The IT Governance, Risk, and Compliance Manager is responsible for assessing and documenting the University of Arkansas Fayetteville compliance and risk posture as they relate to the information technology assets.
The purpose of this position is to provide highly skilled technical and information security expertise for the development and implementation of the information security risk management program and associated documentation. Responsibilities for this position require leadership and the ability to develop consensus in a diverse environment, as well as the expertise to ensure effective campus-wide standards and testing; risk assessment; security awareness and education; and the development of policies, standards, and guidelines.
Bachelor’s degree in information technology or another related field from an accredited institution of higher education
Demonstrated at least five years of advanced IT skills with a high level of information security and compliance experience
Applicable equivalencies may be considered on the qualifications listed above.
At least two years of experience developing security standards and guidelines based on best practices and industry standards
At least five years of experience responding, to analyzing, and communicating information security incidents
At least two years of in-depth experience in one of the following areas: HIPAA, PCI-DSS, CUI, NIST CSF, CMMC and NIST SP 800.171
Information security-related training or certifications such as CISSP or CRISC
Experience with NIST SP 800.37 and NIST SP 800.30
Demonstrated understanding of common security standards and regulations relating to a higher education environment
Well versed in and experienced with laws affecting the higher education environment in the following areas: Student Privacy (FERPA); Health Care; Confidential, Unclassified Information; Research Compliance; State Regulations
Experience with and in-depth knowledge of securing network technologies, client, and server operating systems
Information security experience in state/local government
Experience performing information security audits or risk assessments
Demonstrated familiarity with security auditing processes
Demonstrated understanding of higher education campus policy development and dissemination
Knowledge, Skills, and Abilities:
Knowledge of information security risk management frameworks and compliance practices
Skills in documenting risk and compliance activities
The University of Arkansas engages in funded research activities from agencies including the Department of Defense, the Department of Energy, and their subcontractors. The incumbent in this position may be required to meet contractor security clearance or access authorization requirements for these and other agencies. These requirements will be specified by agencies as a requirement for funding awards and may include elements from Executive Order 10865--Safeguarding classified information within industry, EXECUTIVE ORDER 12968, and Federal Acquisition Regulation (FAR) and Defense Federal Acquisition Regulation Supplement (DFARS) clauses, among others.
About University of Arkansas
The University of Arkansas, the state's flagship university, with a student population of over 26,000 students, resides on 345 picturesque acres overlooking the Ozark Mountains. For nearly 150 years, it has been at the center of higher education in the state of Arkansas and recently has moved to the center of higher education in the nation. Through the integration of teaching, research and service that puts students first, the University of Arkansas is taking its place among the nation's great comprehensive colleges and universities.
Fayetteville is a vibrant, diverse and inclusive community located in the Ozark Mountains of Northwest Arkansas a metropolitan-area with a population of 500,000 residents. Northwest Arkansas is a rapidly-expanding, economically healthy and technologically advanced region driven by the presence and cutting-edge use of technology by three Fortune 500 companies including Walmart, Tyson Foods and J.B. Hunt. The city and area have been featured in numerous publications as a very desirable and economical place to live and most recently was listed by Money magazine as one of the "100 Best Places to Live."
As an employer, the University of Arkansas off...ers a vibrant work environment and a workplace culture that promotes a balance between the needs of the workplace and the life needs of all employees. The benefits package includes University contributions to health, dental, life and disability insurance, tuition waivers for employees and their families, 12 official holidays, immediate leave accrual and a choice of retirement programs with University contributions ranging from 5% - 14% of employee salary.
IT Services provides central information technology support for the University of Arkansas, supporting a user base of over 30,000 faculty, staff and student users. With over one hundred-fifty fulltime employees and a budget that exceeds $23 million, IT Services provides technical resources and services to support university users in teaching, learning and working smarter, faster, and safer. IT Services is platform diagnostic, supporting Mac and Windows on the desktop, Windows and Linux server environments, and both enterprise and opensource systems and software.
The University of Arkansas is an Affirmative Action/Equal Opportunity Employer. The University welcomes applications without regard to age, race/color, gender (including pregnancy), national origin, disability, religion, marital or parental status, protected veteran status, military service, genetic information, sexual orientation or gender identity. Persons must have proof of legal authority to work in the United States on the first day of employment. All applicant information is subject to public disclosure under the Arkansas Freedom of Information Act.