IT Compliance Analyst OPEN Rank Professional Intermediate thru Senior (Hybrid/Remote)

Job Summary:

Does this describe you?

Have you spent at least a year in an IT-related role such as desktop support, system administration, network support, etc.?  Do you enjoy coordinating the efforts of others to provide an outstanding service, put together a successful event, etc.?  Do you enjoy doing research and summarizing your findings into easy-to-understand guidance or analysis?  Would you like to work with a group of energetic and dedicated individuals who are excited about information security and IT compliance? If you think this describes you, we want to know more about YOU! We are hiring two positions to conduct risk assessments and compliance monitoring.

• • Assessing vendors, partners and other third parties to determine the level of IT security and compliance risk posed.  Maintain detailed documentation of the progress and results of those assessments.
  • Be primarily responsible for day-to-day tasks associated with one or more of the services provided by the department (application assessments, data access requests, PCI compliance, terminating account access, etc.)  Contribute to developing and maintaining process documentation and assist in training new staff.  The complexity of job duties will increase over time as knowledge and experience is gained.
• Conduct assessments of technology provisioned by vendors, partners and other third parties to determine the level of IT security and compliance risk posed. Maintain detailed documentation of the progress and results of those assessments.
• Train compliance analysts on operational procedures.
• Collaborate with departments to implement corrective action plans.
  • Help monitor compliance with established policies, procedures, standards, and guidelines and assist with the investigation of any instances of non-compliance.
  • Develop and maintain an up-to-date knowledge of applicable laws, regulations and industry standards related to IT compliance.
  • Assist in communicating IT compliance policies, procedures, standards, etc. to relevant stakeholders.

Work Location:

Hybrid/Remote - This position is eligible for a hybrid work environment. ISIC strives for a high-flex work environment, meaning although this role can predominately be executed effectively with a remote schedule, there may be instances where in-person meetings and/or activities are needed. There is no minimum or prescribed in-person requirement. The work schedule will be based around core working hours in Colorado Mountain Time. A fully-remote option will be considered for highly qualified applicants and applicants must reside within the United States.

Why Join Us:

Information Security and IT Compliance (ISIC) is a subdivision of

Information Strategy and Services (ISS).  In ISS we emphasize six key principles that connect our teams and ensure our success:

• Curiosity- Explore beyond our own experience.
• Compassion- Be empathetic to understand our customer and community needs.
• Collaboration- Partner well beyond our space.
• Commitment- Be dedicated to service excellence and follow-through.
• Competence- Know our craft and be committed to continuous improvement and learning.
• Confidence- Be empowered and assured to represent our customers and their needs.

The mission of the Information Security and IT Compliance division (ISIC) is to deliver information security and IT compliance programs that support the academic, administrative, clinical, research, and strategic goals of CU Anschutz Medical Campus and CU Denver.  ISIC is in a unique position to be able to support the missions of two of Colorado’s most innovative campuses.  The CU Anschutz Medical Campus strives to improve humanity by preventing illness, saving lives, educating health professionals and scientists, advancing science, and serving the community.  The CU Denver Campus has a vision to build a radically inclusive model for higher education based on the simple idea that everyone deserves access to an excellent education and a fulfilled life of their design.

In ISIC we value our team members and strive to achieve work life balance, inclusivity, and a FUN working environment.  We believe diverse teams are more innovative and make better decisions! In ISIC, we strive to create a workplace where team members feel heard, valued, and have a sense of belonging. We encourage applications from women, ethnic minorities, persons with disabilities and veterans. We are committed to diversity and equity in education and employment.

Click here to find out more about ISS’s Culture  and click HERE  to view testimonials from ISS Employees about why they enjoy working for ISS! 

Why Work for The University:

We have AMAZING Benefits and offer exceptional amounts of holiday, vacation, and sick leave! 

• The University of Colorado offers an excellent benefits package including:
• Medical: Multiple plan options
• Dental: Multiple plan options
• Additional Insurance: Disability, Life, Vision
• Retirement 401(a) Plan: Employer contributes 10% of your gross pay
• Paid Time Off: Accruals over the year
• Vacation Days: 22 (maximum accrual 352 hours)
• Sick Days: 15 (unlimited maximum accrual)
• Holiday Days: 10
• Tuition Benefit: Employees have access to this the benefit on all CU campuses
• ECO Pass: RTD Bus and light rail service
• Additional Perks & Programs: Click here to access a few more Perks and Programs

See for yourself: https://www.cu.edu/employee-services/benefits  and https://www.cu.edu/employee-services/leave-policies

Diversity and Equity:

The University of Colorado Anschutz Medical Campus is committed to recruiting and supporting a diverse student body, faculty and administrative staff. The university strives to promote a culture of inclusiveness, respect, communication and understanding. We encourage applications from women, ethnic minorities, persons with disabilities, persons within the LGBTQ+ community and all veterans. The University of Colorado is committed to diversity and equality in education and employment.

