IT Security Risk & Compliance Analyst

Rochester, NY


General Summary of Role:

The Risk and Compliance Analyst responsibilities focus around the identification, research, and documentation of Information Security risks, regulatory compliance issues at the organization. The analyst performs assessments, reviews, inquiries, interviews, and more as assigned with the goal to gather information related to risk. The risk and compliance team is also responsible for documenting policy exceptions and acceptance of risk for Information Security related issues that arise. The Risk and Compliance Analyst demonstrates integrity in proposals to the organization, actions, and policy and procedure advice.

Specific Duties and Responsibilities

  • With oversight, conduct audits as assigned, reporting results on the organization’s level of compliance. Reporting style will vary by project and will include descriptive progress reports and visual indicators of project progress.

  • Participate in relationship building with users in the community to share knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy. Participate in meetings and conference calls. Respond to simple help desk service requests.

  • Build relationships with appropriate parties both internal and external to the University.

  • Analyze data from a variety of security appliances and applications. Develop a well-rounded understanding of the various risk analysis tools available to IT Security professionals.

  • Identify and analyze simple compliance issues with stakeholders and departmental liaisons.

  • Review any issues identified during assessments and associated recommendations with team members. Participate in drafting reports and remediation plans.

  • Demonstrate knowledge and support of applicable laws, statutes, Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures when interacting with the community.

  • Conduct research as assigned of IT Security technologies as approved by manager.

  • Keep up to date with the current regulations and rules applicable to the University missions. Share updates to key regulations with department resources.

  • Draft simple communications for IT Security team members and departmental IT liaisons to share with others that relate to cybersecurity and privacy.

  • After approval, communicate across stakeholders/departments to ensure alignment of goals.

  • Assist in the drafting of departmental procedure documents.

  • Assist in drafting process workflows to meet compliance standards and facilitate understanding of process operation. After review, follow through to share with community members.

  • Assist in drafting employee training material or sessions to convey workflow and/or procedure changes.

  • Participate in meetings as requested. When necessary acting as scribe and taking notes.

  • Stay abreast of current and emerging cyber technologies through conferences, training and On the Job Training review of websites & other data sources.

Other duties as assigned.

Minimum Qualifications:


  • Bachelor's degree in related discipline such as Computer Science, Business, Mathematics, Statistics, Science or Engineering

  • 2-3 years of related experience;

  • Or an equivalent combination of education and experience.

  • Demonstrate analytical and research skills with the ability to comprehend data sets; demonstrate critical-thinking and problem-solving skills required.

  • Strong interpersonal, written, and oral communication skills with attention to detail required.

  • Ability to execute tasks in a fast-paced environment; perform under pressure and demonstrate adaptability and flexibility required

  • Adept with data analysis tools and applications

  • Advanced knowledge of Microsoft Office Suite

  • Experience in using ITSM Tool or ticketing system

  • Experience in application configuration

  • Experience in IT and Information Security Risk

  • Experience in Risk Management Methodology and Frameworks

  • Experience with GRC Platforms

  • Knowledge of computer networking concepts and protocols, and network security methodologies, cybersecurity and privacy principles, the organization's core business/mission processes.


The University of Rochester is committed to fostering, cultivating, and preserving a culture of equity, diversity, and inclusion to advance the University’s mission to Learn, Discover, Heal, Create – and Make the World Ever Better. In support of our values and those of our society, the University is committed to not discriminating on the basis of age, color, disability, ethnicity, gender identity or expression, genetic information, marital status, military/veteran status, national origin, race, religion/creed, sex, sexual orientation, citizenship status, or any other status protected by law. This commitment extends to the administration of our policies, admissions, employment, access, and recruitment of candidates from underrepresented populations, veterans, and persons with disabilities consistent with these values and government contractor Affirmative Action obligations.

How To Apply

All applicants must apply online.

EOE Minorities/Females/Protected Veterans/Disabled

Pay Range

Pay Range: $50,000 - $80,000 Annually

The referenced pay range represents the minimum and maximum compensation for this job. Individual annual salaries/hourly rates will be set within the job’s compensation range, and will be determined by considering factors including, but not limited to, market data, education, experience, qualifications, expertise of the individual, and internal equity considerations.

Apply for Job

  • Careers

  • Sign In

  • New User

Location: Central Administration
Full/Part Time: Full-Time