Senior Risk and Compliance Analyst



I. JOB OVERVIEW

Job Description Summary:

The Division of Information Technology (it.gwu.edu) is the chief provider of technology infrastructure, services and applications at GW. The Division partners with stakeholders across GW to equip students, staff and faculty with the technology know-how and tools necessary to achieve academic excellence.

The Senior Risk and Compliance Analyst reports to the AVP, Information Security and Compliance Services within the Division of Information Technology. This position is responsible for:

• Serves as the subject matter expert for IT-related compliance requirements impacting the university and specifically the Division of IT. Collaborates compliance activities with all relevant stakeholders including school leadership, administration, and IT.
•Analyzing George Washington University's information security policies, processes and IT security controls against higher education, government, and regulatory compliance standards such as FERPA, HIPAA, FISMA, PCI- DSS, by identifying gaps in compliance, helping craft remediation plans, and assisting in maintenance of the risk register dashboard.
•Orchestrating appropriate remediation plans with university stakeholders and identifying gaps within compliance.
•Collaborating with university IT stakeholders to manage the security risk assessment program. The assessment program includes vulnerability testing, documentation of findings, remediation and approval process before a system can become production.
•Contributing in departmental meetings to keep apprised of current IT initiatives.
•Engaging the Office of the Senior Vice President and General Counsel, University Compliance, and the Privacy Office to contribute to current university compliance initiatives.
•Delivering updates to the Department of IT and other University stakeholders on Risk and Compliance team initiatives.
•Reinforces and launches security awareness training and messaging to the University community.
•Systemizing both internal and external IT audit engagements by providing required artifacts and incorporates into a risk register of findings.
•The incumbent may perform other related duties as assigned. The omission of specific duties does not preclude the supervisor from assigning duties that are logically related to the position.

The incumbent will be based at the Virginia Science & Technology Campus in Ashburn, VA but must be willing to travel occasionally to GW's Foggy Bottom campus in Washington, DC.

Minimum Qualifications:

Qualified candidates will hold a Bachelor's degree in an appropriate area of specialization plus 5 years of relevant professional experience, or, a Master's degree or higher in a relevant area of study plus 3 years of relevant professional experience. Degree must be conferred by the start date of the position. Degree requirements may be substituted with an equivalent combination of education, training and experience.

Additional Required Licenses/Certifications/Posting Specific Minimum Qualifications: Preferred Qualifications:

•BS degree in a technical discipline or business area
•Relevant IT risk management experience
•Experience collaborating with a diverse group of security professionals across many different security disciplines (application security, forensics, incident response, security engineering, etc.)
•CISSP or GSEC certification is highly preferred
•CISM, CISA, CRISC, certifications desirable

•Strong understanding of IT risk management and information security management topics
•Experience with and knowledge of FERPA, NIST 800-53, NIST 800-171, NIST 800-66, ISO27001, HIPAA, PCI- DSS, and GDPR

•Requires excellent written and oral communication skills. The Senior Risk and Compliance Analyst will need to effectively address varied audiences (technical, senior management, students, faculty, and staff) to explain initiatives and gain consensus.
•Requires strong project management skills and the ability to complete projects within specified timelines.
•Knowledge able in operational security areas, such as, perimeter defenses , access control, incident response, vulnerability assessments, and other information security concepts.
•Knowledgeable in networking, TCP/IP communications and the OSI model.
•Knowledgeable in using core business applications, such as, MS Office suite and Windows OS.
•Strong, creative problem solving and analytical thinking.
•Willing to accept new challenges and learn in new area.
•Flexibility and responsive to changing situations; adaptable.
•Self-starter and takes initiative


II. JOB DETAILS

Campus Location: Ashburn, Virginia College/School/Department: Division of IT Family Compliance Sub-Family Audit and Compliance Stream Individual Contributor Level Level 3 Full-Time/Part-Time: Full-Time Hours Per Week: 40 Work Schedule: Monday-Friday Position Designation: Essential: Employees who perform functions that have been deemed essential to maintaining business or academic operations. Employees are generally expected to work from home during an event and may be asked to physically report to work. Telework: No Required Background Check: Criminal History Screening, Education/Degree/Certifications Verification, Social Security Number Trace, and Sex Offender Registry Search Special Instructions to Applicants: Internal Applicants Only? No Posting Number: S007125 Job Open Date: 04/06/2018 Job Close Date: If temporary, grant funded or limited term appointment, position funded until: Background Screening Successful Completion of a Background Screening will be required as a condition of hire. EEO Statement:

The university is an Equal Employment Opportunity/Affirmative Action employer that does not unlawfully discriminate in any of its programs or activities on the basis of race, color, religion, sex, national origin, age, disability, veteran status, sexual orientation, gender identity or expression, or on any other basis prohibited by applicable law.


Posting Specific Questions
Required fields are indicated with an asterisk (*).
  1. * Does the professional experience section of your resume include months?
    • Yes
    • No
  2. * What is your expected salary range?
    (Open Ended Question)



Applicant Documents
Required Documents
  1. Resume
  2. Cover Letter
Optional Documents




    Documents needed to Apply
    Required Documents
    1. Resume
    2. Cover Letter
    Optional Documents

      PI102013521