Demo

Risk Analyst

Duke
Durham, NC Full Time
POSTED ON 1/31/2025
AVAILABLE BEFORE 2/28/2025

POSITION SUMMARY:   

Duke University’s IT Security Office (ITSO) is responsible for the overall coordination, implementation, and assessment of information security at Duke University.

 

The ITSO Risk Analyst will work alongside several other Duke entities such as Research Computing (https://rc.duke.edu), the Office of Research & Innovation (https://research.duke.edu), contracting offices, the Campus Institutional Review Board, and Duke researchers across campus to advance computational and data intensive research.  This role will work to advance the efforts of both the ITSO and the Compute and Data Services Alliance for Research (https://research.duke.edu/CDSA/) working to use a risk-based approach to establish security and compliance requirements at a project level.

 

Duke researchers are experts in their fields but are not expected to also be computing and security experts.  We strive to meet researchers where they are to advance their research goals with a positive and helpful attitude.

 

We are looking for a Risk Analyst who will help researchers, IT staff, and research support staff understand, implement, and adhere to security best practices and regulatory requirements. This position will work closely with others across campus and participate as a member of virtual teams designed to bring a holistic approach to Duke’s research needs and risk assessments.

 

This role primarily focuses on cyber risk in the research fields across Duke University.  It will require excellent oral and writing skills, analytical skills, a collaborative and results-oriented attitude, and the curiosity required to stay up to date within a fast-paced field and environment.  Prior expertise in security, regulated research, vendor risk assessment, or related experience in risk and/or regulatory compliance is desirable, but not a hard requirement.

 

RESPONSIBILITIES: 

  • Consult with Duke Office for Research & Innovation, Campus IRB, Duke Office of Information Technology, Duke University Libraries, and other departments on security requirements for research projects and other regulated institutional data.
  • Focus on using a risk-based approach to establish security expectations at a project level.  These expectations would be based upon regulations, risk to the organization, and data classifications.
  • Participate, as a representative from ITSO as part of the Campus IRB review process. This involves security reviews of proposed projects to identify concerns prior to project initiation. 
  • Perform vendor risk assessments, including establishment and revisions to assessment process based on needs of the organization.
  • Conduct data security reviews for projects handling a variety of data classifications. As a member of the IT Security office, you will provide security expertise and guidance on compliance needs during these reviews.
  • Collaborate with organizational stakeholders, to update and maintain security plans for the university, OIT, and research services where required by regulation or agreement.  Identify gaps and coordinate efforts across teams to implement enhancements or updates to policies, processes, and procedures. 
  • Maintain close ties through meetings, presentations, and training with Duke partner organizations to increase the institutional capabilities in research data security and data management, uphold the University’s security policies, and ensure the evolution of capabilities in response to changing security risk and threat landscape. 
  • Participate in incident/audit response activities related to cybersecurity events.
  • Help to guide cybersecurity efforts involving Duke’s Protected Network for Research and other secure computing enclaves. This includes drafting and managing System Security Plans, Plans of Action and Milestones, and other Duke policy documents.
  • Work with and participate in the higher education community efforts focused on regulated research.  This includes staying up to date on the changing compliance landscape at the federal and state government levels.

 

QUALIFICATIONS: 

Education

  • Bachelor’s degree in a related field is preferred with 5 years combined education / experience in a related field required.
  • Certifications from organizations such as GIAC (GCCC, GSNA), ISC2 (CISSP, CGRC), ISACA (CISA, CRISC), etc. are preferred but not required.

 

Professional skills 

  • Ability to work with minimal oversight while investigating a problem and scoping out possible solutions as well as knowing when it’s time to bring problems back to the team for help or a second opinion.
  • Ability to clearly communicate security and compliance topics to stakeholders across Duke where audiences may be non-technical or security focused.
  • Ability to work with a wide variety of stakeholders and respectfully share knowledge and skills. 
  • Ability to be flexible and adapt to changing priorities and requirements. 

 

Experience

 

  • Familiarity with cybersecurity in an academic research environment. 
  • Experience implementing and documenting requirements based on security control frameworks (I.e., NIST 800-53/800-171, NIST CSF, ISO, CIS, DFARS 7012/7020, CMMC) and maintaining data security practices, such as secure storage, data access control, secure data transfer.
  • Experience working directly with sensitive/controlled data research requirements.
  • Experience working with third party assessors for evaluation of secured environments.
  • Experience performing vendor risk assessments and reviews.

