ensure accurate reporting and communication of Clients risk and compliance posture.
Risk Management:
Organize and execute annual risk control self-assessments
Establish and maintain open communication channels with stakeholders
Assist in the identification of potential risks and treatment
Become proficient in the operations of the ServiceNow IRM module
Provide input and guidance to teams on risk mitigation
Lead the effort in maintaining an accurate and comprehensive risk register
Compliance Management:
Create, update, and maintain Tech's policies, procedures, and standards
Assist in identification of appropriate IT General Controls (ITGC)
Help develop and validate control metrics
Lead internal audit processes for control validation
Assist with achieving and maintaining compliance with industry/business requirements
_ **
Requirements**_
Bachelor's degree in business, information technology, accounting, or a related field; or equivalent combination of education, training, and experience
Demonstrated experience performing IT security reviews, risk assessments, or audits
Strong understanding of key information security concepts and fundamentals
Experience in creating awareness of security practices across multiple technical teams
Knowledge of security frameworks and standards including NIST, PCI-DSS, ISO 27001, CIS Critical Security Controls, etc.
Ability to effectively communicate across a broad range of campus audiences
Exceptional organizational and time-management skills Preferred Qualifications
Advanced degree in a related field
Professional certification such as CISA, CISM, CRISC, or CISSP
Experience performing security assessment of SaaS services
Knowledgeable of relevant compliance regulations (e.g. FERPA, GLBA)
Experience with GRC and Information security tools/technologies to collect and maintain security and risk information
Experience with automation using common scripting tools (e.g. Python, PowerShell, Bash, etc.)
Experience with GRC tools such as ServiceNow, OneTrust, Lockpath, etc. is beneficial
Experience with data analysis and manipulation
Experience managing IT security risk or compliance in a higher education setting