Information Security GRC Analyst Sr/UKHC

Posting Details Job Title Information Security GRC Analyst Sr/UKHC Requisition Number RE54252 Working Title Information Security, Governance, Risk and Compliance Analyst Senior Department Name H3997:

EVPHA Information Technology Work Location Lexington, KY Grade Level 12 Salary Range $62,400-111,634/year Type of Position Staff Position Time Status Full-Time Required Education BS Click here for more information about equivalencies: https://hr.uky.edu/employment/working-uk/equivalencies Required Related Experience 5 yrs Required License/Registration/Certification CISA (Certified Information Systems Auditor) or CRISC (Certified in Risk and Information Systems Control) or equivalent certification. Physical Requirements The physical requirements of this position include: Mobility to work from several locations depending on business needs; occasionally lifting, pushing, and/or pulling objects up to 50lbs; occasionally standing or walking with objects up to 10lbs; regularly sitting at a computer workstation for extended periods of time with regular repetitive motions (such as typing); occasionally dealing with combative/violent people; and occasional job-related travel. Shift Primarily Monday through Friday 8am-5pm, with evening, night, and weekend requirements per departmental needs. Job Summary Responsible for conducting risk assessments, gap analysis and compliance initiatives across the organization in alignment with NIST, HIPAA, GDPR, etc. Creates reports and presentations for reporting to senior management. Coordinates with IT teams, business stakeholders, and vendors to support security control implementation and remediation of findings. Contributes to process improvements and helps maintain the organization's overall security posture. Mentors and trains other analysts to support knowledge transfer and enhance team effectiveness. This position is hybrid.

Essential Functions:

Conducts risk assessments, gap analysis, and compliance initiatives for departments, systems, applications and vendors. Prepares reports for senior management and advises on risk mitigation. Evaluates controls and compensating controls and ensures that remediation plans are acceptable and in place. Communicates and implements control framework and automation. Tracks remediation of identified risks and collaborates with stakeholders to ensure timely resolution. Maintains security and compliance metrics, reporting findings to management. Prepares materials for internal and external audits, supporting audit readiness and evidence collection. Collaborates with IT and business teams to ensure adherence to regulatory requirements (HIPAA, SOX, PCI-DSS, GDPR, etc.). Participates in continuous improvement of GRC processes and documentation practices. Performs other duties as assigned.

Skills / Knowledge

/ Abilities N/A Does this position have supervisory responsibilities? No Preferred Education/Experience Bachelor's degree in cybersecurity, computer science, or a related field. Deadline to Apply 05/10/2026 Our University Community We value the well-being of each of our employees and are dedicated to creating a healthy place for everyone to work, learn and live. In the interest of maintaining a safe and healthy environment for our students, employees, patients and visitors, the University of Kentucky is a Tobacco & Drug Free campus. The University follows both the federal and state Constitutions as well as all applicable federal and state laws on nondiscrimination. The University provides equal opportunities for qualified persons in all aspects of institutional operations and does not discriminate on the basis of race, color, national origin, ethnic origin, religion, creed, age, physical or mental disability, veteran status, uniformed service, political belief, sex, sexual orientation, gender identity, gender expression, pregnancy, marital status, genetic information or social or economic status. Any candidate offered a position may be required to pass pre-employment screenings as mandated by University of Kentucky Human Resources. These screenings may include a national background check and/or drug screen.