Jobs / Job page

Job details

Director, Cybersecurity Governance, Risk and Compliance

Current University of Arkansas System employees, including student employees and graduate assistants, need to log in to Workday via MyApps.Microsoft.com, then access Find Jobs from the Workday search bar to view and apply for open positions. Students at University of Arkansas System two-year institutions will also view open positions and apply within Workday by searching for “Find Jobs for Students”.

All Job Postings will close at 12:01 a.m. CT on the specified Closing Date (if designated).

If you close the browser or exit your application prior to submitting, the application process will be saved as a draft. You will be able to access and complete the application through “My Draft Applications” located on your Candidate Home page.

Closing Date:

10/14/2025

Type of Position:

IT Security

Workstudy Position:

Job Type:

Regular

Work Shift:

Sponsorship Available:

Institution Name:

University of Arkansas, Fayetteville

Founded in 1871, the University of Arkansas is a land grant institution, classified by the Carnegie Foundation among the nation’s top 2 percent of universities with the highest level of research activity. The University of Arkansas works to advance the state and build a better world through education, research, and outreach by providing transformational opportunities and skills, fostering a welcoming climate, and nurturing creativity, discovery, and the spread of new ideas and innovations.

The University of Arkansas campus is located in Fayetteville, a welcoming community ranked as one of the best places to live in the U.S. The growing region surrounding Fayetteville is home to numerous Fortune 500 companies and one of the nation’s strongest economies. Northwest Arkansas is also quickly gaining a national reputation for its focus on the arts and overall quality of life.

As an employer, the University of Arkansas offers a vibrant work environment and a workplace culture that promotes a healthy work-life balance. The benefits package includes university contributions to health, dental, life and disability insurance, tuition waivers for employees and their families, 12 official holidays, immediate leave accrual, and a choice of retirement programs with university contributions ranging from 5 to 10% of employee salary.

Below you will find the details for the position including any supplementary documentation and questions, you should review before applying for the opening.

If you have a disability and need assistance with the hiring process, please submit a request via the Disability Accommodations | OEOC | University of Arkansas (uark.edu) : Request an Accommodation. Applicants are required to submit a request for each position of which they have applied.

For general application assistance or if you have questions about a job posting, please contact Human Resources at 479.575.5351.

Department:

Information Technology Services

Department's Website:

https://its.uark.edu/

Summary of Job Duties:

The Cybersecurity Governance, Risk, and Compliance (GRC) Director is a leadership position responsible for overseeing the university's cybersecurity governance, risk management, and compliance programs and associated staff. Reporting to the Chief Information Security Officer (CISO), the GRC Director ensures that the university's information security practices align with regulatory requirements, industry standards, and best practices. This role involves developing and implementing policies, conducting risk assessments, managing compliance initiatives, and fostering a culture of security awareness across the university.

Key Responsibilities:

· Develop and maintain the university's cybersecurity governance framework, including policies, procedures, and standards.

· Conduct regular risk assessments and audits to identify and mitigate security risks.

· Ensure compliance with federal, state, and local regulations, as well as industry standards (e.g., NIST, PCI, GDPR, HIPAA, FERPA).

· Oversee the implementation of IT operations, applications, infrastructure, and data risk management strategies and controls.

· Collaborate with internal and external stakeholders, including the University Enterprise Risk Manager, to address compliance and risk management issues.

· Develop and deliver training programs to promote security awareness and compliance.

· Monitor and report on the university's cybersecurity risk posture and compliance status to senior leadership.

· Lead the response to regulatory inquiries and audits.

· Stay current with emerging cybersecurity threats, regulations, and best practices.

Regular, reliable, and non-disruptive attendance is an essential job duty, as is the ability to create and maintain collegial, harmonious working relationships with others.

Qualifications:

Minimum Qualifications:

Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field
At least five (5) years of experience in cybersecurity governance, risk management, and compliance, with a minimum of three (3) years in a leadership and management role
Professional certifications such as CISSP, CISM, CRISC, CGRC, or CISA
Strong knowledge of information security frameworks, standards, and best practices as evidenced by application materials
Experience with risk assessment methodologies and compliance management

Preferred Qualifications:

Master's degree in a related field
Experience working in a higher education environment
Additional certifications such as CGEIT, CIPT, or CIPM
Experience with cloud security and privacy
Knowledge of data protection regulations such as GDPR, HIPAA, and FERPA
Proven track record of successfully managing compliance initiatives and risk management programs

Knowledge, Skills, and Abilities:

In-depth understanding of cybersecurity governance, risk management, and compliance principles
Excellent communication and interpersonal skills
Strong analytical and problem-solving skills
Ability to lead and motivate a team of security professionals
Excellent project management skills, with the ability to manage multiple projects simultaneously
Strong understanding of privacy laws and regulations
Ability to communicate complex security concepts to non-technical stakeholders
High level of integrity and ethical conduct

Additional Information:

Salary Information:

$114,205 - $148,466; Commensurate with education and experience

Required Documents to Apply:

Cover Letter/Letter of Application, List of three Professional References (name, email, business title), Resume

Optional Documents:

Proof of Veteran Status

Recruitment Contact Information:

Crystal Ellis, Strategic Talent Acquisition Specialist, [email protected]

All application materials must be uploaded to the University of Arkansas System Career Site https://uasys.wd5.myworkdayjobs.com/UASYS

Please do not send to listed recruitment contact.

Special Instructions to Applicants:

Pre-employment Screening Requirements:

Criminal Background Check, Sex Offender Registry

The University of Arkansas is committed to providing a safe campus community. We conduct background checks for applicants being considered for employment. Background checks include a criminal background check and a sex offender registry check. For certain positions, there may also be a financial (credit) background check, a Motor Vehicle Registry (MVR) check, and/or drug screening. Required checks are identified in the position listing. A criminal conviction or arrest pending adjudication or adverse financial history information alone shall not disqualify an applicant in the absence of a relationship to the requirements of the position. Background check information will be used in a confidential, non-discriminatory manner consistent with state and federal law.

The University of Arkansas seeks to attract, develop and retain high quality faculty, staff and administrators that consistently display practices and behaviors to advance a culture that embeds equal opportunity, educational excellence and unparalleled access for all.

The University of Arkansas is an equal opportunity institution. The University does not discriminate in its education programs or activities (including in admission and employment) on the basis of any category or status protected by law, including age, race, color, national origin, disability, religion, protected veteran status, military service, genetic information, sex, sexual orientation, or pregnancy. Questions or concerns about the application of Title IX, which prohibits discrimination on the basis of sex, may be sent to the University’s Title IX Coordinator and to the U.S. Department of Education Office for Civil Rights.

Persons must have proof of legal authority to work in the United States on the first day of employment.

All Application information is subject to public disclosure under the Arkansas Freedom of Information Act.

Constant Physical Activity:

N/A

Frequent Physical Activity:

N/A

Occasional Physical Activity:

N/A

Benefits Eligible:

Yes

Cybersecurity GRC Governance Risk Management Compliance CISSP CISM CRISC CISA NIST HIPAA FERPA GDPR Cloud Security Risk Assessment Policy Director Higher Education

Average salary estimate

$131335.5 / YEARLY (est.)

min

max

$114205K

$148466K

If an employer mentions a salary or salary range on their job, we display it as an "Employer Estimate". If a job has no salary data, Rise displays an estimate if available.

Similar Jobs

Facilities Operations Manager I

UASYS Hybrid Fayetteville