Risk & Compliance Analyst
Job Description Summary:
I. JOB OVERVIEW
The Division of Information Technology (it.gwu.edu) is the chief provider of technology infrastructure, services and applications at GW. The Division partners with stakeholders across GW to equip students, staff and faculty with the technology know-how and tools necessary to achieve academic excellence. Reporting to the Assistant Vice President, Information Security and Compliance Services, the Risk & Compliance Analyst works within the Division's Information Security & Compliance Services department.
The Risk & Compliance Analyst is responsible for:
- working with internal and external stakeholders across GW to improve processes, mitigate risks, and remediate vulnerabilities.
- working closely with the security operations team, application security team, and system owners to coordinate, track and remediate known vulnerabilities.
- supporting security processes by reviewing scans all critical assets, performing ticketing, remediation, and follow-up on all reported critical/high vulnerabilities. The Analyst is not responsible for administering systems or architecting security solutions.
- requesting the deployment of additional scanners and other resources as needed.
- supporting the Division of IT Risk Management Standard and application security program.
- working with selected vendors as a liaison with stakeholders throughout the University to identify and mitigate risks.
- serving as a security consultant for new and existing GW projects.
- supporting all areas of the risk and compliance portfolio, including security awareness, PCI compliance, and research compliance by writing reports, communicating with stakeholders, and collaborating with the security operations team.
The incumbent may be based on either GW's Foggy Bottom campus in Washington, DC or in its Virginia Science & Technology Campus in Ashburn, VA. The incumbent may perform other related duties as assigned. The omission of specific duties does not preclude the supervisor from assigning duties that are logically related to the position.Minimum Qualifications:
Qualified candidates will hold a Bachelor's degree in an appropriate area of specialization plus 2 years of relevant professional experience, or, a Master's degree or higher in a relevant area of study. Degree must be conferred by the start date of the position. Degree requirements may be substituted with an equivalent combination of education, training and experience.Additional Required Licenses/Certifications/Posting Specific Minimum Qualifications: Preferred Qualifications:
- Ability to demonstrate strong knowledge of computer security concepts.
- Strong communication and presentation skills to accurately represent and convey information to end users, technical support and management roles. Able to host and facilitate meetings attended by IT leaders, local support providers, and IT staff. Must be able to translate technical details into higher level reports for management. Must be able to build strong, trust-based relationships with IT personnel and departments across GW.
- Specialized experience or knowledge is preferred in vulnerability management and vulnerability remediation guidance in these areas:
- Perimeter security and access controls
- Secure Network architecture and design
- Windows, Windows Active Directory
- Cisco devices
- Application Security
- Cloud security
- NIST Special Publication 800-53
- Prior hands on experience with Tenable/Nessus/Security Center is a plus
- Being able to take ownership of assigned projects and take a lead on working with different GW teams.
- Ability to identify gaps and deficiencies in processes and procedures and recommend corrective actions.
- Ability to multitask as well as manage competing and conflicting priorities.
- Detail oriented and ability to maintain composure in challenging situations.
II. JOB DETAILS
Campus Location: Ashburn, Virginia College/School/Department: Division of IT Family Compliance Sub-Family Audit and Compliance Stream Individual Contributor Level Level 2 Full-Time/Part-Time: Full-Time Hours Per Week: 40 Work Schedule: Monday - Friday Position Designation: Essential: Employees who perform functions that have been deemed essential to maintaining business or academic operations. Employees are generally expected to work from home during an event and may be asked to physically report to work. Telework: No Required Background Check: Criminal History Screening, Education/Degree/Certifications Verification, Social Security Number Trace, and Sex Offender Registry Search Special Instructions to Applicants:
Employer will not sponsor for employment Visa statusInternal Applicants Only? No Posting Number: S007312 Job Open Date: 06/07/2018 Job Close Date: 06/15/2018 If temporary, grant funded or limited term appointment, position funded until: Background Screening Successful Completion of a Background Screening will be required as a condition of hire. EEO Statement:
The university is an Equal Employment Opportunity/Affirmative Action employer that does not unlawfully discriminate in any of its programs or activities on the basis of race, color, religion, sex, national origin, age, disability, veteran status, sexual orientation, gender identity or expression, or on any other basis prohibited by applicable law.
Posting Specific Questions
Required fields are indicated with an asterisk (*).
- * Does the professional experience section of your resume include months?
- * What is your expected salary range?
(Open Ended Question)
- Cover Letter
Documents needed to Apply
- Cover Letter