IT Compliance Analyst (Stillwater, OK)

IT Compliance Analyst

The successful candidate will become part of a small team of experienced professionals working together to maintain confidentiality integrity and availability of information and technology resources. Identify compliance concerns ensure policies processes are consistently applied and provide support overall on IT compliance related issues. Collaborate with other staff and management to review document and present compliance risks remediation and mitigations. Perform periodic compliance monitoring activities by analyzing data including system logs application logs change management reports and service requests. Develop and prepare metrics to accurately report current state of IT compliance and trends over time. Design interpret & communicate information security policies & controls. Stay abreast of process changes and analyze impact to overall IT compliance capability. Appropriately identify control weaknesses and recommend appropriate corrective actions. Track and report on resolution of issues to foster timeliness or remediation. Develop compliance review schedules for individual projects and facilitate such reviews. Prepare and deliver education training to internal managers on the compliance processes tools and techniques. Research issues and provide information to identify compliance issues and assist in the decision making process. Review of security logs reports and prepare status reports on security matters to develop security risk analysis scenarios and response procedures. Due to communication expectations of the position the incumbent will be required to maintain cellular or other electronic communication device. The incumbent s salary includes additional compensation to apply toward the use of their personal cellular device. Work schedule may extend beyond regular office hours of 8 am to 5 pm Monday to Friday as needed to complete assignments. Work is in both controlled and uncontrolled environmental areas. Work may require access to hospitals clinics and related health care facilities and University research laboratories. Minimum qualifications High School GED and six years of related work experience. Post-secondary education may substitute for required years of work experience. Must be able to lift and carry 25 pounds as required to move computers. Experience in design and or implementation of IT infrastructure including security controls IT systems server database administration including systems hardening and security policy implementation participation in Systems Development Life Cycle identity management and administration of IDM systems conducting risk assessments and use of risk assessment tools completed and reported trend analysis business metrics data (bank account financial) reconciliation fraud detection or investigations business process automation development implementation management development of business policies and procedures standardization and documentation of processes auditing internal government forensic independent external overseeing employee document tracking to ensure compliance with regulatory and departmental policy and eligibility and project management. Must complete the requirements for the CISA CISSP or a CFE professional certification. Possess excellent verbal and written communication skills as well as the ability to develop professional relationships across all levels of organizational hierarchy. Ability to communicate technical concepts and transform them into usable documented material for non-technical users. Ability to advise train and motivate technical individuals in regulatory compliance and information and systems security efforts. Understanding of IT enterprise operations architecture and IT as a Service especially in a Higher Education environment. Ability to grasp technical concepts at all levels of computer systems from system hardware components and architecture to system integration and implementations. Knowledge appreciation and prioritization of principles and practices of project organization planning records management and general administration. Must possess capacity to grasp complex scenarios analyze from both detailed and high level views identify gaps in information or processes and solve problems efficiently. Must be able to identify compliance and security needs independent of management direction. Must be able to handle multiple duties under pressure with minimal supervision and high levels of expectation by upper management. Must have a high level of personal integrity. Ability to maintain accuracy in handling data collections. Ability to identify protect and ethically handle confidential sensitive and forensic data. Knowledge of regulations affecting Higher Education FERPA HIPAA GBLA and PCI-DSS for compliance. Knowledge of Systems Development Life Cycle processes. Prefer candidate with bachelor degree in Computer Science MSIS or related field and three (3) years working in complex information technology environments consisting of multiple technology platforms. three (3) years of information security experience including conducting risk assessments audits reviews of information systems with the goal of assessing and or mitigating information security threats risks within a large university environment experience with security requirements systems and security architecture as related to compliance standards such as found in FISMA FERPA HIPPA PCI-Standards or other regulatory act(s) or bodies is highly desired possess one or more of the following Security Essentials Certification (GSEC) Certified Information Systems Auditor (CISA) Certified Fraud Examiner (CFE) Microsoft Certified IT Professional (MCITP) Microsoft Certified Technology Specialist (MCTS) knowledge and understanding of the role of information security in system design architecture and implementation including network security information security audits security awareness training and information security risk management and possess a strong knowledge and understanding of information security compliance and auditing techniques with experience conducting risk assessments and using risk assessment tools. Experience with securing Oracle Banner or Cloud systems as well as in developing policies and procedures related to regulatory compliance and information security is a plus. Apply online at s okstate.csod.com ats careersite JobDetails.aspx id 2285 for consideration. For assistance with the on-line application process or to request an accommodation to enable application contact OSU Human Resources 106 Whitehurst Stillwater OK 74078 or call 405-744-7401. Please attach resume cover letter and list of references. Educational transcripts may be attached to the application or mailed to Oklahoma State University Attn IT Compliance Analyst Search 101 Information Technology Stillwater OK 74078. For full consideration applications must be received by September 9th 2016. Oklahoma State University is an Affirmative Action Equal Opportunity E-verify employer committed to diversity and all qualified applicants will receive consideration for employment and will not be discriminated against based on age race color religion sex sexual orientation genetic information gender identity national origin disability protected veteran status or other protected category. OSU is a VEVRAA Federal Contractor and desires priority referrals of protected veterans for its openings. OSU will not discharge or in any other manner discriminate against employees or applicants because they have inquired about discussed or disclosed their own pay or the pay of another employee or applicant. However employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information unless the disclosure is (a) in response to a formal complaint or charge (b) in furtherance of an investigation proceeding hearing or action including an investigation conducted by the employer or (c) consistent with the contractor s legal duty to furnish information.