ADMINISTRATIVE FACULTY JOB DESCRIPTION APPROVED POSITION INFORMATION (to be completed by HR) Effective: August 1, 2015 Title Range JCC 2 67707 IT Compliance Analyst Essential Function: Light Work Description: Exerting up to 20 pounds of force occasionally, and/or up to 10 pounds of force frequently, and/or a negligible amount of force constantly to move objects. Light work requires walking or standing to a significant degree and pushing and/or pulling. 1. Summary Statement: State the major function(s) of the position, the role in the university, and the supervisor’s title.* (This section is used for advertisement of the position.) The IT Compliance Analyst would serve as the responsible individual for all IT audits and oversee all regulatory areas where IT has significant impact or accountability. In addition it would assist in providing support for any initiatives that help the University meet its obligations to governing agencies. This would include such things as security awareness training, rights management and tracking, sensitive device monitoring, security application processing, data management and classification. It would also develop and maintain regulatory policies and procedural information for all areas of campus including, but not limited to, PCI, FERPA, GLB, and HIPAA. This would include maintaining business continuity and incident response plans. * Attach an organizational chart with positions, ranges, and names for the division. 2. List the major responsibilities, including percentage of time devoted to each. Provide enough detail to enable a person outside the department to understand the job (percentage first with heading and then bulleted information). If line of progression, define for each range as above. 40% - User Compliance/Support Oversee the IT security awareness training program for University employees and affiliates. Communicates new legal requirements to faculty and staff Work with all areas of campus that deal with regulated data to better document and support evolving University and governance requirements including Business Continuity and Incident Response Serve as a backup to the Security Coordinator for vetting and processing security applications 40% - Regulatory Compliance Manage compliance-related vendor engagements that directly support regulated environments Provide primary support and liaison to both campus and external auditors during audits of IT systems 1 IT Compliance Analyst Manage the policy and procedure documentation for IT systems including, but not limited to, business continuity, change control, system management, and user support Identifies and classifies data housed in systems both on and off premise 20% - Manage Systems Develop and maintain a rights auditing system to provide reliable and timely information to auditors and systems owners Manage the access to the sensitive information device monitoring system to ensure all regulated devices and systems are available and not modified without proper procedures being followed 3. Describe the types of decisions the position(s) makes independently as part of the core responsibilities. Provide examples. If a line of progression, describe the decisions made at the highest level. Input about the compliance of various systems with one or many regulatory guidelines, which can ultimately impact whether or not the system is allowed to remain online. Deciding which solutions are appropriate for training a given user base on the secure use of a particular technology or service and coordinate and track the training over the lifetime of the technology or service. Granting or removing of access to highly sensitive accounts and information in the HR, Financial, and student data systems. Regular contact with many constituents all over campus—needs to be pro-active in identifying responsible parties along with any changing duties that may impact the accuracy of policies and plans. Craft many audit responses that accurately reflects the University’s commitment to proper regulatory compliance 4. Describe the types of problems, issues, action, communications this position typically takes to the supervisor for resolution and/or consultation. Provide examples. If a line of progression, describe the supervisory consultation at the highest level. Identification of serious deficiencies in a system, which may result in systems being taken offline or access to data revoked. Identification of a user that refuses to comply with requirements 5. Select the applicable competencies required to successfully perform the job. The selected competencies will be evaluated within the Administrative Faculty evaluation as Competencies for Success. Competency Required Adaptability ☒ Analytical Thinking ☒ Communication ☒ Diversity and Inclusion ☐ 2 IT Compliance Analyst Financial Responsibilities ☐ Human Resource Responsibilities ☐ Leadership ☐ Program/Project/Functional Knowledge ☒ Resource Responsibilities ☐ Serving Constituents ☒ Teamwork ☒ Other (specify) ☐ 6. Minimum requirements of the position. Minimum requirements should be consistent with the Job Evaluation Model. If Line of Progression, minimum requirements must be defined for each range. Education Experience Bachelor’s Degree Two years of relevant work experience Master’s Degree One year of relevant work experience Relevant Experience: experience in a regulated environment; familiarity with contracts, audits, or accounting Certification and Licensure: None Schedule or Travel Requirements: None 3