 

 

WORKING CONDITIONS:   

Occasionally required to work outside of normal business hours for planned activities, and rarely, may be contacted during off hours.  

 

Currently the position may work remotely or at our Durham, NC location. In the future, the role may transition to a hybrid requirement with some days required on site. 

Job Code: 00002426 ANALYST, IT, SR
Job Level: D

 

Duke is an Affirmative Action/Equal Opportunity Employer committed to providing employment opportunity without regard to an individual's age, color, disability, gender, gender expression, gender identity, genetic information, national origin, race, religion, sex, sexual orientation, or veteran status.

 

Duke aspires to create a community built on collaboration, innovation, creativity, and belonging. Our collective success depends on the robust exchange of ideas—an exchange that is best when the rich diversity of our perspectives, backgrounds, and experiences flourishes. To achieve this exchange, it is essential that all members of the community feel secure andwelcome, that the contributions of all individuals are respected, and that all voices are heard. All members of our community have a responsibility to uphold these values.

 

Essential Physical Job Functions: Certain jobs at Duke University and Duke University Health System may include essential job functions that require specific physical and/or mental abilities. Additional information and provision for requests for reasonable accommodation will be provided by each hiring department.

 

If your compensation planning software is too rigid to deploy winning incentive strategies, it’s time to find an adaptable solution. Compensation Planning
Enhance your organization's compensation strategy with salary data sets that HR and team managers can use to pay your staff right. Surveys & Data Sets

What is the career path for a Risk Analyst?

Sign up to receive alerts about other jobs on the Risk Analyst career path by checking the boxes next to the positions that interest you.
Income Estimation: 
$74,367 - $98,680
Income Estimation: 
$131,676 - $196,560
Income Estimation: 
$99,138 - $133,641
Income Estimation: 
$94,973 - $125,755
Income Estimation: 
$96,228 - $129,772
Income Estimation: 
$74,367 - $98,680
Income Estimation: 
$131,676 - $196,560
Income Estimation: 
$99,138 - $133,641
Income Estimation: 
$94,973 - $125,755
Income Estimation: 
$96,228 - $129,772
Income Estimation: 
$124,413 - $154,875
Income Estimation: 
$131,676 - $196,560
Income Estimation: 
$164,394 - $225,474
Income Estimation: 
$161,616 - $208,121
Income Estimation: 
$87,128 - $112,557
Income Estimation: 
$58,470 - $77,272
Income Estimation: 
$131,676 - $196,560
Income Estimation: 
$99,138 - $133,641
Income Estimation: 
$75,905 - $103,047
Income Estimation: 
$74,367 - $98,680
Income Estimation: 
$96,228 - $129,772
Income Estimation: 
$131,676 - $196,560
Income Estimation: 
$121,926 - $164,179
Income Estimation: 
$124,413 - $154,875
Income Estimation: 
$87,128 - $112,557
View Core, Job Family, and Industry Job Skills and Competency Data for more than 15,000 Job Titles Skills Library

Job openings at Duke

Duke
Hired Organization Address Durham, NC Full Time
Duke University: Duke University was created in 1924 through an indenture of trust by James Buchanan Duke. Today, Duke i...
Duke
Hired Organization Address Durham, NC Full Time
At Duke Health, we're driven by a commitment to compassionate care that changes the lives of patients, their loved ones,...
Duke
Hired Organization Address Chapel Hill, NC Full Time
Certified Medical Assistant, Timberlyne Family Medicine Work Arrangement : On-Site Requisition Number : 240796 Regular o...
Duke
Hired Organization Address Durham, NC Full Time
Occupational Summary Proactively identify and negotiate construction and capital equipment contract opportunities to lev...

Not the job you're looking for? Here are some other Risk Analyst jobs in the Durham, NC area that may be a better fit.

Fraud Risk Analyst

Carolinas Credit Union League, Raleigh, NC

Fraud Risk Analyst

Talent Forward, Raleigh, NC

AI Assistant is available now!

Feel free to start your new journey!