Search
Header navigation

Information Security GRC Analyst Sr/UKHC

University of Kentucky
location2914 N Shoreline Blvd, Corpus Christi, TX 78402, USA
PublishedPublished: 5/3/2026
Full Time

University of Kentucky

Equal Employment Opportunity/M/F/disability/protected veteran status.

Posting Details Posting Details Job TitleInformation Security GRC Analyst Sr/UKHCRequisition NumberRE54252Working TitleInformation Security, Governance, Risk and Compliance Analyst SeniorDepartment NameH3997:EVPHA Information TechnologyWork LocationLexington, KYGrade Level12Salary Range$62,400-111,634/yearType of PositionStaffPosition Time Status Full-TimeRequired EducationBSClick here for more information about equivalencies:https://hr.uky.edu/employment/working-uk/equivalenciesRequired Related Experience5 yrsRequired License/Registration/CertificationCISA (Certified Information Systems Auditor) or CRISC (Certified in Risk and Information Systems Control) or equivalent certification.Physical RequirementsThe physical requirements of this position include: Mobility to work from several locations depending on business needs; occasionally lifting, pushing, and/or pulling objects up to 50lbs; occasionally standing or walking with objects up to 10lbs; regularly sitting at a computer workstation for extended periods of time with regular repetitive motions (such as typing); occasionally dealing with combative/violent people; and occasional job-related travel.ShiftPrimarily Monday through Friday 8am-5pm, with evening, night, and weekend requirements per departmental needs.Job SummaryResponsible for conducting risk assessments, gap analysis and compliance initiatives across the organization in alignment with NIST, HIPAA, GDPR, etc. Creates reports and presentations for reporting to senior management. Coordinates with IT teams, business stakeholders, and vendors to support security control implementation and remediation of findings. Contributes to process improvements and helps maintain the organization’s overall security posture. Mentors and trains other analysts to support knowledge transfer and enhance team effectiveness. This position is hybrid.

Essential Functions:
• Conducts risk assessments, gap analysis, and compliance initiatives for departments, systems, applications and vendors.
• Prepares reports for senior management and advises on risk mitigation.
• Evaluates controls and compensating controls and ensures that remediation plans are acceptable and in place.
• Communicates and implements control framework and automation.
• Tracks remediation of identified risks and collaborates with stakeholders to ensure timely resolution.
• Maintains security and compliance metrics, reporting findings to management.
• Prepares materials for internal and external audits, supporting audit readiness and evidence collection.
• Collaborates with IT and business teams to ensure adherence to regulatory requirements (HIPAA, SOX, PCI-DSS, GDPR, etc.).
• Participates in continuous improvement of GRC processes and documentation practices.
• Performs other duties as assigned.

Skills / Knowledge / AbilitiesN/ADoes this position have supervisory responsibilities? NoPreferred Education/ExperienceBachelor’s degree in cybersecurity, computer science, or a related field.Deadline to Apply05/10/2026Our University CommunityWe value the well-being of each of our employees and are dedicated to creating a healthy place for everyone to work, learn and live. In the interest of maintaining a safe and healthy environment for our students, employees, patients and visitors, the University of Kentucky is a Tobacco & Drug Free campus.

The University follows both the federal and state Constitutions as well as all applicable federal and state laws on nondiscrimination. The University provides equal opportunities for qualified persons in all aspects of institutional operations and does not discriminate on the basis of race, color, national origin, ethnic origin, religion, creed, age, physical or mental disability, veteran status, uniformed service, political belief, sex, sexual orientation, gender identity, gender expression, pregnancy, marital status, genetic information or social or economic status.

Any candidate offered a position may be required to pass pre-employment screenings as mandated by University of Kentucky Human Resources. These screenings may include a national background check and/or drug screen.

Posting Specific Questions

Required fields are indicated with an asterisk (*).

  1. * Provide an example of a time you collaborated with IT teams, business stakeholders, or vendors to remediate a security finding. What challenges did you encounter, and how did your actions contribute to improving the organization’s security posture or compliance readiness?

    (Open Ended Question)

  2. * This position requires CRISC and/or CISA certification at time of hire. Are you able to meet this requirement?
    • Yes
    • No

Applicant Documents
Required Documents
  1. Resume
Optional Documents
  1. Cover Letter




PI284301968