Cybersecurity Governance, Risks and Compliance (GRC) Manager

Position InformationRequisition Number S4327P
Home Org Name CIO-VP IT and IT Administration
Division Name CIO Information Technology
Position Title Cybersecurity Governance, Risks and Compliance (GRC) Manager
Job Class Code MA73
Appointment Status Full-time
Part-time FTE
Limited Term No
Limited Term Length
Job SummaryUnder the direction of the Chief Information Security Officer (CISO), the Cybersecurity Governance, Risks and Compliance (GRC) Manager is tasked with overseeing the governance, risk management, and compliance functions within Auburn University Cybersecurity Office. Oversee and manage a team of security specialists that provide Cybersecurity Governance, Risks and Compliance (GRC) initiatives at Auburn University. This role includes working to ensure compliance with various standards including PCI-DSS, FERPA, GLBA, HIPAA and NIST (800-171). This role includes assistance with updating and developing and implementing policies, procedures, and controls to ensure the organization’s information assets are protected and regulatory requirements are met.The Cybersecurity GRC Manager will assist with the development and delivery of an information security program at Auburn University. The scope of this program is university-wide, and the purpose is to protect University information and its infrastructure from threats; ensure the confidentiality, integrity, and availability of university data; and that the University complies with statutory and regulatory requirements.Working onsite is a requirement of the job.Why Should YOU Choose Auburn University?✅ Competitive Employee Benefits – Enjoy comprehensive benefits and a state retirement plan.
✅ Tuition Assistance – Receive support for you and your dependents’ education.
✅ Generous Leave Policies – Benefit from paid parental leave and other generous leave options.
✅ Impactful Work – Take pride in contributing to Auburn’s premier academic experience and transformative student and employee achievements.About Auburn: Auburn was named by Forbes Magazine as one of the state of Alabama’s best employers, with employees staying an average of ten years! Learn more about Auburn’s impact, generous employee benefits, and thriving community by visiting aub.ie/working-for-auburnIt’s a Lifestyle: The Auburn/Opelika area is a page right out of Southern Living magazine with an idyllic small-town feel, perfecting a unique balance between a close-knit community and driving consistent growth and development. Paralleling the exponential growth of Auburn University, the Auburn/Opelika area boasts services and amenities that cater to any interest. We’re proud of our top school systems, city services, award-winning restaurants, and the infectious spirit of life in a college town. You can find us nestled halfway between the beach and the mountains in a lower-cost-of-living area, two hours outside of Atlanta or Birmingham. If you’re new to Auburn, we’d love to introduce you. If you’re already acquainted with Auburn, we’ll keep it simple: it’s time to come home!
Essential Functions

• Develop and maintain the cybersecurity governance framework, including policies, standards, and guidelines.
• Ensure compliance with relevant laws, regulations, and industry standards (e.g., FERPA, GLBA, HIPAA, PCI-DSS, NIST, GLBA.
• Conduct Cybersecurity risk assessments to identify and evaluate potential threats and vulnerabilities.
• Implement and manage risk mitigation strategies and controls including internal risk management and third-party risk management.
• Monitor and report on the effectiveness of the cybersecurity program and controls including creating plans of actions and milestones (POAM)
• Provide guidance and lead Auburn’s Data Loss Prevention (DLP) Strategies and processes.
• Collaborate with internal and external stakeholders to address cybersecurity risks and compliance issues (IT Leadership, deans, legal, Risk Management and others.)
• Coordinate Internal and external audits, reviews and Pen Testing
• Lead the effort for creating and maintaining the Central Managed IT System Security Plans (SSP) and assisting distributed units in creating and completing System Security Plans.
• Provide documentation, coordination and completion of cybersecurity control questionnaires from Cyber Insurance, Research Contractors, Audits and others.
• Lead incident response efforts and coordinate with relevant teams to manage and mitigate security incidents.
• Provide guidance and lead Auburn’s Data Loss Prevention (DLP) Strategies and processes.
• Provide guidance and lead Cybersecurity awareness and training initiatives to include Phishing campaigns.
• Stay up to date with the latest cybersecurity trends, threats, and technologies.
• Provide leadership and full supervisory responsibilities to a team of 3-5 employees.

