Overview
USD 78,000.00 - 95,000.00 per year
Full Time
Skills
IT Security Assessment
Inventory
Software Security
Documentation
IT Risk
IT Service Management
Disaster Recovery
Information Technology
Accounting
Training
Risk Assessment
Auditing
PCI DSS
ISO/IEC 27001:2005
Security Controls
Cyber Security
CISA
CISM
ISACA
CISSP
Security Analysis
SaaS
Gramm-Leach-Bliley Act
SAP GRC
Information Security
Scripting
Python
Windows PowerShell
Bash
Data Analysis
Management
IT Security
Regulatory Compliance
Higher Education
Innovation
Science
Research
Professional Development
Military
SAP BASIS
Law
Human Resources
Job Details
Job Description
Under the guidance of the Associate Director of Risk and Compliance, the IT Risk and Compliance Analyst will carry out IT security assessment activities including IT risk assessments and security reviews for university departments, as well as evaluations of third-party technology solutions, to ensure alignment with university policies, standards, and external compliance regulations wherever applicable. Assessment activities may include a wide variety of tasks depending on the scope of the review and the IT capabilities within university departments (e.g. developing asset inventory, assessing endpoint and application security controls and configurations, examining procedures, etc.)
The analyst will be expected to make contributions to the creation and maintenance of documentation/procedures in support of the IT Risk and Compliance program, and should identify opportunities for leveraging automation to support data consistency and process efficiencies within the program and as it relates to other university IT services. The analyst may provide training and outreach to the university community as needed and may also be called upon to coordinate updates for the IT Continuity of Operations plan and to assist units within the Division of Information Technology as they conduct disaster recovery planning or on other security-related initiatives as requested.
Please note: Sponsorship is not available for this position.
Required Qualifications
Master's degree in business, information technology, accounting, or a related field; or equivalent combination of education, training, and experience
Demonstrated experience performing IT security reviews, risk assessments, or audits
Strong understanding of key information security concepts and fundamentals
Experience in creating awareness of security practices across multiple technical teams
Knowledge of security frameworks and standards including NIST, PCI-DSS, ISO 27001, CIS Critical Security Controls, NIST Cybersecurity Framework (NIST CSF), etc.
Ability to effectively communicate across a broad range of campus audiences
Exceptional organizational and time-management skills
Preferred Qualifications
Professional certification such as CISA, CISM, CRISC, or CISSP
Experience performing security assessment of SaaS services
Knowledgeable of relevant compliance regulations (e.g. FERPA, GLBA)
Experience with GRC and Information security tools/technologies to collect and maintain security and risk information
Experience with automation using common scripting tools (e.g. Python, PowerShell, Bash, etc.)
Experience with data analysis and manipulation
Experience managing IT security risk or compliance in a higher education setting
Overtime Status
Exempt: Not eligible for overtime
Appointment Type
Regular
Salary Information
$78,000 - $95,000
Hours per week
40
Review Date
7/7/2025
Additional Information
The successful candidate will be required to have a criminal conviction check.
About Virginia Tech
Dedicated to its motto, Ut Prosim (That I May Serve), Virginia Tech pushes the boundaries of knowledge by taking a hands-on, transdisciplinary approach to preparing scholars to be leaders and problem-solvers. A comprehensive land-grant institution that enhances the quality of life in Virginia and throughout the world, Virginia Tech is an inclusive community dedicated to knowledge, discovery, and creativity. The university offers more than 280 majors to a diverse enrollment of more than 36,000 undergraduate, graduate, and professional students in eight undergraduate colleges , a school of medicine , a veterinary medicine college, Graduate School , and Honors College . The university has a significant presence across Virginia, including the Innovation Campus in Northern Virginia; the Health Sciences and Technology Campus in Roanoke; sites in Newport News and Richmond; and numerous Extension offices and research centers . A leading global research institution, Virginia Tech conducts more than $500 million in research annually.
Virginia Tech endorses and encourages participation in professional development opportunities and university shared governance . These valuable contributions to university shared governance provide important representation and perspective, along with opportunities for unique and impactful professional development.
