IT Compliance Analyst OPEN Rank Professional Intermediate thru Senior
University of Colorado Anschutz Medical Campus
Application
Details
Posted: 07-Mar-24
Location: Aurora, Colorado
Type: Full Time
Salary: $61,232 - $84,000
Categories:
Other
Salary Details:
IT Professional
The starting salary range (or hiring range) for this position has been established as $61,232 – $65,000.
Senior IT Professional
The starting salary range (or hiring range) for this position has been established as $66,196 – $84,000.
Preferred Education:
4 Year Degree
Additional Information:
2 openings available.
Telecommuting is allowed.
Job Summary:
Does this describe you?
Have you spent at least a year in an IT-related role such as desktop support, system administration, network support, etc.? Do you enjoy coordinating the efforts of others to provide an outstanding service, put together a successful event, etc.? Do you enjoy doing research and summarizing your findings into easy-to-understand guidance or analysis? Would you like to work with a group of energetic and dedicated individuals who are excited about information security and IT compliance? If you think this describes you, we want to know more about YOU! We are hiring two positions to conduct risk assessments and compliance monitoring.
Assessing vendors, partners and other third parties to determine the level of IT security and compliance risk posed. Maintain detailed documentation of the progress and results of those assessments.
Be primarily responsible for day-to-day tasks associated with one or more of the services provided by the department (application assessments, data access requests, PCI compliance, terminating account access, etc.) Contribute to developing and maintaining process documentation and assist in training new staff. The complexity of job duties will increase over time as knowledge and experience is gained.
Conduct assessments of technology provisioned by vendors, partners and other third parties to determine the level of IT security and compliance risk posed. Maintain detailed documentation of the progress and results of those assessments.
Train compliance analysts on operational procedures.
Collaborate with departments to implement corrective action plans.
Help monitor compliance with established policies, procedures, standards, and guidelines and assist with the investigation of any instances of non-compliance.
Develop and maintain an up-to-date knowledge of applicable laws, regulations and industry standards related to IT compliance.
Assist in communicating IT compliance policies, procedures, standards, etc. to relevant stakeholders.
Work Location:
Hybrid/Remote - This position is eligible for a hybrid work environment. ISIC strives for a high-flex work environment, meaning although this role can predominately be executed effectively with a remote schedule, there may be instances where in-person meetings and/or activities are needed. There is no minimum or prescribed in-person requirement. The work schedule will be based around core working hours in Colorado Mountain Time. A fully-remote option will be considered for highly qualified applicants and applicants must reside within the United States.
Why Join Us:
Information Security and IT Compliance (ISIC) is a subdivision of
Information Strategy and Services (ISS). In ISS we emphasize six key principles that connect our teams and ensure our success:
Curiosity- Explore beyond our own experience.
Compassion- Be empathetic to understand our customer and community needs.
Collaboration- Partner well beyond our space.
Commitment- Be dedicated to service excellence and follow-through.
Competence- Know our craft and be committed to continuous improvement and learning.
Confidence- Be empowered and assured to represent our customers and their needs.
The mission of the Information Security and IT Compliance division (ISIC) is to deliver information security and IT compliance programs that support the academic, administrative, clinical, research, and strategic goals of CU Anschutz Medical Campus and CU Denver. ISIC is in a unique position to be able to support the missions of two of Colorado’s most innovative campuses. The CU Anschutz Medical Campus strives to improve humanity by preventing illness, saving lives, educating health professionals and scientists, advancing science, and serving the community. The CU Denver Campus has a vision to build a radically inclusive model for higher education based on the simple idea that everyone deserves access to an excellent education and a fulfilled life of their design.
In ISIC we value our team members and strive to achieve work life balance, inclusivity, and a FUN working environment. We believe diverse teams are more innovative and make better decisions! In ISIC, we strive to create a workplace where team members feel heard, valued, and have a sense of belonging. We encourage applications from women, ethnic minorities, persons with disabilities and veterans. We are committed to diversity and equity in education and employment.
The University of Colorado Anschutz Medical Campus is committed to recruiting and supporting a diverse student body, faculty and administrative staff. The university strives to promote a culture of inclusiveness, respect, communication and understanding. We encourage applications from women, ethnic minorities, persons with disabilities, persons within the LGBTQ+ community and all veterans. The University of Colorado is committed to diversity and equality in education and employment.
Qualifications:
Minimum Qualifications:
IT Compliance Analyst - Intermediate Professional Level:
Education:
BA or BS in Computer Science, Computer Information Systems, IT Security, business, or closely related field OR Associate degree and 2 years’ experience in IT.
Substitution: Work experience in the occupational field or specialized subject area of the work assigned to the job may be substituted on a year-for-year basis for the degree.
Experience:
Minimum of 1-2 years of experience in Information Technology, IT policy, compliance, security, legal or governance role
Preferred Qualifications:
Experience using compliance management software and tools (e.g., GRC systems)
Senior IT Compliance Analyst - Professional Level:
Education:
BA or BS in Computer Science, Computer Information Systems, IT Security, business, or closely related field OR Associate degree and 2 years’ experience in IT.
Substitution: Work experience in the occupational field or specialized subject area of the work assigned to the job may be substituted on a year-for-year basis for the degree.
Experience:
2-4 years of assessing assessing IT compliance to NIST SP 800-53/NIST SP 800-171 or implementing NIST-based System Security Plans
OR
2-4 years of assessing IT compliance to HIPAA security standards.
Preferred Qualifications:
Experience using compliance management software and tools (e.g., GRC systems)
Experience interpreting NIST frameworks, specifically SP 800-53 and SP 800-171
Experience interpreting regulations related to information security and data confidentiality (e.g., FERPA, HIPAA, PCI-DSS, FISMA, CMMC)
HIPAA security compliance experience
Experience developing NIST-based System Security Plans
CISSP, GIAC or other security certifications
Experience with Payment Card Industry Data Security Standards
Experience working in higher education
Knowledge, Skills and Abilities:
IT Compliance Analyst – Intermediate Professional:
Good analytical and problem-solving skills.
Good communication and interpersonal skills.
Excellent time management and organizational skills.
Ability to work effectively as part of a team.
Proficient in the use of Microsoft Office applications and in typical business office capabilities such as managing emails and calendar appointments, creating documentation, etc.
Knowledge of applicable laws, regulations, and industry standards related to IT compliance.
Advanced Excel skills.
Senior IT Compliance Analyst Professional: In addition to the KSA above…
Ability to work in a fast-paced environment.
Proven ability to adapt to changing conditions to meet peer, team, and customer needs.
Demonstrated ability to coordinate and resolve complex issues with a variety of stakeholders.
Strong interpersonal and communication skills.
A passion for learning.
Strong analytical and problem-solving skills.
Risk assessment skills.
Policies and standards development.
Familiarity with desktop, server, application, database and network technology.
Knowledge of information security standards and frameworks (NIST SP 800-53, NIST SP 800-171, ISO 27001, etc.)