Information Compliance and Risk Analyst
The Information Compliance and Risk Analyst is a member of Brown University’s Information Security Group within the Office of Information Technology (OIT). Under the leadership of the Lead Information Compliance and Risk Analyst, they play a critical role in assisting with the assessment, management, and tracking of Brown’s IT compliance and risk.
This position performs hands-on risk assessments of contracts, software associated with research proposals, and data use agreements. They will be in frequent contact with contract owners, researchers, and other representatives from many University departments. This position often interacts with outside vendors.
They are a member of the Information Security Incident Response Team (ISIRT) and participate in security incident response activities and investigations as required. They may be called upon outside regular business hours in the event of a cyber incident.
Education and Experience
Bachelor’s degree preferred
2 - 4 years of related experience
Experience with vulnerability and risk assessment
Experience performing security assessments of network infrastructure, hosts, and applications
Experience with data governance practices, business and technology issues related to management of enterprise information assets, and approaches related to data protection
Ability to apply logical and technical concepts to identify and define problems, collect data, establish facts, and draw valid conclusions
Ability to engage with service owners to understand departmental business functions. Leverage that knowledge to help ensure we have appropriate compliance documentation, are on task to complete outstanding compliance action items, and able to describe our compliance metrics to those outside OIT
Ability to understand business unit needs and commitment to delivering high-quality, prompt, and efficient service to the business
Ability to deal appropriately with problems involving several variables in complex situations under stress and time constraints
Excellent report writing and communication; ability to communicate technical issues to a wide variety of audiences
Possesses a willingness and ability to support a diverse and inclusive environment
Experience with Computer Incident Response Team (CIRT)
Working knowledge of information security, compliance, and privacy standards and best practices (e.g. NIST 800-171/53, CMMC) as well as regulations related to information security and data confidentiality (e.g. FERPA, HIPAA, PCI, GDPR, FISMA)
Applicable security certifications (e.g. CISSP, CRCM, CIPP, CCEP)
An eagerness to constantly learn
Successful completion of a criminal background check and education verification is required.Recruiting Start Date:
2023-09-11Job Posting Title:
Information Compliance and Risk AnalystDepartment:
Office of Information TechnologyGrade:
Grade 10Worker Type:
Full timeScheduled Weekly Hours:
Position Work Location:
Remote EligibleSubmission Guidelines:
Please note that in order to be considered an applicant for any staff position at Brown University you must submit an application form for each position for which you believe you are qualified. Applications are not kept on file for future positions. Please include a cover letter and resume with each position application.Still Have Questions?
If you have any questions you may contact firstname.lastname@example.org
Brown University is an E-Verify Employer.As an EEO/AA employer
, Brown University provides equal opportunity and prohibits discrimination, harassment and retaliation based upon a person’s race, color, religion, sex, age, national or ethnic origin, disability, veteran status, sexual orientation, gender identity, gender expression, or any other characteristic protected under applicable law, and caste, which is protected by our University policies.