Qualifications:

Minimum Qualifications:

IT Compliance Analyst - Intermediate Professional Level:

Education:

• BA or BS in Computer Science, Computer Information Systems, IT Security, business, or closely related field OR Associate degree and 2 years’ experience in IT.
  • Substitution: Work experience in the occupational field or specialized subject area of the work assigned to the job may be substituted on a year-for-year basis for the degree.

Experience:

• Minimum of 1-2 years of experience in Information Technology, IT policy, compliance, security, legal or governance role

Preferred Qualifications:

• Experience using compliance management software and tools (e.g., GRC systems)

Senior IT Compliance Analyst - Professional Level:

Education:

• BA or BS in Computer Science, Computer Information Systems, IT Security, business, or closely related field OR Associate degree and 2 years’ experience in IT.
  • Substitution: Work experience in the occupational field or specialized subject area of the work assigned to the job may be substituted on a year-for-year basis for the degree.

Experience:

• 2-4 years of assessing assessing IT compliance to NIST SP 800-53/NIST SP 800-171 or implementing NIST-based System Security Plans

OR 

• 2-4 years of assessing IT compliance to HIPAA security standards.

Preferred Qualifications:

• Experience using compliance management software and tools (e.g., GRC systems)
• Experience interpreting NIST frameworks, specifically SP 800-53 and SP 800-171
• Experience interpreting regulations related to information security and data confidentiality (e.g., FERPA, HIPAA, PCI-DSS, FISMA, CMMC)
• HIPAA security compliance experience
• Experience developing NIST-based System Security Plans
• CISSP, GIAC or other security certifications
• Experience with Payment Card Industry Data Security Standards
• Experience working in higher education

Knowledge, Skills and Abilities:

IT Compliance Analyst – Intermediate Professional:

• Good analytical and problem-solving skills.
• Good communication and interpersonal skills.
• Excellent time management and organizational skills.
• Ability to work effectively as part of a team.
• Proficient in the use of Microsoft Office applications and in typical business office capabilities such as managing emails and calendar appointments, creating documentation, etc.
• Knowledge of applicable laws, regulations, and industry standards related to IT compliance.
• Advanced Excel skills.

Senior IT Compliance Analyst Professional: In addition to the KSA above…

• Ability to work in a fast-paced environment.
• Proven ability to adapt to changing conditions to meet peer, team, and customer needs.
• Demonstrated ability to coordinate and resolve complex issues with a variety of stakeholders.
• Strong interpersonal and communication skills.
• A passion for learning.
• Strong analytical and problem-solving skills.
• Risk assessment skills.
• Policies and standards development.
• Familiarity with desktop, server, application, database and network technology.
• Knowledge of information security standards and frameworks (NIST SP 800-53, NIST SP 800-171, ISO 27001, etc.)

How to Apply:

For full consideration, please submit the following document(s):

1.     A letter of interest describing relevant job experiences as they relate to listed job qualifications and interest in the position

2.     Curriculum vitae / Resume

3.     Three to five professional references, including name, address, phone number (mobile number if appropriate), and email address

Questions should be directed to: ISS Human Resources

[email protected]  

Screening of Applications Begins:

Immediately and continues until March 19, 2024.

Anticipated Pay Range:

IT Professional

The starting salary range (or hiring range ) for this position has been established as $62,768 – $65,000  

Senior IT Professional  

The starting salary range (or hiring range ) for this position has been established as $67,857 – $84,000

The above salary range (or hiring range ) represents the University’s good faith and reasonable estimate of the range of possible compensation at the time of posting. This position may be eligible for overtime compensation, depending on the level.

Your total compensation goes beyond the number on your paycheck. The University of Colorado provides generous leave, health plans and retirement contributions that add to your bottom line.

Total Compensation Calculator: http://www.cu.edu/node/153125

ADA Statement:

The University will provide reasonable accommodations to applicants with disabilities throughout the employment application process. To request an accommodation pursuant to the Americans with Disabilities Act, please contact the Human Resources ADA Coordinator at [email protected] ​.

Background Check Statement:

The University of Colorado Anschutz Medical Campus is dedicated to ensuring a safe and secure environment for our faculty, staff, students and visitors. To assist in achieving that goal, we conduct background investigations for all prospective employees.

Vaccination Statement:

CU Anschutz strongly encourages vaccination against the COVID-19 virus and other vaccine preventable diseases . If you work, visit, or volunteer in healthcare facilities or clinics operated by our affiliated hospital or clinical partners or by CU Anschutz, you will be required to comply with the vaccination and medical surveillance policies of the facilities or clinics where you work, visit, or volunteer, respectively. In addition, if you work in certain research areas or perform certain safety sensitive job duties, you must enroll in the occupational health medical surveillance program .