Job Description:

Information Compliance and Risk Analyst

Brown University

The Information Compliance and Risk Analyst is a member of Brown University’s Information Security Group within the Office of Information Technology (OIT). Under the leadership of the Lead Information Compliance and Risk Analyst, they play a critical role in assisting with the assessment, management, and tracking of Brown’s IT compliance and risk.

This position performs hands-on risk assessments of contracts, software associated with research proposals, and data use agreements. They will be in frequent contact with contract owners, researchers, and other representatives from many University departments. This position often interacts with outside vendors.

They are a member of the Information Security Incident Response Team (ISIRT) and participate in security incident response activities and investigations as required. They may be called upon outside regular business hours in the event of a cyber incident.

Job Qualifications

Education and Experience

• Bachelor’s degree preferred

• 2 - 4 years of related experience

• Experience with vulnerability and risk assessment

• Experience performing security assessments of network infrastructure, hosts, and applications

• Experience with data governance practices, business and technology issues related to management of enterprise information assets, and approaches related to data protection

• Ability to apply logical and technical concepts to identify and define problems, collect data, establish facts, and draw valid conclusions

• Ability to engage with service owners to understand departmental business functions. Leverage that knowledge to help ensure we have appropriate compliance documentation, are on task to complete outstanding compliance action items, and able to describe our compliance metrics to those outside OIT

• Ability to understand business unit needs and commitment to delivering high-quality, prompt, and efficient service to the business

• Ability to deal appropriately with problems involving several variables in complex situations under stress and time constraints

• Excellent report writing and communication; ability to communicate technical issues to a wide variety of audiences

• Possesses a willingness and ability to support a diverse and inclusive environment

Desired:

• Experience with Computer Incident Response Team (CIRT)

• Working knowledge of information security, compliance, and privacy standards and best practices (e.g. NIST 800-171/53, CMMC) as well as regulations related to information security and data confidentiality (e.g. FERPA, HIPAA, PCI, GDPR, FISMA)

• Applicable security certifications (e.g. CISSP, CRCM, CIPP, CCEP)

• A strong understanding of data classification, data privacy regulations, ability to interpret and understand third party data terms of use and data life management. Familiarity with establishing and enforcing overall IT, data and privacy policies, standards and practices.

• An eagerness to constantly learn

Successful completion of a criminal background check and education verification is required.

Recruiting Start Date:

2023-09-11

Job Posting Title:

Information Compliance and Risk Analyst

Department:

Office of Information Technology

Grade:

Grade 10

Worker Type:

Employee

Worker Sub-Type:

Regular

Time Type:

Full time

Scheduled Weekly Hours:

37.5

Position Work Location:

Remote Eligible

Submission Guidelines:

Please note that in order to be considered an applicant for any staff position at Brown University you must submit an application form for each position for which you believe you are qualified. Applications are not kept on file for future positions. Please include a cover letter and resume with each position application.

Still Have Questions?

If you have any questions you may contact employment@brown.edu.

EEO Statement:

Brown University is an E-Verify Employer.

As an EEO/AA employer, Brown University provides equal opportunity and prohibits discrimination, harassment and retaliation based upon a person’s race, color, religion, sex, age, national or ethnic origin, disability, veteran status, sexual orientation, gender identity, gender expression, or any other characteristic protected under applicable law, and caste, which is protected by our University policies.