Last reviewed: September 2017

Recommendations if you are developing a job announcement or description for your institution:

  1. Review the sample GRC Analyst/Manager job description (below).
  2. Review the National Cybersecurity Workforce Framework published by NIST, which includes sample job titles and key tasks.
  3. Review the 2016 IT Workforce in Higher Education research hub for the most recent EDUCAUSE research on the evolving IT workforce needed to support contemporary models of IT service delivery.

The following job description template is provided to help you get started on drafting a similar job description at your institution. It is intended to be illustrative and serve as a representative sample of the tasks that might be required for a particular role. It may not be inclusive of all job functions or knowledge, skills, and abilities that your institution requires in a particular role, or it may be overbroad for the position that you are designing. The template was designed so that you can add the example job functions, and knowledge, skills, and abilities statements into your own institutional job description template, and then augment the general items included in this template with your own specific institutional, role, and/or task needs.

GRC Analyst/Manager Job Description Template

Institution Name

Title (e.g., Governance, Risk, and Compliance Analyst or Manager)

Institution's Job or Reference #

Summary: The Governance, Risk, and Compliance [Analyst|Manager] is responsible for the assessing and documenting of the [institution]’s compliance and risk posture as they relate to the its information assets. 

 The purpose of this position is to provide highly skilled technical and information security expertise for development and implementation of the information security risk management program. Responsibilities require leadership and project management experience, as well as expertise to ensure effective system-wide security analysis; intrusion detection; standards and testing; risk assessment; awareness and education; and development of policies, standards and guidelines.

Reporting position: The GRC [Analyst|Manager] reports to the [Chief Information Security/Compliance Officer or Director of Information Security/Risk].

For more information: For complete details and to apply, please visit: <<Institution's URL>>

Duties and Responsibilities



Problem-Solving Skills
Contingency planning (IR, BC, DR)

Knowledge, Skills, and Abilities

Minimum Qualifications

Preferred Qualifications

PLEASE NOTE: In order to receive proper consideration, applications must be submitted directly via the Institution's career site. Applications submitted via any other source will not be considered.

The Institution is an EEO/AA: M/W/D/V (Equal Opportunity/Affirmative Action Employer: Male/Female/Disabled/Veteran) Employer.

(question) Questions or comments? (info) Contact us.

(warning) Except where otherwise noted, this work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License (CC BY-NC-SA 4.0).