[Hiring] Cybersecurity GRC Team Lead @University of Texas at Austin

Role Description

This is a remote-eligible opportunity offering flexible work arrangements, competitive benefits, and the chance to lead a highly impactful team within the Information Security Office (ISO) at UT Austin. The Cybersecurity Governance, Risk, and Compliance (GRC) Team Lead will oversee a team of analysts responsible for supporting security compliance efforts across a variety of university operations—with a notable focus on controlled research environments and compliance with CUI-related frameworks (e.g., NIST 800-171, DFARS, ITAR, and CMMC).

In addition to supporting controlled research, this role will also guide the team’s work in other key compliance areas such as HIPAA, PCI-DSS, NIST 800-53, and internal policy requirements.

This position is central to building a mature, risk-informed, and agile GRC program that aligns with the university’s research mission and enterprise IT operations. You will get to work with a very intelligent and dedicated team to address enterprise cybersecurity challenges through novel approaches in an office that highly values work-life balance, the freedom to explore out of the box ideas, and serving others.

Most importantly, you will help our researchers to securely advance their pursuits. What starts here changes the world!

Responsibilities

• Lead and manage a team of cybersecurity GRC analysts responsible for:
• Supporting the Controlled Research Program and ensuring alignment with CUI-related frameworks (e.g., NIST 800-171, CMMC, DFARS, ITAR)
• Conducting risk assessments, gap analyses, control reviews, and compliance documentation for enterprise-wide regulatory frameworks, such as HIPAA, PCI-DSS, NIST 800-53, GLBA, and others.
• Advising on appropriate security controls, documenting implementation strategies, and helping units align with both external requirements and internal policy.
• Overseeing development and maintenance of security compliance documentation including System Security Plans (SSPs), POA&Ms, risk registers, and internal/external audit response materials.
• Working with stakeholders across the institution—including IT leadership, research administration, legal, and compliance offices—to interpret regulatory requirements and provide practical guidance.
• Serving as a liaison between the ISO and external auditors, assessors, and institutional compliance teams.
• Maintaining awareness of emerging regulatory requirements (e.g., new CMMC versions, updated HIPAA guidance, changes in PCI-DSS) and proactively updating practices and communications.
• Guiding and mentoring team members, supporting both professional development and technical growth.
• Participating in strategic planning and contributing to the long-term vision of a cohesive, risk-informed GRC program that supports research and administrative operations.
• Ensuring continuous improvement of GRC processes, templates, and tools; supporting GRC platform management (e.g., IsoraGRC).
• Performing other duties as assigned to support the Information Security Office’s mission.

Qualifications

• U.S. Citizen, resident, or officially recognized asylee - Applicant selected will be subject to government security investigation and must meet eligibility requirements for access to classified information at the level appropriate to the project requirements of the position.
• Minimum of 5 years of experience in cybersecurity, risk management, compliance, or audit, with at least 2 years of leadership or supervisory experience.
• Demonstrated experience with multiple compliance frameworks, including NIST 800-171, NIST 800-53, HIPAA, PCI-DSS, or similar.
• Strong understanding of controlled research requirements, particularly CUI, DFARS, and CMMC frameworks.
• Excellent verbal and written communication skills, including the ability to explain regulatory requirements to technical and non-technical audiences.
• Experience creating, managing, or reviewing compliance documentation such as SSPs, POA&Ms, or risk registers.
• Proven ability to manage and prioritize multiple projects across a distributed team.
• Familiarity with GRC platforms or tooling (e.g., IsoraGRC, ServiceNow GRC).
• Relevant education and experience may be substituted as appropriate.

Preferred Qualifications

• Experience working in higher education or academic research settings.
• Experience with CMMC Level 2 compliance readiness or pre-assessments.
• Experience managing or mentoring a cybersecurity or compliance team.
• Certifications such as CISSP, CAP, CISM, CISA, or relevant NIST/CMMC credentials.
• Familiarity with UT Austin’s information security policies, research infrastructure, or compliance structure.

Benefits

• Competitive health benefits (employee premiums covered at 100%, family premiums at 50%)
• Voluntary Vision, Dental, Life, and Disability insurance options
• Generous paid vacation, sick time, and holidays
• Teachers Retirement System of Texas, a defined benefit retirement plan, with employer matching funds
• Additional Voluntary Retirement Programs: Tax Sheltered Annuity 403(b) and a Deferred Compensation program 457(b)
• Flexible spending account options for medical and childcare expenses
• Robust free training access through LinkedIn Learning plus professional conference opportunities
• An exclusive incentive pay program
• A great physical office space should you prefer to work from campus
• Tuition assistance
• Expansive employee discount program including athletic tickets
• Free access to UT Austin's libraries and museums with staff ID card
• Free rides on all UT Shuttle and Austin CapMetro buses with staff ID card

Salary Range

$155,000 + depending on qualifications

Working Conditions

• May work around standard office conditions
• Repetitive use of a keyboard at a workstation
• Use of manual dexterity
• This is a remote-eligible opportunity offering flexible work arrangements

Required Materials

• Resume/CV
• 3 work references with their contact information; at least one reference should be from a supervisor
• Letter of interest