Position Information
Posting Number S06711P
Position Title Assistant Director of GRC
Department Information Security Office
Location Arlington
Position Status Full\-time
Work Schedule
Monday – Friday; 8:00 am – 5:00 pm
Salary Salary is commensurate based on qualifications and relevant experience up to $143,000
Pay Basis Monthly
Job Summary
The Assistant Director, Governance, Risk \& Compliance (GRC) provides operational leadership for the organization’s information security program – including governance, risk management, assurance, compliance, and security awareness. Reporting to the CISO, this role is responsible for developing, implementing, and continually improving policies, standards, risk processes, and compliance activities that align with regulatory requirements, industry frameworks, and organizational risk appetite.
This role serves as a key advisor to executive leadership, business partners, and technology teams, translating regulatory and security requirements into practical, scalable, and measurable programs that protect the organization while enabling business objectives.
Essential Duties and Responsibilities
* Leadership \& Collaboration \-
+ Lead the day\-to\-day functions of the Information Security department under the leadership of the CISO.
+ Leads and supports managers and individual contributors under their purview.
+ Lead, mentor, and develop GRC team members and managers, fostering a high\-performing and collaborative culture. Represent the Information Security Office in cross\-functional initiatives and enterprise programs.
+ Acts as delegated authority for the CISO as appropriate.
+ Assists CISO in departmental office functions, i.e. budget and approvals as needed.
* Governance \& Policy Management\-
+ Lead the development, maintenance, and lifecycle management of enterprise information security policies, standards, procedures, and supporting documentation.
+ Ensure alignment with recognized security frameworks.
+ Establish governance processes to ensure consistent policy adoption and exception management across the organization.
* Enterprise Security Risk Management \-
+ Direct the information security risk management program, including risk identification, assessment, treatment, and monitoring.
+ Oversee third\-party/vendor security risk assessments and third\-party continuous monitoring.
+ Develop risk dashboards and executive\-level reporting for the CISO, executive leadership, and governance committees.
+ Evaluate and improve control design, implementation, and effectiveness across the security program.
* Security Awareness \& Training \-
+ Accountable for the enterprise cybersecurity awareness and training program.
+ Define annual and role‑based training requirements.
+ Establish training metrics, reporting, and performance standards.
+ Ensure audit‑ready maintenance of training records and evidence.
* Program Management, Projects \& Metrics \-
+ Establish and monitor GRC program KPIs and KRIs to measure effectiveness, maturity, and risk posture.
+ Drive continuous improvement through maturity assessments and benchmarking.
+ Ensure accurate and timely reporting to the CISO and senior leadership.
+ Oversee projects and initiatives for the Information Security Office.
+ Develop and maintain Information Security Office’s business processes.
* Compliance \& Cyber Security Oversight \-
+ Lead compliance efforts related to applicable laws, regulations, and contractual obligations.
+ Coordinate and manage independent security\-related audits and assessments for compliance.
+ Provide oversight of core cybersecurity programs including, but not limited to, vulnerability management, incident response and threat management for effectiveness and compliance.
+ Perform risk\-based, limited control validation to independently confirm that key cybersecurity controls operate as described.
Minimum Qualifications
- Bachelor’s degree or relevant experience.
- Seven (7\) years of progressive experience in information security, GRC, audit, risk, or compliance roles.
- Two (2\) years of management or people leadership experience.
- CISSP or CISM required.
- Extensive knowledge of and experience in information security and risk management.
- Master’s degree in a related field.
- Additional certifications such as CRISC, CISA, or ISO 27001 Lead Implementer/Auditor.
- Experience supporting executive leadership or Board‑level risk reporting.
- Experience in higher education. Experience in Texas State government.
- Must have excellent interpersonal, verbal, and written communication skills.
- Successful experience working, collaborating, and establishing credibility and relationships with leadership, colleagues, and customers.
- Ability to translate technical language to common language for non\-technical users.
- Will work around standard office conditions. May occasionally be required to carry or move equipment and participate in awareness campaigns that require lifting and/or standing while manning booths.
- -------------------------
- -----------------------------
- Resume or CV
- Cover/Interest Letter
Preferred Qualifications
Knowledge, Skills and Abilities
Other Requirements
Workplace and Eligibility Conditions
Benefits Eligible Yes
Benefits at UTA
We are proud to offer a comprehensive benefits package to all our employees at the University.
https://www.uta.edu/hr/employee\-benefits
To help you understand the full value of these benefits, we have created a tool that calculates the total worth of your compensation package. This tool takes into account all of the benefits that you are eligible for, including health insurance, retirement plans, and paid time off. To access this tool and learn more about the total value of your benefits, please click on the following link:
https://resources.uta.edu/hr/services/records/compensation\-tools.php
CBC Requirement
It is the policy of The University of Texas at Arlington to conduct a criminal background check on any applicant who is under final consideration for employment with the University.
