George Washington University Senior Risk and Compliance Analyst in Washington, District Of Columbia

I. JOB OVERVIEW

Job Description Summary

The Division of Information Technology (it.gwu.edu) is the chief provider of technology infrastructure, services and applications at GW. The Division partners with stakeholders across GW to equip students, staff and faculty with the technology know-how and tools necessary to achieve academic excellence.

The Senior Risk and Compliance Analyst reports to the AVP, Information Security and Compliance Services within the Division of Information Technology. This position is responsible for:

  • Serves as the subject matter expert for IT-related compliance requirements impacting the university and specifically the Division of IT. Collaborates compliance activities with all relevant stakeholders including school leadership, administration, and IT.

  • Analyzing George Washington University’s information security policies, processes and IT security controls against higher education, government, and regulatory compliance standards such as FERPA, HIPAA, FISMA, PCI- DSS, by identifying gaps in compliance, helping craft remediation plans, and assisting in maintenance of the risk register dashboard.

  • Orchestrating appropriate remediation plans with university stakeholders and identifying gaps within compliance.

  • Collaborating with university IT stakeholders to manage the security risk assessment program. The assessment program includes vulnerability testing, documentation of findings, remediation and approval process before a system can become production.

  • Contributing in departmental meetings to keep apprised of current IT initiatives.

  • Engaging the Office of the Senior Vice President and General Counsel, University Compliance, and the Privacy Office to contribute to current university compliance initiatives.

  • Delivering updates to the Department of IT and other University stakeholders on Risk and Compliance team initiatives.

  • Reinforces and launches security awareness training and messaging to the University community.

  • Systemizing both internal and external IT audit engagements by providing required artifacts and incorporates into a risk register of findings.

  • The incumbent may perform other related duties as assigned. The omission of specific duties does not preclude the supervisor from assigning duties that are logically related to the position.

The incumbent will be based at the Virginia Science & Technology Campus in Ashburn, VA but must be willing to travel occasionally to GW’s Foggy Bottom campus in Washington, DC.

Minimum Qualifications

Qualified candidates will hold a Bachelor’s degree in an appropriate area of specialization plus 5 years of relevant professional experience, or, a Master’s degree or higher in a relevant area of study plus 3 years of relevant professional experience. Degree must be conferred by the start date of the position. Degree requirements may be substituted with an equivalent combination of education, training and experience.

Preferred Qualifications
  • BS degree in a technical discipline or business area

  • Relevant IT risk management experience

  • Experience collaborating with a diverse group of security professionals across many different security disciplines (application security, forensics, incident response, security engineering, etc.)

  • CISSP or GSEC certification is highly preferred

  • CISM, CISA, CRISC, certifications desirable

  • Strong understanding of IT risk management and information security management topics

  • Experience with and knowledge of FERPA, NIST 800-53, NIST 800-171, NIST 800-66, ISO27001, HIPAA, PCI- DSS, and GDPR

  • Requires excellent written and oral communication skills. The Senior Risk and Compliance Analyst will need to effectively address varied audiences (technical, senior management, students, faculty, and staff) to explain initiatives and gain consensus.

  • Requires strong project management skills and the ability to complete projects within specified timelines.

  • Knowledge able in operational security areas, such as, perimeter defenses , access control, incident response, vulnerability assessments, and other information security concepts.

  • Knowledgeable in networking, TCP/IP communications and the OSI model.

  • Knowledgeable in using core business applications, such as, MS Office suite and Windows OS.

  • Strong, creative problem solving and analytical thinking.

  • Willing to accept new challenges and learn in new area.

  • Flexibility and responsive to changing situations; adaptable.

  • Self-starter and takes initiative

II. JOB DETAILS

Position Designation

Essential: Employees who perform functions that have been deemed essential to maintaining business or academic operations. Employees are generally expected to work from home during an event and may be asked to physically report to work.

Required Background Check

Criminal History Screening, Education/Degree/Certifications Verification, Social Security Number Trace, and Sex Offender Registry Search

EEO Statement

The university is an Equal Employment Opportunity/Affirmative Action employer that does not unlawfully discriminate in any of its programs or activities on the basis of race, color, religion, sex, national origin, age, disability, veteran status, sexual orientation, gender identity or expression, or on any other basis prohibited by applicable law.

Campus Location: Ashburn, Virginia

College/School/Department: Division of IT

Family: Compliance

Sub-Family: Audit and Compliance

Stream: Individual Contributor

Level: Level 3

Full-Time/Part-Time: Full-Time

Hours Per Week: 40

Work Schedule: Monday-Friday

Telework: No

Internal Applicants Only?: No

Posting Number: S007125

Job Open Date: 04/06/2018

Background Screening: Successful Completion of a Background Screening will be required as a condition of hire.