IT Risk and Architectural Standards Compliance Analyst

Department : Information Technology

Classification : Info Technology Spec 2

Job Category : Classified Staff

Job Type : Full-Time

Work Schedule : Full-time (1.0 FTE, 40 hrs / wk)

Location : Fairfax, VA

Workplace Type : Hybrid Eligible

Pay Band : 05

Salary : Salary commensurate with education and experience

Criminal Background Check : Yes

About the Department :

George Mason University's Information Technology Services (ITS) organization provides information technology resources, systems, services, tools, and training to the university community. ITS' mission is to deliver enabling technology to the George Mason community by leveraging reliable and secure services. The organization consists of six groups : Enterprise Infrastructure Services, Enterprise Applications, Learning Support Services, IT Security Office (ITSO), Enterprise Service Delivery; Academic Strategies, and dotted line reporting to Research Computing.

The IT Risk and Compliance (ITRC) team works closely with other ITS groups to define and document service designs and strategies, promote the adoption and practice of consistent policies and processes, and, jointly with the IT Security Office, to identify and mitigate risk and compliance issues associated with ITS policies and processes. ITRC facilitates the Architectural Standards Review Board (ASRB) which, to ensure standards and legal obligations are met, reviews software for approval prior to purchase. Additionally, ITRC also provides audit support and coordination, oversight of the remediation activities, IT risk and compliance reporting, conducts Third-Party Risk Management (TPRM) activities, manages the application administration of the Archer Integrated Risk Management (IRM) tool, and oversees the delivery and enforcement of the IT Security Awareness training.

About the Position :

The IT Risk and Architectural Standards Compliance Analyst works with the various ITS teams and University stakeholders to ensure that ITS-managed services, systems, and processes adhere to defined standards. Tasks may include but are not limited to participating in the specification and selection of standards and guidelines; staying aware of current regulations and potential audit points pertaining to IT services and service management; performing assessments, documenting results, and reporting perceived deficiencies to management; coordinating audit inquiries and responses with internal and external auditors and impacted ITS teams. A major focus of this position include conducting assessments on existing and proposed solutions, reviewing security and compliance in the context of established controls and requirements, establishing and maintaining productive collaborations with the University departments, collaborators, and customers in supporting functions such as the Architectural Standards Review Board assessments, other control assessments, audit support, issues management, and risk treatment activities.

Responsibilities :

• Monitors identified systems and processes within ITS to assess adherence to established policies and standards;
• Develops and maintains risk assessments, System Security Plans (SSPs), Plan of Action and Milestones (POA&Ms) and other documentation as needed in support of the systems and program;
• Works closely with various departments, stakeholders, and IT Security Office to review, refine, and track effectiveness of technical security controls;
• Uses knowledge of applicable regulations, frameworks, and standards to assess and report on compliance posture of systems, proposed solutions, conduct risk and compliance analysis and report on outcomes of the Architectural Standards Review Board (ASRB) engagements;
• Ensures that ASRB reviews are prioritized and conducted in a manner that helps the process meet or exceed the promised turnaround times;
• Ensures that annual disaster recovery exercise is conducted by ITS and collaborating departments;
• Builds partnerships and earns customer trust by socializing IT Risk and Compliance services and looks for ways to continually improve quality of services and customer experience;
• Under general guidance from manager and senior staff, analyzes processes and workflows, and develops process maps and documentation in accordance with established ITS standards;
• Works with ITSO, CISO, and ITS technical teams to develop and document policies and standard operating procedures as needed to meet compliance requirements;
• Participates in process improvement projects and initiatives;
• Effectively elicit details of process requirements and workflows from ITS teams and summarize them accurately;
• Writes clearly and succinctly; and
• Accurately analyzes data and task flows and represents them in understandable diagrams.

ITS Audit Response Coordination

Other Duties as Assigned

Required Qualifications :

Preferred Qualifications :

Instructions to Applicants :

For full consideration, applicants must apply for IT Risk and Architectural Standards Compliance Analyst at Complete and submit the online application to include three professional references with contact information, and provide a Cover Letter / Letter of Intent with CV for review.

Posting Open Date : January 10, 2025

Posting Close Date : January 24, 2025

Open Until Filled : No