Job Information
Vanderbilt University IT Risk Analyst (Hybrid) in Nashville, Tennessee
The IT Risk Analyst at Vanderbilt University is responsible for independently identifying, assessing, and mitigating IT risks. This role requires a deeper understanding of risk management frameworks and methodologies. The IT Risk Analyst conducts thorough risk assessments, implements risk mitigation strategies, and collaborates with other departments to ensure compliance with university policies and regulatory requirements.
About the Work Unit:
Vanderbilt University Information Technology is a human-centric organization that advances our university by delivering innovative solutions and frictionless experiences through collaboration.
Duties and Responsibilities:
Risk Identification and Assessment:
Independently identify and evaluate potential IT risks.
Conduct risk assessments using established frameworks and methodologies.
Analyze the impact and likelihood of identified risks and prioritize them accordingly.
Risk Mitigation and Management:
Develop and implement effective risk mitigation strategies and controls.
Monitor and review the effectiveness of risk mitigation measures.
Update risk management plans and strategies based on evolving threats and vulnerabilities.
Compliance and Collaboration:
Ensure compliance with university policies, regulatory requirements, and industry standards.
Collaborate with cross-functional teams to gather and share risk-related information.
Provide guidance and support to other departments on risk management practices.
Reporting and Documentation:
Prepare detailed reports on risk assessments, findings, and mitigation efforts.
Maintain accurate and up-to-date documentation of risk management activities.
Present risk assessment results and recommendations to management.
Supervisory Relationships:
This position does not have supervisory responsibility. This position reports administratively and functionally to the Governance, Risk, and Compliance Sr. Director.
Qualifications:
Bachelor’s degree or equivalent experience is necessary.
Bachelor’s degree in computer science, information technology, or a related field is preferred.
Certifications such as Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), CISSP, or CompTIA Security+ are preferred.
2-5 years of experience in IT risk management, cybersecurity, or a related field is necessary
Experience with risk assessment frameworks and methodologies (e.g., NIST, ISO 27001) is necessary.
In-depth understanding of IT risk management principles and practices is necessary.
Proficiency in risk assessment tools and techniques is necessary.
Strong analytical and problem-solving skills are necessary.
Excellent written and verbal communication skills is necessary.
Familiarity with regulatory requirements and industry standards related to IT risk management is necessary.
Experience with risk management software or tools is preferred.
Knowledge of information security concepts and practices is preferred.
Ability to present complex risk information to non-technical stakeholders is preferred.
Demonstrated commitment to VUIT’s Guiding Principles is necessary.
Information Technology’s Guiding Principles:
Trust and Respect- VUIT cultivates a community built on trust, mutual respect, and inclusivity, where all members feel valued and supported. We prioritize honesty, dignity, empathy, and a willingness to listen and understand.
Professionalism- VUIT strives to maintain a culture of maturity, accountability, and integrity to best represent the University and self. Have a sense of humility and poise in your work and daily interactions.
Collaborate- VUIT commits to being inclusive in solution design where we value sharing within and partnering across the university. We are intentional about including our colleagues and preventing silos.
Bias-to-Action- VUIT is seen as a changemaker by exhibiting a decisive, self-starter, take-action approach with a willingness to make decisions without excessive deliberation. Personal initiative is recognized as a key part of the creative process.
Communicate- Communication (written, verbal and non-verbal), within and outside VUIT, is open, thoughtful, welcoming, clear, proactive, concise yet complete, always honest, and delivered kindly.
Innovate- VUIT pledges to be bold and challenge the status quo by inspiring a culture of creativity that promotes growth and advancement for the university.
Celebrate Each Other- We are intentional in showing appreciation for the work of others by valuing and acknowledging meaningful contributions at all levels of the organization.
Optimize- VUIT will practice continuous and thoughtful optimization of our solutions and services to increase our human and technological capacity. Capacity drives innovation.
Commitment to Equity, Diversity, and Inclusion
At Vanderbilt University, we are intentional about and assume accountability for fostering advancement and respect for equity, diversity, and inclusion for all students, faculty, and staff. Our commitment to diversity makes us who we are. We have created a community that celebrates differences and lets individuality thrive. As part of this commitment, we actively value diversity in our workplace and learning environments as we seek to take advantage of the rich backgrounds and abilities of everyone. The diverse voices of Vanderbilt represent an invaluable resource for the University in its efforts to fulfill its mission and strive to be an example of excellence in higher education.
Vanderbilt University is an equal opportunity, affirmative action employer. Women, minorities, people with disabilities, and protected veterans are encouraged to apply.
Please note, all candidates selected for an offer of employment are subject to pre-employment background checks, which may include but are not limited to, based on the role for which they have been selected: criminal history, education verification, social media review, motor vehicle records, credit history, and professional license verification.