Why UT Southwestern?

With over 75 years of excellence in Dallas-Fort Worth, Texas, UT Southwestern is committed to excellence, innovation, teamwork, and compassion. As a world-renowned medical and research center, we are looking for strategic thinkers who will help assure the security and compliance of UT Southwestern. With a career in our Information Technology department at UT Southwestern, you will be able to help with our mission to provide exceptional clinical care and create cutting-edge research programs as you grow your IT and information security career. We invite you to be a part of the UT Southwestern team where you'll discover a culture of teamwork, professionalism, and a life-changing career!

Job Summary

UT Southwestern is hiring a Sr. Governance Risk Compliance (GRC) Analyst to join our Information Security team. We're investing extensive resources to grow our InfoSec team to ensure the safety of our sensitive and important hospital and university information.

This position is responsible for developing, implementing, and ensuring that UT Southwestern is compliant with established security controls frameworks, regulatory and legal requirements, and polices and standards. As the Sr. Governance Risk Compliance Analyst, you will be the expert on mature security governance structures and processes, risk management processes, and regulatory compliance requirements. In this role, you will have the opportunity to lead and execute enterprise-wide security assessments and strategic projects to mature our Information Security program.

Job Duties

• Implement established risk frameworks for the Information Security program.
• Establish and operationalize formal security risk assessment frameworks to quantify and qualify risk for third-party vendor risk, technology procurement (ISAC) and internal security controls.
• Lead and execute enterprise-wide security assessments and strategic projects to mature the Program.
• Ensure Information Security program compliance with security controls framework, regulatory and legal requirements, and policies and standards.
• Develop metrics and KPIs for the Program maturity, operational, and executive reporting.
• Coordinates with various departments and vendors to identify areas of risk and assist with development of plans to establish and maintain ongoing compliance.
• Assist with Information Security projects and stay up to date with regulatory changes, modern technology, and security controls and practices *
• Assist with creation and management of program governance.

Experience and Education

• Bachelor's Degree in computer science, information technology, or related field required
• Eight (8) years of progressively responsible technology governance experience required
• Additional years of directly related experience may be substituted for stated degree on a year for year basis

Preferred Qualifications

• Experience establishing Information Security frameworks and aligning security controls (e.g. CIS, NIST, HIPA, PCI), framework and control gap analysis and remediation, project management, threat and risk modeling, building, and maintaining a risk register.
• Experience creating framework-based risk assessments and consulting with technical and non-technical staff to implement and advance GRC initiatives based on best practices.
• Ability to respond to, audit, and leverage GRC tools (e.g. Archer, Logic Manager)

To learn more about the benefits UT Southwestern offers visit https://www.utsouthwestern.edu/employees/hr-resources.

This position is security-sensitive and subject to Texas Education Code *51.215, which authorizes UT Southwestern to obtain criminal history record information.

UT Southwestern Medical Center is committed to an educational and working environment that provides equal opportunity to all members of the University community. In accordance with federal and state law, the University prohibits unlawful discrimination, including harassment, on the basis of: race; color; religion; national origin; sex; including sexual harassment; age; disability; genetic information; citizenship status; and protected veteran status. In addition, it is UT Southwestern policy to prohibit discrimination on the basis of sexual orientation, gender identity, or gender expression.