This job has expired

Compliance Analyst

You need to sign in or create an account to save a job.
University of Colorado Denver l Anschutz Medical Campus

Office of Information Technology

Compliance Analyst

Position #002160 – Requisition #23627

* Applications are accepted electronically ONLY at *

The University of Colorado has a requirement for COVID-19 vaccinations and full completion thereof by 9/1/21 or upon start date.  Information regarding this requirement, and exemptions can be found at:



Exemptions vary by campus location/department.

Campus/Unit-Specific Exemptions:

    Anschutz Campus – Exemptions are allowed for medical or religious reasons.Denver Campus - Exemptions are allowed for medical, religious, or personal reasons.Consolidated/Central Services Administration – Will follow Anschutz policy on exemptions.
The University of Colorado Anschutz Medical Campus seeks individuals with demonstrated commitment to creating an inclusive learning and working environment. We value the ability to engage effectively with students, faculty and staff of diverse backgrounds.

The Office of Information Technology has an opening for a full-time University Staff (unclassified) Compliance Analyst position.

About the University of Colorado Anschutz Medical Campus

The University of Colorado Anschutz Medical Campus is a world-class medical destination at the forefront of transformative science, medicine, education and patient care. The campus encompasses the University of Colorado health professional schools, more than 60 centers and institutes, and two nationally ranked independent hospitals - UCHealth University of Colorado Hospital and Children's Hospital Colorado - that treat more than two million adult and pediatric patients each year. Innovative, interconnected and highly collaborative, the University of Colorado Anschutz Medical Campus delivers life-changing treatments, patient care and professional training and conducts world-renowned research fueled by over $650 million in research grants. For more information, visit

Why Work for OIT?

The Office of Information Technology works to advance the University mission by providing innovative technology solutions and services to the CU Denver | Anschutz Medical Campuses, their constituents and partners. Click here to find out more about the Office of Information Technology

The Office of Information Technology (OIT) officially formed in March of 2014 with the vision of becoming the primary organization that university constituents utilize to solve their information technology challenges. To meet this vision, it was clear that a culture that put our constituents at the center of our service offering was necessary. OIT began working to build a culture of six core values, Service, Professionalism, Leadership, Innovation, Community, and Excellence (SPLICE) through our focus on TEAM - Trust, Empower, Appreciate, and Motivate. In July of 2018, we launched a cohesive culture initiative targeting continued development, engagement, and alignment with our SPLICE values. 

Our culture of SPLICE includes creating a workplace in which everyone feels a sense of belonging. Our Culture Engagement Team has led the effort to ensure employees feel heard and valued. Employee engagement is further driven through our internal recognition program where employees can appreciate one another publicly, while linking it back to our SPLICE values. We continue to make significant investments in leadership and management training for our directors, managers, and individual contributors to ensure we are not only reinforcing our values through the organization, but living them as well.  Click here to find out more about OIT’s Culture are not only reinforcing our values through the organization, but living them as well.

We value our employees and strive to achieve work life balance, inclusivity, and a fun working environment. Click HERE to view testimonials from OIT Employees about why they enjoy working for OIT!

Nature of Work

The University of Colorado Denver and the Anschutz Medical Campus have a full-time university staff position opening for a Compliance Analyst. The Compliance Analyst role is responsible for providing leadership and guidance to our campus constituents for HIPAA, FERPA, and PCI regulations and compliance, as well as providing guidance in other areas where there are information security requirements. The primary location for this position is the Anschutz Medical Campus, but occasional travel to the CU Denver campus is required.

The Compliance Analyst works with IT support professionals, system trustees, stewards and custodians to ensure compliance at the unit and IT system level, as well as working with constituents to identify and remediate risks to university data and IT systems.  The position will examine and analyze information systems operations to identify opportunities for improvement and assess risks. Participate in audit planning and execution. Evaluate policies and procedures to ensure appropriate internal controls surrounding information systems are maintained. Develop strategies and provide recommendations on strengthening controls, mitigating risk, and implementing corrective actions. Document and report audit findings to managementMay assist with security, compliance and operational audits and ensure compliance with existing regulations as they relate to information systems.

Jobs in this career family develop, maintain, and support computer systems, software and networks.  Functions include enterprise operations, distributed computing, academic computing, research computing, computer hardware and software management, computer networking, telecommunications, systems development, database administration, server administration, website management, programming, desktop support, and help desk operations.