This position may have access to critical infrastructure as defined by Section 113\.001(2\) of the Texas Business and Commerce Code. If so, to be hired for and continue to be employed in this position you must maintain the security or integrity of the infrastructure as set forth in Texas Executive Order GA\-48\. By assuming this position, and *if you have access to critical infrastructure*, you authorize the University to conduct routine background checks.
EEO Statement
It is the policy of The University of Texas at Arlington (UTA or The University) to provide an educational and working environment that provides equal opportunity to all members of the University community. In accordance with federal and state law, the University prohibits unlawful discrimination, including harassment, on the basis of race, color, national origin, religion, age, sex, sexual orientation, pregnancy, disability, genetic information, and/or veteran status. The University also prohibits discrimination on the basis of gender identity, and gender expression. Retaliation against persons who oppose a discriminatory practice, file a charge of discrimination, or testify for, assist in, or participate in an investigative proceeding relating to discrimination is prohibited. Constitutionally\-protected expression will not be considered discrimination or harassment under this policy. It is the responsibility of all departments, employees, and students to ensure the University’s compliance with this policy.
University Information
The University of Texas at Arlington (UTA) is located in the heart of the Dallas\-Fort Worth\-Arlington metroplex, a vibrant and diverse metropolitan area that is home to over 7 million people, one of the fastest\-growing tech economies in the United States, and a wide array of arts, entertainment, and cultural activities. As a comprehensive teaching, research, and public service institution, UTA is dedicated to the advancement of knowledge through scholarship and creative work. With an enrollment of more than 42,000 students, UTA is the second largest in the University of Texas System. As a result of its combination of rigorous academics and innovative research, UTA is designated as a Carnegie R\-1 “Very High Research Activity” institution and nationally recognized for its commitment to student success and service. It ranks No. 5 in Military Times’ “Best for Vets: Colleges” and is the top university in North Texas for its graduates’ salaries (The Wall Street Journal). UTA is designated as both a Hispanic\-Serving Institution and an Asian American and Native American Pacific Islander\-Serving Institution and is No. 6 for undergraduate ethnic diversity in the United States (U.S. News \& World Report, 2023\). With a global alumni network of approximately 280,000 – including leaders at many of the 24 Fortune 500 companies headquartered in North Texas – UTA contributes an estimated $29 billion annually to the Texas economy.
UTA is expanding its regional footprint by building a regional campus, called UTA West, in Parker County on the far west side of Fort Worth. It is scheduled to open in fall 2028\. This initiative aligns with the university’s strategic growth and commitment to serving the broader community. Furthermore, UTA has launched the RISE 100 initiative, aiming to recruit 100 new tenure\-system faculty to strengthen its research enterprise and leadership in key academic areas. Learn more at https://www.uta.edu/administration/president/strategic\-plan/rise100.
This is an exciting time to join UTA and contribute to its bold vision for the future.
ADA Accommodations
The University of Texas at Arlington is committed to providing reasonable accommodation to individuals with disabilities. If you require reasonable accommodation in completing this application, interviewing or otherwise participating in the employee selection process, please direct your inquiries to 817\-272\-5554 or email ADADocs@uta.edu.
Posting Detail Information
Number of Vacancies 1
Open Until Filled
Minimum Number of References Required 3
Maximum Number of References Accepted 3
Special Instructions to Applicants
Applicants must include in their online resume the following information: 1\) Employment history: name of company, period employed (from month/year to month/year), job title, summary of job duties and 2\) Education: school name, degree type, and major. 3\) Applicant contact information.
Requirement Questions
Required fields are indicated with an asterisk (\*).
\ What is the highest level of education attained?
+ GED
+ High School Diploma
+ Associate's Degree
+ Bachelor's Degree
+ Master's Degree
+ PhD or equivalent
\ How many years do you have of professional experience in information security, GRC, risk management, compliance, or audit roles?
+ None/less than 1 year
+ 1 to 2 years
+ 3 to 4 years
+ 5 or more
\ How many years of experience do you have managing people, directly supervising employees or people leaders?
+ None/less than 1 year
+ 1 to 2 years
+ 3 to 4 years
+ 5 or more years
\ How many years of experience do you have in supporting executive leadership, senior management, or Boards/committees on information security, risk, or compliance topics?
+ None/less than 1 year
+ 1 to 2 years
+ 3 to 4 years
+ 5 or more years
\ What certifications, if any, have you obtained?
(Open Ended Question)
\ Please indicate whether you have completed any UTA Leadership Development programs.
+ Aspiring Leaders Program
+ MavsSupervisor Success Program
+ MavsManager Foundations Program
+ Leading People Credential (completion grants supervisory experience credit for internal entry\-level supervisory roles)
+ None of the above
Documents Needed To Apply
Required Documents
Optional Documents