IT Security Risk and Compliance Analyst

Job Description

Under the guidance of the Associate Director of Risk and Compliance, the IT Risk and Compliance Analyst will carry out IT security assessment activities including IT risk assessments and security reviews for university departments, as well as evaluations of third-party technology solutions, to ensure alignment with university policies, standards, and external compliance regulations wherever applicable. Assessment activities may include a wide variety of tasks depending on the scope of the review and the IT capabilities within university departments (e.g. developing asset inventory, assessing endpoint and application security controls and configurations, examining procedures, etc.)

The analyst will be expected to make contributions to the creation and maintenance of documentation/procedures in support of the IT Risk and Compliance program, and should identify opportunities for leveraging automation to support data consistency and process efficiencies within the program and as it relates to other university IT services. The analyst may provide training and outreach to the university community as needed and may also be called upon to coordinate updates for the IT Continuity of Operations plan and to assist units within the Division of Information Technology as they conduct disaster recovery planning or on other security-related initiatives as requested.

Please note: Sponsorship is not available for this position. 

Required Qualifications

• Master's degree in business, information technology, accounting, or a related field; or equivalent combination of education, training, and experience
• Demonstrated experience performing IT security reviews, risk assessments, or audits
• Strong understanding of key information security concepts and fundamentals
• Experience in creating awareness of security practices across multiple technical teams
• Knowledge of security frameworks and standards including NIST, PCI-DSS, ISO 27001, CIS Critical Security Controls, NIST Cybersecurity Framework (NIST CSF), etc.
• Ability to effectively communicate across a broad range of campus audiences
• Exceptional organizational and time-management skills

Preferred Qualifications

• Professional certification such as CISA, CISM, CRISC, or CISSP
• Experience performing security assessment of SaaS services
• Knowledgeable of relevant compliance regulations (e.g. FERPA, GLBA)
• Experience with GRC and Information security tools/technologies to collect and maintain security and risk information
• Experience with automation using common scripting tools (e.g. Python, PowerShell, Bash, etc.)
• Experience with data analysis and manipulation
• Experience managing IT security risk or compliance in a higher education setting

Overtime Status

Exempt: Not eligible for overtime

Appointment Type

Regular

Salary Information

$78,000 – $95,000

Hours per week

40

Review Date

7/7/2025

Additional Information

The successful candidate will be required to have a criminal conviction check.

About Virginia Tech

Dedicated to its motto, Ut Prosim (That I May Serve), Virginia Tech pushes the boundaries of knowledge by taking a hands-on, transdisciplinary approach to preparing scholars to be leaders and problem-solvers. A comprehensive land-grant institution that enhances the quality of life in Virginia and throughout the world, Virginia Tech is an inclusive community dedicated to knowledge, discovery, and creativity. The university offers more than 280 majors to a diverse enrollment of more than 36,000 undergraduate, graduate, and professional students in eight undergraduate colleges, a school of medicine, a veterinary medicine college, Graduate School, and Honors College. The university has a significant presence across Virginia, including the Innovation Campus in Northern Virginia; the Health Sciences and Technology Campus in Roanoke; sites in Newport News and Richmond; and numerous Extension offices and research centers. A leading global research institution, Virginia Tech conducts more than $500 million in research annually.

Virginia Tech endorses and encourages participation in professional development opportunities and university shared governance.  These valuable contributions to university shared governance provide important representation and perspective, along with opportunities for unique and impactful professional development.