IT Compliance Analyst

advertisement
ADMINISTRATIVE FACULTY JOB DESCRIPTION
APPROVED POSITION INFORMATION
(to be completed by HR)
Effective: August 1, 2015
Title
Range
JCC
2
67707
IT Compliance Analyst
Essential Function: Light Work
Description: Exerting up to 20 pounds of force occasionally, and/or up to 10 pounds of force
frequently, and/or a negligible amount of force constantly to move objects. Light work requires
walking or standing to a significant degree and pushing and/or pulling.
1. Summary Statement: State the major function(s) of the position, the role in the
university, and the supervisor’s title.* (This section is used for advertisement of the
position.)
The IT Compliance Analyst would serve as the responsible individual for all IT audits and
oversee all regulatory areas where IT has significant impact or accountability. In addition it
would assist in providing support for any initiatives that help the University meet its obligations
to governing agencies. This would include such things as security awareness training, rights
management and tracking, sensitive device monitoring, security application processing, data
management and classification. It would also develop and maintain regulatory policies and
procedural information for all areas of campus including, but not limited to, PCI, FERPA, GLB,
and HIPAA. This would include maintaining business continuity and incident response plans.
* Attach an organizational chart with positions, ranges, and names for the division.
2. List the major responsibilities, including percentage of time devoted to each. Provide
enough detail to enable a person outside the department to understand the job
(percentage first with heading and then bulleted information). If line of progression,
define for each range as above.
40% - User Compliance/Support
 Oversee the IT security awareness training program for University employees and
affiliates. Communicates new legal requirements to faculty and staff
 Work with all areas of campus that deal with regulated data to better document and
support evolving University and governance requirements including Business Continuity
and Incident Response
 Serve as a backup to the Security Coordinator for vetting and processing security
applications
40% - Regulatory Compliance
 Manage compliance-related vendor engagements that directly support regulated
environments
 Provide primary support and liaison to both campus and external auditors during audits
of IT systems
1
IT Compliance Analyst


Manage the policy and procedure documentation for IT systems including, but not limited
to, business continuity, change control, system management, and user support
Identifies and classifies data housed in systems both on and off premise
20% - Manage Systems
 Develop and maintain a rights auditing system to provide reliable and timely information
to auditors and systems owners
 Manage the access to the sensitive information device monitoring system to ensure all
regulated devices and systems are available and not modified without proper procedures
being followed
3. Describe the types of decisions the position(s) makes independently as part of the core
responsibilities. Provide examples. If a line of progression, describe the decisions made
at the highest level.





Input about the compliance of various systems with one or many regulatory guidelines,
which can ultimately impact whether or not the system is allowed to remain online.
Deciding which solutions are appropriate for training a given user base on the secure
use of a particular technology or service and coordinate and track the training over the
lifetime of the technology or service.
Granting or removing of access to highly sensitive accounts and information in the HR,
Financial, and student data systems.
Regular contact with many constituents all over campus—needs to be pro-active in
identifying responsible parties along with any changing duties that may impact the
accuracy of policies and plans.
Craft many audit responses that accurately reflects the University’s commitment to
proper regulatory compliance
4. Describe the types of problems, issues, action, communications this position typically
takes to the supervisor for resolution and/or consultation. Provide examples. If a line of
progression, describe the supervisory consultation at the highest level.


Identification of serious deficiencies in a system, which may result in systems being
taken offline or access to data revoked.
Identification of a user that refuses to comply with requirements
5. Select the applicable competencies required to successfully perform the job. The
selected competencies will be evaluated within the Administrative Faculty evaluation as
Competencies for Success.
Competency
Required
Adaptability
☒
Analytical Thinking
☒
Communication
☒
Diversity and Inclusion
☐
2
IT Compliance Analyst
Financial Responsibilities
☐
Human Resource Responsibilities
☐
Leadership
☐
Program/Project/Functional Knowledge
☒
Resource Responsibilities
☐
Serving Constituents
☒
Teamwork
☒
Other (specify)
☐
6. Minimum requirements of the position. Minimum requirements should be consistent
with the Job Evaluation Model. If Line of Progression, minimum requirements must be
defined for each range.
Education
Experience
Bachelor’s Degree
Two years of relevant work experience
Master’s Degree
One year of relevant work experience
Relevant Experience: experience in a regulated environment; familiarity with
contracts, audits, or accounting
Certification and Licensure: None
Schedule or Travel Requirements: None
3
Download