University of Colorado Denver l Anschutz Medical Campus
Office of Information Technology
Position #002160 – Requisition #23627
The Office of Information Technology has an opening for a full-time University Staff (unclassified) Compliance Analyst position.
Nature of Work
The University of Colorado Denver and the Anschutz Medical Campus have a full-time university staff position opening for a Compliance Analyst. The Compliance Analyst role is responsible for providing leadership and guidance to our campus constituents for HIPAA, FERPA, and PCI regulations and compliance, as well as providing guidance in other areas where there are information security requirements. The primary location for this position is the Anschutz Medical Campus, but occasional travel to the CU Denver campus is required.
The Compliance Analyst works with IT support professionals, system trustees, stewards and custodians to ensure compliance at the unit and IT system level, as well as working with constituents to identify and remediate risks to university data and IT systems. The position will examine and analyze information systems operations to identify opportunities for improvement and assess risks. Participate in audit planning and execution. Evaluate policies and procedures to ensure appropriate internal controls surrounding information systems are maintained. Develop strategies and provide recommendations on strengthening controls, mitigating risk, and implementing corrective actions. Document and report audit findings to management. May assist with security, compliance and operational audits and ensure compliance with existing regulations as they relate to information systems.
Jobs in this career family develop, maintain, and support computer systems, software and networks. Functions include enterprise operations, distributed computing, academic computing, research computing, computer hardware and software management, computer networking, telecommunications, systems development, database administration, server administration, website management, programming, desktop support, and help desk operations.
Professionals at the intermediate level are responsible for exercising discretion, analytical skill, personal accountability and responsibility in a wide range of areas including academic, administrative, managerial and student services functions. Work involves creating, integrating, applying and sharing knowledge directly related to a professional field. At the intermediate level, duties may be more limited in scope and are performed with guidance and direction from other professionals.
The Compliance Analyst receives broad and general supervision that is in alignment with the Office of Information Technology’s strategic plan. The assigned work is multifaceted and technical. The successful candidate should be comfortable working in a matrix-management environment, as well as with traditional line and staff management. The Analyst reports directly to the Risk and Compliance Team Manager.
This position does not have direct supervisory responsibility, but may be asked at times to provide guidance and mentorship to IT Professionals.
Examples of Work Performed
The Compliance Analyst will continually update job knowledge by tracking and understanding emerging security threats, practices and standards; participating in educational/training opportunities; reading professional publications; mentoring and providing guidance to IT Professionals. Day to day tasks are as follows:
- Provide leadership to research programs on campus when they are completing a Risk Analysis and System Security Plan documentation.
- Assess risk and select appropriate security controls from a specific framework (eg NIST 800-53 or PCI DSS); help technical professionals understand the intent of a security control; evaluate control implementation to determine if it meets the control requirement.
- Assess requirements needed to comply with university policies, and local, state, and federal laws related to information security.
- Draft enterprise-level campus policies, standards and procedures; provide guidance to others on the content of their security and compliance documentation.
- Review documentation such as data flow narratives, network diagrams, and architecture diagrams provided by technical teams, and articulate security requirements.
- Third party vendor application and cloud service reviews.
- Support OIT’s mission and elements of TEAM and SPLICE.
- Determine innovative strategies to address risk at the University.
- Bachelor's degree or higher in Information Technology, Computer Science, Risk Management, or a related field
- Work experience in the Information Technology or Compliance fields may be substituted for this educational experience on a year for year basis.
- Minimum of 2 years’ experience working in the compliance or information technology fields
- 1-2 years’ experience drafting policies, standards and procedures
- 1-2 years’ experience working with security frameworks (eg, NIST, HITRUST. ISO) and/or system security plans (SSPs)
- Experience with compliance/audit processes and methodologies
- Experience with PICDSS
- Strong technical background
- Technical and compliance certifications (e.g. SANS GSEC, ISC2 CISSP, ISC2 HCISPP)
Knowledge, Skills, and Abilities
- Knowledge and understanding of HIPAA security regulations and controls
- Ability to work with consumers in highly consultative manner, understanding business needs and determining security requirements.
- Self-starter who is able to balance working alone with more collaborative team efforts
- Proven track record of execution--driving results and meeting timelines
- Interested in lifelong learning
- Experience handling multiple projects concurrently
- Excellent organization and time management skills
- Strong interpersonal communication and writing skills
Salary and Benefits:
The salary range (or hiring range) for this position has been established at $54,095 to $65,000.
The salary of the finalist(s) selected for this role will be set based on a variety of factors, including but not limited to, internal equity, experience, education, specialty and training.
The above salary range (or hiring range) represents the University’s good faith and reasonable estimate of the range of possible compensation at the time of posting.
This position is not eligible for overtime compensation.
Your total compensation goes beyond the number on your paycheck. The University of Colorado provides generous leave, health plans and retirement contributions that add to your bottom line.
Total Compensation Calculator: http://www.cu.edu/node/153125
Conditions of Employment:
This position may require some occasional weekend and evening assignments as well as occasional availability during off-hours for participation in both scheduled and unscheduled activities.
This position is eligible for full-remote, hybrid, or on-site working locations. The work schedule will be based around core working hours in Colorado Mountain Time.
PLEASE NOTE: Candidates will be responsible for travel expenses related to the interview process and any relocation expenses, if applicable.
Parking expenses for employees are not covered by the university. To review parking options please visit the link below and select your appropriate campus:
The University of Colorado has a requirement for COVID-19 vaccinations and full completion thereof by 9/1/21 or upon start date. Information regarding this requirement, and exemptions can be found at: https://www.cu.edu/vaccine-requirement
How to Apply:
Applications accepted electronically: https://cu.taleo.net/careersection/2/jobdetail.ftl?job=23627&lang=en
APPLICATION DEADLINE: Applications will be accepted until the position is filled.
OIT Human Resources
Office of Information Technology
University of Colorado Denver | Anschutz Medical Campus