The IT Risk Analyst will be primarily responsible for performing governance risk and compliance (GRC) tool administration and supporting the risk assessment processes and platform, to identify, evaluate, and recommend security controls that address information security risk to the University. The position is based in the IT Risk Management function within the Office of Information Security which is led by the Global Chief Information Security Officer who reports directly to the NYU Global CIO. This role will be 100% remote work.

Reporting directly to NYU's Global CIO, the Associate VP Global Chief Information Security Officer leads the Office of Information Security (OIS) which is a high performance and highly technical team charged with the responsibility of mitigating cyber risks, minimizing the likelihood of a breach, and maintaining compliance with information security regulatory requirements for all of NYU. OIS aims to evolve the maturity of the NYU Information Security Program through people, process and technology while maintaining alignment with university initiatives, IT goals and core beliefs. OIS is made up of several functional areas including Operations Planning & Strategy, Security Architecture & Engineering, IT Risk Management, Detect Response & Forensics, IT Policy & Compliance and Security Awareness & Outreach.

About NYU IT -NYU IT CORE BELIEFS

We demonstrate our core beliefs everyday in our interactions, attitude and performance.

People at the heart of everything we do: We listen to our clients, and colleagues, and use our expertise to anticipate and address their needs.

Create space to innovate: We challenge assumptions and seek out fresh perspectives and new ways of thinking to fuel our productivity.

Right promise. Right delivery: We set clear goals and priorities, and execute with speed and agility to deliver better results.

Share information. Build trust: We engage in open and honest communications that reflect inclusiveness, fairness and respect for each other.

Teams and partnerships work. Boundaries don’t: We collaborate to maximize the value we bring to NYU because our best ideas come from working together.

Insist on excellence: We take pride in what we do, strive to improve constantly and hold ourselves accountable for the results.

Required Education:
Bachelor's Degree

Preferred Education:
Master's Degree in Information Systems Management or equivalent.

Required Experience:
5+ years relevant and/or progressive experience assessing IT Security architectures, systems and solutions across multiple information security domains. Must have experience having assessed, remediated or developed solutions that adhere to one or more of the following compliance frameworks; PCI, NIST 800-53/800-171, ISO2700x, HIPAA/HiTECH.

Preferred Experience:
Cloud Security assessments; system, application reviews including Secure SDLC lifecycle assessments.

Required Skills, Knowledge and Abilities:
Ability to build consensus and lead groups through decision making process. Excellent team participation skills, as well as good written and verbal communication skills. Good analytical skills, problem solving and interpersonal skills. Ability to work with other teams to implement security goals.

Preferred Skills, Knowledge and Abilities:
Strongly preferred qualifications include knowledge of information security best practices in the domains of: Access Control, Network Security, Risk Management, Software Development Security, Security Architecture and Design, Operations Security Business Continuity and Disaster Recovery Planning, Compliance, Physical (Environmental) Security.

NYU aims to be among the greenest urban campuses in the country and carbon neutral by 2040. Learn more at nyu.edu/nyugreen.

EOE/AA/Minorities/Females/Vet/Disabled/Sexual Orientation/Gender Identity

PI130537239