Professionals at the intermediate level are responsible for exercising discretion, analytical skill, personal accountability and responsibility in a wide range of areas including academic, administrative, managerial and student services functions. Work involves creating, integrating, applying and sharing knowledge directly related to a professional field. At the intermediate level, duties may be more limited in scope and are performed with guidance and direction from other professionals.

Supervision Received

The Compliance Analyst receives broad and general supervision that is in alignment with the Office of Information Technology’s strategic plan. The assigned work is multifaceted and technical. The successful candidate should be comfortable working in a matrix-management environment, as well as with traditional line and staff management.  The Analyst reports directly to the Risk and Compliance Team Manager.

Supervision Exercised

This position does not have direct supervisory responsibility, but may be asked at times to provide guidance and mentorship to IT Professionals.

Examples of Work Performed

The Compliance Analyst will continually update job knowledge by tracking and understanding emerging security threats, practices and standards; participating in educational/training opportunities; reading professional publications; mentoring and providing guidance to IT Professionals. Day to day tasks are as follows:

  • Provide leadership to research programs on campus when they are completing a Risk Analysis and System Security Plan documentation.
  • Assess risk and select appropriate security controls from a specific framework (eg NIST 800-53 or PCI DSS); help technical professionals understand the intent of a security control; evaluate control implementation to determine if it meets the control requirement.
  • Assess requirements needed to comply with university policies, and local, state, and federal laws related to information security.
  • Draft enterprise-level campus policies, standards and procedures; provide guidance to others on the content of their security and compliance documentation.
  • Review documentation such as data flow narratives, network diagrams, and architecture diagrams provided by technical teams, and articulate security requirements.
  • Third party vendor application and cloud service reviews.
  • Support OIT’s mission and elements of TEAM and SPLICE.
  • Determine innovative strategies to address risk at the University.

Minimum Requirements


  • Bachelor's degree or higher in Information Technology, Computer Science, Risk Management, or a related field

  • Work experience in the Information Technology or Compliance fields may be substituted for this educational experience on a year for year basis.

  • Minimum of 2 years’ experience working in the compliance or information technology fields
  • 1-2 years’ experience drafting policies, standards and procedures
  • 1-2 years’ experience working with security frameworks (eg, NIST, HITRUST. ISO) and/or system security plans (SSPs)
Preferred Qualifications

  • Experience with compliance/audit processes and methodologies
  • Experience with PICDSS
  • Strong technical background
  • Technical and compliance certifications (e.g. SANS GSEC, ISC2 CISSP, ISC2 HCISPP)
Knowledge, Skills, and Abilities

  • Knowledge and understanding of HIPAA security regulations and controls
  • Ability to work with consumers in highly consultative manner, understanding business needs and determining security requirements.
  • Self-starter who is able to balance working alone with more collaborative team efforts
  • Proven track record of execution--driving results and meeting timelines
  • Interested in lifelong learning
  • Experience handling multiple projects concurrently
  • Excellent organization and time management skills
  • Strong interpersonal communication and writing skills
Salary and Benefits:

The salary range (or hiring range) for this position has been established at $54,095 to $65,000.  

The salary of the finalist(s) selected for this role will be set based on a variety of factors, including but not limited to, internal equity, experience, education, specialty and training.

The above salary range (or hiring range) represents the University’s good faith and reasonable estimate of the range of possible compensation at the time of posting.

This position is not eligible for overtime compensation.

Your total compensation goes beyond the number on your paycheck. The University of Colorado provides generous leave, health plans and retirement contributions that add to your bottom line.


Total Compensation Calculator:


Conditions of Employment:

This position may require some occasional weekend and evening assignments as well as occasional availability during off-hours for participation in both scheduled and unscheduled activities.

This position is eligible for full-remote, hybrid, or on-site working locations. The work schedule will be based around core working hours in Colorado Mountain Time.

PLEASE NOTE: Candidates will be responsible for travel expenses related to the interview process and any relocation expenses, if applicable.

Parking expenses for employees are not covered by the university. To review parking options please visit the link below and select your appropriate campus:

Facilities Management Permit Parking

The University of Colorado has a requirement for COVID-19 vaccinations and full completion thereof by 9/1/21 or upon start date.  Information regarding this requirement, and exemptions can be found at:

Job Category: Information Technology
Primary Location: Denver
Schedule: Full-time
Posting Date: Nov 7, 2021
Unposting Date: Ongoing
You need to sign in or create an account to save a job.

Get job alerts

Create a job alert and receive personalized job recommendations straight to your inbox.

Create alert