Information Security Risk & Compliance Manager
Posting DetailsPosition Information Position Number014405Functional TitleInformation Security Risk & Compliance ManagerPosition TypeStaffPosition EclassEP - EHRA 12 mo leave earningUniversity Information
UNC Greensboro, located in the Piedmont Triad region of North Carolina, is a higher-research activity university as classified by the Carnegie Foundation. Founded in 1891 and one of the original three UNC system institutions, UNCG is one of the most diverse universities in the state with nearly 20,000 students and over 2,700 faculty and staff members representing more than 90 nationalities. With 17 Division I athletic teams, 85 undergraduate degrees in over 100 areas of study, as well as 74 master’s and 32 doctoral programs, UNCG is consistently recognized nationally among the top universities for academic excellence and value, with noted strengths in health and wellness, visual and performing arts, nursing, education, and more. For additional information, please visit uncg.edu and follow UNCG on Facebook, Twitter and Instagram.Primary Purpose of the Organizational Unit
The Information Security Office is a subset within the Information Technology Services (ITS) division that is charged with providing active information security assessment, risk analysis, incident management, information security controls, education, and guidance for the protection of UNCG’s information assets and information technology environment. The overall objective is to protect and preserve the confidentiality, integrity and availability of information and information resources for teaching and learning, research, service, and the conduct of university business.Position Summary
The Risk & Compliance Manager will create, manage, and administer the Information Security Risk Management policies, standards, processes, procedures, and tools that apply to all technologies, processes, and systems used by all University business and academic units. The Manager will assess risk across the institution in a regular manner and seek to identify and promote opportunities to reduce risk while helping the university stay in compliance with applicable policy and regulatory influences.Minimum Qualifications
Mid to late career with Masters and 2 to 4 yrs experience; Bachelors and 3 to 5 yrs experience; or equivalent education and experience.
• Demonstrated experience with ITIL, COBIT, ISO/IEC and/or other common IT governance frameworks
• Excellent interpersonal and written communication skills
• CISA, CISM, CGEIT, CRISC, CISSP, or similar industry certification
• 10+ years of experience in Information Technology positions
• 5+ years of focused experience in Risk Management and IT controls audits
Applicants have the option to provide the names, email addresses, and phone numbers of four (4) contacts to provide Letters of Recommendation, in the References section of the electronic application. These contacts will be solicited by the SpartanTalent system via email, and asked to provide a confidential Letter of Recommendation on behalf of the applicant. This will occur after the candidate is approved by the Affirmative Action/Equal Employment Opportunity team for interview.
Applicants are required to upload the following documents with their electronic application:
- Cover Letter
- List of References
Applicants are required to upload a list of references of at least three (3) professional references that includes:
- Company Name
- Type of reference (Professional, Supervisor, Colleague, Academic or Personal). One (1) of those references will need to be a current or previous supervisor.
- Email Address
- Contact Phone Number
Applications are not successfully submitted until an online confirmation number has been received at the end of the application process.Recruitment RangeSalary commensurate with experienceOrg #-DepartmentInformation Technology Services - 23101Job Open Date06/19/2019For Best Consideration Date06/28/2019Job Close DateOpen Until FilledYesFTE1.000Type of AppointmentPermanentIf time-limited, please specify end date for appointment.Number of Months per Year12FLSAExemptKey Responsibilities Key Responsibilities Percentage Of Time30Key Responsibility
Risk AssessmentEssential Tasks
Perform information security risk assessments, IT controls audits, and compliance assessments to identify weaknesses and risks that jeopardize the safety, security, or compliance posture of University systems and information resources.Key Responsibilities Percentage Of Time30Key Responsibility
Risk/Compliance Auditing and DocumentationEssential Tasks
Identify, catalog, analyze, and score risks according to a standard methodology using standardize tools. Administer compliance frameworks and associated tools necessary to generate compliance reports and audit artifacts.Key Responsibilities Percentage Of Time20Key Responsibility
Identify and promote opportunities to reduce risk while helping the university stay in complianceEssential Tasks
Help system owners and stakeholders to reduce information security risks and achieve required compliance postures through systematic application of risk mitigation controls, compensation activities, and remediation efforts.Key Responsibilities Percentage Of Time10Key Responsibility
Risk and Compliance ReportingEssential Tasks
Provide structured risk and compliance reporting to senior leadership at department, division, and institution-wide tiers. Maintain relationships with IRM and key stakeholders.Key Responsibilities Percentage Of Time10Key Responsibility
Maintain and improve policies, procedures, standards, and other documentationEssential Tasks
Maintain and improve policies, procedures, standards, and other documentation related to risk management, IT controls, and compliance.ADA Checklist ADA Checklist
R for Rare (0-30%), O for Occasional (30-60%), F for Frequent (60-90%), C for Constant (90-100%).Physical EffortHand Movement-Repetitive Motions - F, Reading - F, Writing - F, Hearing - F, Talking - F, Sitting - FWork EnvironmentInside - CApplicant DocumentsRequired Documents
- Cover Letter
- List of References
- Reference Letter 1
- Reference Letter 2
Required fields are indicated with an asterisk (*).
- * Please indicate how you learned of this vacant position for which you are applying:
- NCAA Arts
- Arts Council of the African Studies Association
- Professional Job Board
- Social Media
- UNCGjobsearch website
- If you selected "Other", please provide the name of the resource here.
(Open Ended Question)
- * Are you eligible to work in the United States without sponsorship?