Sr GRC Analyst

WHY UT SOUTHWESTERN?
With over 75 years of excellence in Dallas-Fort Worth, Texas, UT Southwestern is committed to excellence, innovation, teamwork, and compassion. As a world-renowned medical and research center, we strive to provide the best possible care, resources, and benefits for our valued employees. Ranked as the number 1 hospital in Dallas-Fort Worth according to U.S. News & World Report, we invest in you with opportunities for career growth and development to align with your future goals. Our highly competitive benefits package offers healthcare, PTO and paid holidays, on-site childcare, wage, merit increases and so much more. We invite you to be a part of the UT Southwestern team where you'll discover a culture of teamwork, professionalism, and a rewarding career!

JOB SUMMARY
Develops, implements and operationalizes the Information Security governance and risk management functions to ensure the Program is compliant with established security controls frameworks, regulatory and legal requirements, policies and standards. Ensures that Information Security risk to the institution is appropriately managed. Subject matter expert on mature security governance structures and processes, risk management processes (enterprise and third party), and contractual, regulatory compliance requirements Leads and executes enterprise-wide security assessments and strategic projects to mature the Program.

Risk Management: Implements established risk frameworks for the Information Security program. Risk Assessments: Establishes and operationalizes formal security risk assessment frameworks to quantify and qualify risk including for third-party vendor risk, technology procurement (ISAC) and internal security controls. Leads and executes enterprise-wide security assessments and strategic projects to mature the Program. Audit & Compliance: Tracks audit findings, coordinates creation of audit deliverables and ensures audit compliance. Ensures Information Security Program compliance with established security controls framework, and regulatory and legal requirements, policies and standards. Metrics, KPIs and Reporting: Develops metrics and KPIs for Information Security Program maturity and operational and executive reporting.

THIS POSITION IS A HYBRID ROLE IN THE OFFICE 3 DAYS A WEEK. MUST LIVE IN DFW COMMUTE AREA.

BENEFITS
UT Southwestern is proud to offer a competitive and comprehensive benefits package to eligible employees. Our benefits are designed to support your overall wellbeing, and include:

• PPO medical plan, available day one at no cost for full-time employee-only coverage
• 100% coverage for preventive healthcare-no copay
• Paid Time Off, available day one
• Retirement Programs through the Teacher Retirement System of Texas (TRS)
• Paid Parental Leave Benefit
• Wellness programs
• Tuition Reimbursement
• Public Service Loan Forgiveness (PSLF) Qualified Employer
• Learn more about these and other UTSW employee benefits!

EXPERIENCE AND EDUCATION
Required

• Education
  Bachelor's Degree in computer science, information technology, or related field and

• Experience
  8 years of progressively responsible technology governance experience. and

JOB DUTIES

• Risk Management: Implements established risk frameworks for the Information Security program.
• Risk Assessments: Establishes and operationalizes formal security risk assessment frameworks to quantify and qualify risk including for third-party vendor risk, technology procurement (ISAC) and internal security controls. Leads and executes enterprise-wide security assessments and strategic projects to mature the Program.
• Audit & Compliance: Tracks audit findings, coordinates creation of audit deliverables and ensures audit compliance. Ensures Information Security Program compliance with established security controls framework, and regulatory and legal requirements, policies and standards.
• Metrics, KPIs and Reporting: Develops metrics and KPIs for Information Security Program maturity and operational and executive reporting.
• Program Governance: Assists with creation and management of program governanace.
• Interfaces with departments, Information Resources, third-party vendors, and business partners to identify areas of risk and assist with development of plans to establish and maintain ongoing compliance.
• Assists with various Information Security projects. Stays up to date with regulatory changes, modern technology & security controls and practices.
• Performs other duties as assigned.

SECURITY AND EEO STATEMENT
Security
This position is security-sensitive and subject to Texas Education Code 51.215, which authorizes UT Southwestern to obtain criminal history record information.

EEO Statement
UT Southwestern Medical Center is committed to an educational and working environment that provides equal opportunity to all members of the University community. As an equal opportunity employer, UT Southwestern prohibits unlawful discrimination, including discrimination on the basis of race, color, religion, national origin, sex, sexual orientation, gender identity, gender expression, age, disability, genetic information, citizenship status, or veteran status.

UT Southwestern is proud to offer a competitive and comprehensive benefits package to eligible employees. Our benefits are designed to support your overall wellbeing, and include:
• PPO medical plan, available day one at no cost for full-time employee-only coverage
• 100% coverage for preventive healthcare - no copay
• Paid Time Off, available day one
• Retirement Programs through the Teacher Retirement System of Texas (TRS)
• Paid Parental Leave Benefit
• Wellness programs
• Tuition Reimbursement
• Public Service Loan Forgiveness (PSLF) Qualified Employer
• Learn more about these and other UTSW employee benefits!