Virginia Tech does not discriminate against employees, students, or applicants on the basis of age, color, disability, sex (including pregnancy), gender, gender identity, gender expression, genetic information, ethnicity or national origin, political affiliation, race, religion, sexual orientation, or military status, or otherwise discriminate against employees or applicants who inquire about, discuss, or disclose their compensation or the compensation of other employees or applicants, or on any other basis protected by law.
If you are an individual with a disability and desire an accommodation, please contact IT Human Resourcesat during regular business hours at least 10 business days prior to the event.
Under the guidance of the Associate Director of Risk and Compliance, the IT Risk and Compliance Analyst will carry out IT security assessment activities including IT risk assessments and security reviews for university departments, as well as evaluations of third-party technology solutions, to ensure alignment with university policies, standards, and external compliance regulations wherever applicable. Assessment activities may include a wide variety of tasks depending on the scope of the review and the IT capabilities within university departments (e.g. developing asset inventory, assessing endpoint and application security controls and configurations, examining procedures, etc.)
The analyst will be expected to make contributions to the creation and maintenance of documentation/procedures in support of the IT Risk and Compliance program, and should identify opportunities for leveraging automation to support data consistency and process efficiencies within the program and as it relates to other university IT services. The analyst may provide training and outreach to the university community as needed and may also be called upon to coordinate updates for the IT Continuity of Operations plan and to assist units within the Division of Information Technology as they conduct disaster recovery planning or on other security-related initiatives as requested.
Please note: Sponsorship is not available for this position.
Required Qualifications
Master's degree in business, information technology, accounting, or a related field; or equivalent combination of education, training, and experience
Demonstrated experience performing IT security reviews, risk assessments, or audits
Strong understanding of key information security concepts and fundamentals
Experience in creating awareness of security practices across multiple technical teams
Knowledge of security frameworks and standards including NIST, PCI-DSS, ISO 27001, CIS Critical Security Controls, NIST Cybersecurity Framework (NIST CSF), etc.
Ability to effectively communicate across a broad range of campus audiences
Exceptional organizational and time-management skills
Preferred Qualifications
Professional certification such as CISA, CISM, CRISC, or CISSP
Experience performing security assessment of SaaS services
Knowledgeable of relevant compliance regulations (e.g. FERPA, GLBA)
Experience with GRC and Information security tools/technologies to collect and maintain security and risk information
Experience with automation using common scripting tools (e.g. Python, PowerShell, Bash, etc.)
Experience with data analysis and manipulation
Experience managing IT security risk or compliance in a higher education setting
Overtime Status
Exempt: Not eligible for overtime
Appointment Type
Regular
Salary Information
$78,000 - $95,000
Hours per week
40
Review Date
7/7/2025
Additional Information
The successful candidate will be required to have a criminal conviction check.
About Virginia Tech
Dedicated to its motto, Ut Prosim (That I May Serve), Virginia Tech pushes the boundaries of knowledge by taking a hands-on, transdisciplinary approach to preparing scholars to be leaders and problem-solvers. A comprehensive land-grant institution that enhances the quality of life in Virginia and throughout the world, Virginia Tech is an inclusive community dedicated to knowledge, discovery, and creativity. The university offers more than 280 majors to a diverse enrollment of more than 36,000 undergraduate, graduate, and professional students in eight undergraduate colleges , a school of medicine , a veterinary medicine college, Graduate School , and Honors College . The university has a significant presence across Virginia, including the Innovation Campus in Northern Virginia; the Health Sciences and Technology Campus in Roanoke; sites in Newport News and Richmond; and numerous Extension offices and research centers . A leading global research institution, Virginia Tech conducts more than $500 million in research annually.
Virginia Tech endorses and encourages participation in professional development opportunities and university shared governance . These valuable contributions to university shared governance provide important representation and perspective, along with opportunities for unique and impactful professional development.
Virginia Tech does not discriminate against employees, students, or applicants on the basis of age, color, disability, sex (including pregnancy), gender, gender identity, gender expression, genetic information, ethnicity or national origin, political affiliation, race, religion, sexual orientation, or military status, or otherwise discriminate against employees or applicants who inquire about, discuss, or disclose their compensation or the compensation of other employees or applicants, or on any other basis protected by law.
If you are an individual with a disability and desire an accommodation, please contact IT Human Resourcesat during regular business hours at least 10 business days prior to the event.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.