Senior IT Compliance Analyst

Job Level
Entry-level position
Job Category
Analyst
Sector
  • Technology
Job Status
Areas of Responsibility
  • Information Technology

Job Summary:

The Senior IT Compliance Analyst will be part of Oklahoma State University's IT Security and Compliance team of experienced professionals working passionately to maintain confidentiality, integrity and availability of the University's information and technology resources. 

The IT Compliance function within the OSU IT Security department is responsible for providing guidance, support and analysis to IT management regarding policy and legal compliance (PCI, HIPAA, FERPA, GLBA, GDPR, etc.). The team provides written reporting, broad IT project participation, and recommendations for practical application of control concepts and principles where needed. 

The Senior IT Compliance Analyst: 

  • Engages with IT management and staff, University departments outside the OSU IT department, as well as with Internal Audit and external auditors, to identify feasible resolutions to control weaknesses and opportunities for improvement. 

  • Applies working knowledge of internal control and risk analysis approaches, as well as frameworks such as NIST, ISO2700, ITAF, and COBIT, and holds discussions with management regarding internal processes and noted control weaknesses. 

  • Prepares formal reports, which communicate final results of assessments, including recommendations for business process, information system practices, and control improvements. 

  • Competently applies knowledge of operating systems, application development, change management, operations, networking and telecommunications, databases, business continuity, disaster recovery and physical and logical security to develop and assist in implementation and enforcement of security compliance policies and procedures, which reduce technical risk and increase operational efficiency. 

  • Works under minimum supervision in the planning and conducting of IT compliance reviews, such as evaluating document evidence against written policy for regulatory compliance and assisting in the resolution of complex issues regarding information security and/or governmental law or regulation compliance. 

  • Maintains a high degree of personal integrity, attention to detail, and utilizes strong investigative skills to independently plan and execute compliance reviews, as well as evaluate IT responses to and assist in the investigation and resolution of security incidents. 

  • Utilizes automated tools and services to support the security compliance program in analysis and accurately documenting work performed to support analysis findings, conclusions reached, and recommendations made. He or she also periodically monitors activities of audited area(s), following-up to ensure continued compliance with applicable internal policies and procedures and external regulations; including monthly, quarterly and annual account and activity reviews where applicable. 

  • Work is performed in both controlled and uncontrolled environmental areas. Work may require access to hospitals, clinics, and related health care facilities, and University research laboratories. 

  • Periodically this position requires work after 5pm and on weekends. 

  • Due to communication expectations of the position, the incumbent will be required to maintain cellular or other electronic communication device. The incumbent's salary includes additional compensation to apply toward the use of their personal cellular device.

  • Must be able to lift and carry 25 pounds, as required to move computers.  

Special Instructions to Applicants

A resume is required to complete the application process. Educational transcripts may be attached to the application, or mailed to: Oklahoma State University, Attn: Senior IT Compliance Analyst, 101 IT Building, Stillwater, OK 74078. For full consideration, submit application by August 19th, 2018.

Education & Experience

Position Qualifications:

 

Required:

Bachelor's degree

Combined work experience of at least three (3) years in both: 

Administering and/or managing Windows and/or Linux servers, Active Directory structures, Oracle or SQL databases, and/or VMware environments. 

and 

In IT risk and compliance, IT governance, IT auditing, another IT security related field or information system security focused activities.  

Must be willing to complete the requirements for the Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP). 

Knowledge of regulations affecting Higher Education FERPA, HIPAA, GBLA and PCI-DSS, for compliance. 

Must have excellent analytical and verbal and written communication skills to understand customer objectives, evaluate risks and controls, and accurately document and support work performed and assist with management decision making. 

Must be able to work in a fast-paced environment and manage multiple projects, at times with conflicting priorities, concurrently. 

Must be a self-starter who is results-oriented and can effectively organize, plan, control, and prioritize work/projects according to time and resource constraints. 

Must possess competence to understand and manage work/project obstacles and complexities, including work/project scope, key players, urgency, inherent risks, and business benefits. 

Knowledge of enterprise security concepts such as patch management, defense in-depth/layered security and an understanding of network and systems administration (TCP/IP, Switch/Hub functions; Network Topologies), including an in-depth knowledge of Windows Server family including MS Exchange 2003/2007/2010/2013 and desktop operating systems (OS) such as Windows 7/8/10. 

Ability to lift 25 lbs.  

Preferred:

Master's degree in Computer Science, MSIS, MSTM, English, or Technical Writing/Editing 

Three to five (3-5) years combined work experience: 

Working in complex information technology environments consisting of multiple technology platforms. 

and 

In IT risk and compliance, IT governance, IT auditing or other information security experience including conducting risk assessments/audits/reviews of information systems with the goal of assessing and/or mitigating information security threats/risks within a large university environment.  

Possess one or more of the following: Security Essentials Certification (GSEC); Certified Information Systems Auditor (CISA); Certified Fraud Examiner (CFE); Microsoft Certified IT Professional (MCITP); Microsoft Certified Technology Specialist (MCTS)  

Knowledge and understanding of the role of information security in system design/architecture and implementation, including network security, information security audits, security awareness training, and information security risk management. Possess a strong knowledge and understanding of information security compliance and auditing techniques with experience conducting risk assessments and using risk assessment tools.