Overview Institution: University of Arkansas, Fayetteville. Type: IT Security. Work Hours/Shift: Regular. Work-Study: No. Sponsorship Available: No. Closing Date: 10/14/2025. The position is a full-time role within Information Technology Services, with responsibilities to lead cybersecurity governance, risk, and compliance programs at the university and to ensure alignment with regulatory requirements and industry standards.

Summary of Job Duties The Cybersecurity Governance, Risk, and Compliance (GRC) Director is a leadership position responsible for overseeing the university\'s cybersecurity governance, risk management, and compliance programs and associated staff. Reporting to the Chief Information Security Officer (CISO), the GRC Director ensures that the university\'s information security practices align with regulatory requirements, industry standards, and best practices. This role involves developing and implementing policies, conducting risk assessments, managing compliance initiatives, and fostering a culture of security awareness across the university.

Key Responsibilities

Develop and maintain the university\'s cybersecurity governance framework, including policies, procedures, and standards.

Conduct regular risk assessments and audits to identify and mitigate security risks.

Ensure compliance with federal, state, and local regulations, as well as industry standards (e.g., NIST, PCI, GDPR, HIPAA, FERPA).

Oversee the implementation of IT operations, applications, infrastructure, and data risk management strategies and controls.

Collaborate with internal and external stakeholders, including the University Enterprise Risk Manager, to address compliance and risk management issues.

Develop and deliver training programs to promote security awareness and compliance.

Monitor and report on the university\'s cybersecurity risk posture and compliance status to senior leadership.

Lead the response to regulatory inquiries and audits.

Stay current with emerging cybersecurity threats, regulations, and best practices.

Regular, reliable, and non-disruptive attendance is an essential job duty, as is the ability to create and maintain collegial, harmonious working relationships with others.

Qualifications Minimum Qualifications:

Bachelor\'s degree in Computer Science, Information Technology, Cybersecurity, or a related field

At least five (5) years of experience in cybersecurity governance, risk management, and compliance, with a minimum of three (3) years in a leadership and management role

Professional certifications such as CISSP, CISM, CRISC, CGRC, or CISA

Strong knowledge of information security frameworks, standards, and best practices as evidenced by application materials

Experience with risk assessment methodologies and compliance management

Preferred Qualifications:

Master\'s degree in a related field

Experience working in a higher education environment

Additional certifications such as CGEIT, CIPT, or CIPM

Experience with cloud security and privacy

Knowledge of data protection regulations such as GDPR, HIPAA, and FERPA

Proven track record of successfully managing compliance initiatives and risk management programs

Knowledge, Skills, and Abilities

In-depth understanding of cybersecurity governance, risk management, and compliance principles

Excellent communication and interpersonal skills

Strong analytical and problem-solving skills

Ability to lead and motivate a team of security professionals

Excellent project management skills, with the ability to manage multiple projects simultaneously

Strong understanding of privacy laws and regulations

Ability to communicate complex security concepts to non-technical stakeholders

High level of integrity and ethical conduct

Additional Information Salary Information: $114,205 - $148,466; Commensurate with education and experience

Required Documents to Apply: Cover Letter/Letter of Application, List of three Professional References (name, email, business title), Resume

Optional Documents: Proof of Veteran Status

Recruitment Contact Information: Crystal Ellis, Strategic Talent Acquisition Specialist, ce031@uark.edu

All application materials must be uploaded to the University of Arkansas System Career Site: https://uasys.wd5.myworkdayjobs.com/UASYS

Special Instructions to Applicants: Pre-employment Screening Requirements: Criminal Background Check, Sex Offender Registry. The University of Arkansas is an equal opportunity institution. See full equal opportunity statements in the posting.

Department Department: Information Technology Services

Department\'s Website https://its.uark.edu/

Notes: The University of Arkansas is committed to a safe campus; background checks are required for applicants. The university is an equal opportunity employer. Applicants must have legal authority to work in the United States on the first day of employment.

#J-18808-Ljbffr