<p>Current Employees: If you are currently employed at any of the Universities of Wisconsin, log in to Workday to apply through the internal application process.</p> <p>Position Title:</p> <p>IS GRC ANALYST</p> <p>Job Category:</p> <p>Academic Staff</p> <p>Employment Type:</p> <p>Regular</p> <p>Job Profile:</p> <p>Info Sec Analyst II</p> <p>Job Duties:</p> <p>The Governance, Risk, and Compliance (GRC) Analyst supports the UW by contributing to the identification, assessment, and management of enterprise IT risk across universities and shared services. The GRC Analyst assists with IT risk assessments, maintains and supports centralized risk management tools and risk registers, and develops clear documentation and reports to support informed IT risk decision-making. The role also supports the development and revision of information security policies and standards, aligns program activities with recognized frameworks, and assists with audit and assessment coordination and follow-up.</p> <p>This position emphasizes continuous improvement of IT risk management practices, including the integration of emerging technology risks such as artificial intelligence and cloud services, and ongoing professional development aligned with GRC and enterprise IT risk management responsibilities.</p> <p>Key Job Responsibilities:</p> <p>Enterprise IT Risk Management</p> <ul> <li> <p>Contribute to the continuous improvement of UW's IT risk management program by developing standardized processes, workflows, templates, and guidance.</p> </li><li> <p>Identify, assess, document, and monitor IT risks affecting universities and shared services.</p> </li><li> <p>Assist in the technical rollout and ongoing support of enterprise IT risk management tools.</p> </li><li> <p>Assist in developing program reports, metrics, and summaries</p> </li></ul> <p>Third-Party IT Risk Management</p> <ul> <li> <p>Conduct IT risk assessments of third-party vendors, services, and technology solutions.</p> </li><li> <p>Develop written assessment reports to support informed IT risk decision making.</p> </li><li> <p>Integrate emerging technology risks, including artificial intelligence and data privacy considerations, into third-party IT risk reviews.</p> </li></ul> <p>Policy and Audit Support</p> <ul> <li> <p>Assist in the creation, and revision of enterprise information security policies, standards, and guidance.</p> </li><li> <p>Align policies and standards with National Institute of Standards and Technology (NIST) Frameworks.</p> </li><li> <p>Assist with coordinating internal and external risk assessments</p> </li><li> <p>Track assessment and audit findings and support remediation efforts</p> </li><li> <p>Analyze assessment, audit, and survey data to identify trends and opportunities for targeted improvements.</p> </li></ul> <p>Professional Development</p> <ul> <li> <p>Stay informed of emerging technologies and evolving IT and cybersecurity risks.</p> </li><li> <p>Continuously develop skills through training and professional development opportunities aligned with enterprise IT risk management and GRC practices</p> </li></ul> <p>Department:</p> <p>The UW Administration Office of Information Security is responsible for the enterprise information security program and providing shared security services to campus partners. The Office of Information Security is composed of three teams: Cyber Defense, IT Governance, Risk and Compliance (GRC), and Security Awareness and Outreach.</p> <p>Compensation:</p> <p>The?working title?is?a?full-time exempt,?academic staff ?position.</p> <p>Well-qualified candidates can expect a starting annual salary within?a range?of?$85,000 - $95,000?commensurate?with the candidate's education, related experience, and qualifications.</p> <p>Required Qualifications:</p> <ul> <li> <p>Experience in information security, IT risk management, and/or third-party IT risk management.</p> </li><li> <p>Experience assessing and documenting risk related to IT systems, applications, or third-party technology solutions.</p> </li><li> <p>Working knowledge of IT and cybersecurity risk frameworks and assessment practices.</p> </li><li> <p>Experience communicating risk assessment results through written reports or documentation.</p> </li><li> <p>Experience working in a collaborative, cross-functional, or distributed environment.</p> </li></ul> <p>Preferred Qualifications:</p> <ul> <li> <p>Bachelor's degree in a related field.</p> </li><li> <p>Strong analytical, organizational, and problem-solving skills.</p> </li><li> <p>Experience conducting IT risk assessments</p> </li><li> <p>Experience supporting IT audits or compliance efforts.</p> </li><li> <p>Hands-on experience operationalizing GRC tools (e.g., OneTrust, ServiceNow)</p> </li><li> <p>Experience in higher education</p> </li><li> <p>Experience assessing IT risk related to emerging technologies such as artificial intelligence, cloud services, or data-driven platforms.</p> </li><li> <p>Familiarity with applicable standards and regulatory requirements (e.g., NIST CSF, NIST SP 800-171, FERPA, GLBA, HIPAA).</p> </li><li> <p>Professional certification (e.g., CISSP, CGRC, CRISC) or willingness to pursue one.</p> </li></ul> <p>Work Location:</p> <p>The office location is in Madison, WI. Telecommuting or hybrid work options may be available. Preference will be given to candidates that reside within the State of Wisconsin and Madison metropolitan area.</p> <p>How to Apply:</p> <p>Applicant screening will begin immediately and be ongoing through 11:59 pm, February 27, 2026. However, applications may be accepted until the position has been filled.</p> <p>To receive full consideration, interested applicants are required to apply online and provide a Resume (PDF Format) and Cover letter addressing your experience and education as it applies to all minimum and preferred qualifications (PDF Format).</p> <p>Failing to?submit?the?required application?documents may disqualify your?application.</p> <p>Contact Information:</p> <p>Questions may be addressed to: Kristina Williston, HR Generalist, at kristina.williston@wisconsin.edu.</p> <p>Accommodation Request</p> <p>If you need to request an accommodation because of a disability, you can find information about how to make a request by contacting uwshr@wisconsin.edu.</p> <p>Criminal Background Check and Reference Check Policy</p> <p>This offer of employment is conditional pending the results of a criminal background check and a reference check process that includes questions regarding employee misconduct, sexual violence, and sexual harassment. If you have prior work history within the past 7 years with the Universities of Wisconsin, your personnel file will also be reviewed for employee misconduct. If the results are unacceptable, the offer will be withdrawn or, if you have started employment, your employment will be terminated.</p> <p>Employment Authorization</p> <p>Please note that successful applicants are responsible for ensuring their eligibility to work in the United States (i.e., a citizen or national of the United States, a lawful permanent resident, a foreign national authorized to work in the United States without the need of employer sponsorship) on, before, or after the effective date of appointment.</p> <p>Confidentiality</p> <p>The Universities of Wisconsin will not reveal the identities of applicants who request confidentiality in writing, except that the identity of the successful candidate will be released. See Wis. Stat. §. 19.36(7).</p> <p>Benefits Information</p> <p>Universities of Wisconsin employees receive an excellent benefits package. To learn more about the benefits package, review the Faculty, Academic Staff & Limited Appointees or University Staff Please see this link for total compensation information: Universities of Wisconsin Health & Retirement Contributions Estimator to provide you with total compensation information.</p> <p>Clery Act information</p> <p>The Universities of Wisconsin provides statistics on campus crime in its Annual Security Report. For more information on university campus statistics see https://www.wisconsin.edu/compliance/clery/.</p> <p>UW is an Equal Opportunity Employer</p> <p>Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, pregnancy, disability, status as a protected veteran, or any other bases protected by applicable federal or State law and UW System policies. We are committed to building a workforce that represents a variety of backgrounds, perspectives, and skills, and encourage all qualified individuals to apply.</p>