Minimum QualificationsMinimum QualificationsEducation: Entry into the applicant pool requires a bachelor’s degree from an accredited institution in Business Administration, Management, Computer Engineering, Computer Science, Information Systems, or a related field. Master’s degree in information technology or directly relevant discipline preferred.Experience: Demonstrated successful experience in information technology that includes a minimum of 8 years of progressively responsible experience in information security.Must possess full or advanced proficiency and understanding of Cybersecurity Governance, Risks and Compliance. Knowledge of overall cybersecurity organizations to include Security Operations, Security Operations Center (SOC), and Technical Security (Networks, Firewalls, Servers, etc.) is valuable.Minimum Skills, License, and CertificationsMinimum Skills and Abilities

• Strong verbal and written communication skills including presentation skills, technical writing, client/stakeholder relationships.
• Demonstrated knowledge of various security and regulatory compliance standards, such as understanding and experience with the Family Educational Rights and Privacy Act (FERPA), Payment Card Industry Data Security Standard (PCI DSS), the Gramm-Leach-Bliley Act (GLBA), the Health Insurance Portability and Accountability Act (HIPAA), the Federal Information Security Management Act (FISMA) and the Cybersecurity Maturity Model Certification (CMMC).
• Extensive background and knowledge derived from experience in core cybersecurity and information technology concepts, and skills required at the most senior level.
• Experience in managing a cybersecurity department (preferred), technical knowledge of information technology, and cybersecurity practices and advanced degrees.
• Knowledge of project and operations management to include team leadership skills including motivating team member and group processes, team collaboration, empowering, coaching, mentoring, training, ethical integrity, championing diversity and inclusiveness, and supervising staff.
• Ability to translate specific strategic information into operational programs.
• Demonstrated knowledge of cybersecurity concepts including malware, intrusion detection, risk analysis, threat/vulnerability management, system hardening, and business continuity.
• Understanding of Cybersecurity Frameworks.
• Must be able to convey goals and objectives clearly and in a compelling manner; listen effectively and clarify information as needed; produce clear status reports; communicate tactfully and candidly.
• Demonstrated ability to mentor and lead others.
• Demonstrated ability to identity problems, analyze courses of action, and propose solutions.
• Knowledge of data forensics and collection technologies, disk imaging, chain of custody records, handling sensitive information preferred.
• Must maintain industry security certification(s)

Minimum Technology Skills
Minimum License and CertificationsThis position requires industry-standard Information Assurance certifications appropriate to the position(Certified Information Security Manager (CISM), Certified Information Systems Security Professional(CISSP) or equivalent). Certified Information Systems Auditor (CISA) preferred.Desired QualificationsDesired Qualifications

• Ability to meet with campus leadership, campus stakeholders and external vendors.
• Experience with Higher Education Academics, Research and Business Operations.
• United States Government Security Clearance desired but not required.

Posting Detail InformationSalary Range $100,030 – $200,0600
Job Category Information Systems/Technology
Working Hours if Non-Traditional
City position is located in: Auburn
State position is located: Alabama
List any hazardous conditions or physical demands required by this position
Posting Date 03/17/2025
Closing Date
EEO StatementAUBURN UNIVERSITY IS AN AFFIRMATIVE ACTION/EQUAL OPPORTUNITY EMPLOYER. It is our policy to provide equal employment and education opportunities for all individuals without regard to race, color, national origin, religion, sex, sexual orientation, gender identity, gender expression, pregnancy, age, disability, protected veteran status, genetic information, or any other classification protected by applicable law. The Office of Affirmative Action/Equal Employment Opportunity (AA/EEO) strives to ensure an inclusive and equitable working, living, and learning environment for members of the Auburn University community. Please visit their to learn more.
Special Instructions to Applicants
Quick Link for Internal PostingsDocuments Needed to ApplyRequired Documents * Resume

• Cover Letter

Optional Documents * Letter of Recommendation

• Other

Read More