The Cybersecurity GRC Analyst will focus on the development, maintenance, and execution of governance, risk, and compliance activities that support the university’s Controlled Research Program, including programs operating under NIST 800-171, DFARS, ITAR, and CMMC requirements. This position is part of the larger GRC function within the Information Security Office (ISO) and collaborates closely with researchers, sponsored programs offices, and technical teams to build and maintain compliant environments. Responsibilities. Support and maintain the university’s cybersecurity GRC program, with a focus on research computing environments that handle Controlled Unclassified Information (CUI) or other regulated data. Coordinate and perform security assessments and risk evaluations of research systems and projects against applicable regulatory frameworks (e.g., NIST 800-171, CMMC, DFARS, ITAR). Collaborate with research IT, sponsored programs, legal, and research stakeholders to support secure and compliant research practices across the institution. Create, update, and cross-reference controls and documentation across multiple regulatory frameworks to support streamlined and unified GRC practices. Develop and maintain System Security Plans (SS - Ps), Plans of Action and Milestones (POA&Ms), and other required compliance documentation for research programs. Work with ISO staff to extend enterprise policies and GRC tooling to meet the specialized needs of controlled research. Provide consulting and support to researchers and administrators on CUI compliance requirements, secure system design, and data handling best practices. Track and manage identified compliance gaps and risks in alignment with risk management strategies and institutional priorities. Contribute to broader ISO GRC initiatives such as policy development, compliance reporting, and framework alignment activities. Stay up to date on emerging federal compliance regulations and frameworks related to controlled research and incorporate into institutional practices as appropriate. Perform other duties as assigned to support the ISO’s cybersecurity and compliance objectives. Required Qualifications. U.S. Citizen, resident, or officially recognized asylee - Applicant selected will be subject to government security investigation and must meet eligibility requirements for access to classified information at the level appropriate to the project requirements of the position. Minimum of 3 years of experience in cybersecurity, audit, compliance, risk management, or GRC, with at least 1 year involving NIST 800-171, DFARS, CUI, or similar compliance frameworks. Familiarity with controlled research environments and compliance programs such as CMMC, ITAR, or FISMA. Solid understanding of information security principles, IT governance, and technical controls (access management, system hardening, auditing, data protection, etc.). Strong analytical, documentation, and project management skills. Excellent interpersonal and communication skills to interface with a diverse campus community including researchers, IT staff, and administrators. Demonstrated ability to work independently and collaboratively in a fast-paced, distributed team environment. Strong synchronous and asynchronous communication skills. Self-motivated to learn and share knowledge. Relevant education and experience may be substituted as appropriate. Preferred Qualifications. Experience developing or maintaining System Security Plans (SS - Ps), POA&Ms, or other compliance documentation in research settings. Experience with CMMC Level 2 compliance initiatives or pre-assessment support. Familiarity with GRC platforms and tools (e.g., Isora. GRC). Experience supporting academic or research institutions in regulated environments. Knowledge of UT Austin’s research infrastructure, policies, and governance (a plus but not required). Salary Range$125,000 depending on qualifications.