Cyber Information Assurance Analyst

• CURRENT PENN STATE EMPLOYEE (faculty, staff, technical service, or student), please login to Workday to complete the internal application process. Please do not apply here, apply internally through Workday.

• CURRENT PENN STATE STUDENT (not employed previously at the university) and seeking employment with Penn State, please login to Workday to complete the student application process. Please do not apply here, apply internally through Workday.

• If you are NOT a current employee or student, please click "Apply" and complete the application process for external applicants.

JOB DESCRIPTION AND POSITION REQUIREMENTS:

Penn State Information Technology is seeking a Governance Risk and Compliance (GRC) Analyst. The GRC analyst will play a pivotal role in assessing and prioritizing information, security, and cybersecurity risk across the organization. The GRC Analysts' technical skills, combined with their ability to manage risks and ensure compliance, make them a key player in Penn States cybersecurity strategy. GRC Analysts ensure that an organization's operations and procedures meet government and industry compliance standards. They research regulations and policies on behalf of the enterprise, communicate the necessary requirements, and serve as a subject matter expert on all risk-related matters. This position will act as a LionSHIELD specialist, they will focus on the controlled unclassified information (CUI) environment at Penn State.

• Managing risks related to the use of Information Technology, Information Security, Regulatory Compliance, and Governance.
• Lead the enforcement of compliance programs that address internal and external requirements, ensuring individuals understand and adhere to relevant policies and regulations.
• Collaborate with internal stakeholders to ensure compliance requirements are integrated into systems, processes, and data management practices.
• Conducting gap analysis and implementing frameworks and standards such as NIST, FERPA, CMMC, HIPAA, GDPR, PCI, etc.
• Developing and revising policies, standards, processes, and guidelines for the organization.
• Conducting vendor risk assessments against organizational security requirements.
• Continually assessing and monitoring the effectiveness of security controls.
• Conducting research to aid threat assessment or risk mitigation activities.
• Developing mechanisms to align with the adoption and usage of current and emerging technologies.

Education and Experience

This position minimally requires a bachelor's degree and 6+ years of experience or an equivalent combination of education and experience. Preferred field of study: Information Security, Risk Management, Legal Studies or related field or discipline. Applicants with an Associate degree and additional experience and competencies are encouraged to apply. Candidates must be US citizens to apply.

Preferred experience and knowledge:

• Azure Gov Cloud
• CUI
• NIST SP 800-171 compliance

Location

This position is flexible and can operate fully remote, the office location for the position is at the University Park campus, in State College, PA., and will require occasional work on campus. Candidates should live in the local area or be willing to travel to campus as needed at their own expense.

The Pennsylvania State University is committed to and accountable for advancing diversity, equity, inclusion, and sustainability in all of its forms. We embrace individual uniqueness, foster a culture of inclusion that supports both broad and specific diversity initiatives, leverage the educational and institutional benefits of diversity in society and nature, and engage all individuals to help them thrive. We value inclusion as a core strength and an essential element of our public service mission.

The salary range for this position, including all possible grades is:

Salary Structure - additional information on Penn State's job and salary structure.

CAMPUS SECURITY CRIME STATISTICS: