GRC Analyst (#01171)

Information Technology Services, Inc.   Norfolk, VA   Full-time     Information Services / Technology (IT)
Posted on March 17, 2024
Apply Now

Information Technology Services (ITS) at Old Dominion University is seeking a full-time GRC Analyst to serve on the University’s central IT and research support team which is responsible for protecting information and information systems from unauthorized access or use. The GRC Analyst will also be responsible for identifying risks and vulnerabilities within University data, systems, and services and informing the Senior GRC Analyst and security team. This position supports the mission of Information Technology Services and is a strategic part of Old Dominion University.

Required Qualifications include:

  • Considerable understanding of systems, its concept of use and architectures, and demonstrated ability to provide an accurate assessment of product security in terms of possible threats and potential avenues of attack.
  • Thorough knowledge of IT Security tools, such as vulnerability scanning, patching tools, and GRC tools.
  • Working knowledge of NIST, CIS, HIPAA, GLBA, PCI, FERPA and other security-related industry standard frameworks and compliance.
  • Some knowledge of technical safeguards and ITS operational IT security and GRC measures.
  • Some knowledge and ability to identify and support engineering activities in a secure research environment.
  • Some competencies in vulnerability management, threat intelligence, insider threats and attacker TTPS. 
  • Strong problem solving and analytical skills.
  • Demonstrated ability to determine applicability of IA vulnerability alerts or bulletins to assets.
  • Demonstrated ability to validate security posture of assets such as servers and network devices, using security technical information guides and security requirement guides, endpoint management tools, SIEM or audit logging and response.
  • Demonstrated ability to work on a team.
  • Demonstrated ability to plan work and set priorities.
  • Demonstrated ability to understand and report on program status and support the implementation of key security practices that support the overall University’s research mission and University strategies.
  • Ability to work with both legacy and emerging solutions to assess and manage business risk with controls.

Additional Considerations include:

  • Working exposure to cloud providers (AWS, GCP, Azure) and security configuration and management. 
  • Working experience in supporting and taking responsibility for accreditation/product security assurance activities for key systems.
  • Working experience in identifying and executing security controls for key systems. 
  • Working knowledge of technical safeguards and ITS operational IT security and GRC measures.
  • Security+ certification preferred 

Position opens on March 18, 2024. To review required knowledge, skills, and abilities for this position and to submit an application, please visit AA/EOE