Position Title: GRC Security Analyst

Employee Classification: Enterprise Sys Sec Admin,Inter

College/Division: Information Technology

Department: 450473-IT INFORMATION SECURITY

Internal or External Search: External - Open to all applicants

Location: Las Cruces

Offsite Location (if applicable):

Target Hourly/Salary Rate:  53,165-67,786

Appointment Full-time Equivalency:  1.0

Exempt or Non-Exempt:  Exempt

Summary:  This role supports the design and implementation of systems and procedures that safeguard data systems and databases from unauthorized access. It involves monitoring and maintaining security measures, identifying and resolving violations, and helping communicate security protocols to relevant departments.

Classification Summary:
Assist in the planning, development and implementation as well as monitor, evaluate and maintain systems and procedures to protect the data systems and databases from unauthorized users. Identifies, reports, and resolves security violations. Participates in communicating security procedures to user departments.

Classification Standard Duties:
Implement, monitor and maintain systems and procedures to protect NMSU data. Identify potential threats and respond to reported security violations. Determine causes of security violations and recommend corrective actions to ensure data security. Implements changes in procedures and systems to enhance data systems security. Provide security advice and guidance to system administrators, network engineers, management and external departments. Collaborate on solutions to mitigate risks and enhance system security. Administers the processes for managing improper use of network services to include copyright violation, SPAM email, etc., Assist in developing security awareness materials, security presentations, and information security training sessions. Participate in physical security projects and develop physical security and safety skill sets. Perform security audits, risk analysis, and application-level vulnerability testing and reviews. Collaborate on solutions to mitigate risks and enhance system security. Assists in implementing cost effective security controls to meet institutional security requirements. Participates in security projects including requirements definition, task planning, research, testing, implementation, and management.

Required Education, Experience, Certification/License, Equivalency
Required Education:Bachelor's degree in a related field.; Required Experience:One year related experience required.; Equivalency:None; Required Certification/License:

Knowledge, Skills and Abilities
KNOWLEDGE:University and department policies and procedures; principles and practices of organization and administration; principles of supervision, training, and performance evaluation; Common Information security and computer network access technologies. Technical knowledge in implementing data protection and integrity, operating systems and network security, authentication, and security protocols; SKILLS:Short – and long-range planning; problem analysis and resolution; report preparation and presentation; public contact and relations; oral and written communication; strong interpersonal and communication skills to work effectively with a team and other business units.; ABILITIES:Develop and maintain effective working relationships; maintain accurate and orderly records; use independent judgment and initiative; analyze and evaluate information; ability to maintain operational computer and network security, firewall administration, virus protection, intrusion detection and prevention, automated security patching, and vulnerability scanning systems; ability to administer information security programs including risk assessments and forensic research, gathering metrics and reporting status. Must be circumspect and act with integrity and discretion.

Job Duties and Responsibilities
The GRC Security Analyst plays a key role in advancing the university’s information security strategy by leading initiatives related to governance, risk management, and compliance. This position directly supports the CISO in building a robust and sustainable security program that protects institutional data, ensures regulatory compliance, and reduces cybersecurity risk across the university.

The analyst will be responsible for developing, implementing, and maintaining security policies, risk assessments, and compliance frameworks aligned with higher education and industry standards. By partnering with university stakeholders, the analyst will help ensure that security practices are embedded across the organization and that the institution meets all relevant legal, regulatory, and policy obligations.

Preferred Qualifications

Special Requirements of the Position
ITIL Preferred, on site position

Department Contact:  Dennis Coriell, 575-646-7992 dcoriell@nmsu.edu

Contingent Upon Funding: Not Applicable

Bargaining Unit Eligibility: This is NOT a bargaining unit position with American Federation of State, County & Municipal Employees (AFSCME).

Standard Work Schedule: Standard (M-F, 8-5)

If Not a Standard Work Schedule: 

Working Conditions and Physical Effort

Environment: Work is normally performed in a typical interior/office work environment.

Physical Effort: No or very limited physical effort required.

Lifting Requirements: Requires handling of average-weight objects up to 10 pounds or some standing or walking.

Risk: No or very limited exposure to physical risk.