Job Description

Job Summary
The University of Utah’s Center for High Performance Computing (CHPC) seeks a Compliance Analyst to support cybersecurity and regulatory compliance for research projects involving regulated data. This role coordinates with institutional offices (ISO, IRB, Privacy Office, GRC) and research teams to ensure secure and compliant operations across CHPC systems. This role is part of a small, embedded security & compliance team with ample opportunities for cross training and skill growth.
Responsibilities
Serve as primary contact for CHPC regulated research compliance coordination.
Coordinate background checks and regulatory prerequisites for research personnel.
Research and interpret security requirements in collaboration with campus compliance offices.
Maintain and update policies, procedures, and acceptable use documentation.
Liaise with university departments to resolve outdated or unclear compliance practices.
Manage project documentation, including Needs Assessments and regulated research records.
Lead and document compliance meetings; assign and track action items.
Coordinate and track required user training for secure computing environments.
Monitor and respond to project-related tickets and communications.
Oversee IRB closeout processes
Coordinate with other offices to ensure required documentation is in place (e.g., BAAs, NDAs, ISAFs).
Support security & compliance audit preparation.


Minimum Qualifications
Requires a bachelor’s degree in a related area or equivalency (one year of education can be substituted for one year of related work experience) and 2-4 years of experience in the field or in a related area.
Familiarity with federal regulations such as NIST SP 800-171, CMMC, HIPAA, etc.
Strong organizational, communication, and documentation skills.
Department may hire employee at one of the following job levels:
Equivalency Statement: 1 year of higher education can be substituted for 1 year of directly related work experience (Example: bachelor’s degree = 4 years directly related work experience).

Security Compliance Analyst, II:
Requires a bachelor’s (or equivalency) + 4 years or a master’s (or equivalency) + 2 years of directly related work experience. Assumes work equivalency (1 year of higher education can be substituted for 1 year of directly related work experience).

Security Compliance Analyst, III:
Requires a bachelor’s (or equivalency) + 6 years or a master’s (or equivalency) + 4 years of directly related work experience. Assumes work equivalency (1 year of higher education can be substituted for 1 year of directly related work experience).

Security Compliance Analyst, IV:
Requires a bachelor’s (or equivalency) + 8 years or a master’s (or equivalency) + 6 years of directly related work experience. Assumes work equivalency (1 year of higher education can be substituted for 1 year of directly related work experience).



Preferences
Experience with cybersecurity governance, risk, & compliance (GRC).
Experience with IT ticketing systems, such as Service Now.
Familiarity with IRB processes.
Certifications such as Certified in Cybersecurity (CC), Security+, CRISC
Experience in higher education or regulated research environments.
Experience with compliance automation and compliance as code.
Type Benefited Staff
Special Instructions Summary
Additional Information
The University of Utah values candidates who have experience working in settings with students from diverse backgrounds and possess a strong commitment to improving access to higher education for historically underrepresented students.


Individuals from historically underrepresented groups, such as minorities, women, qualified persons with disabilities and protected veterans are encouraged to apply. Veterans’ preference is extended to qualified applicants, upon request and consistent with University policy and Utah state law. Upon request, reasonable accommodations in the application process will be provided to individuals with disabilities.


The University of Utah is an Affirmative Action/Equal Opportunity employer and does not discriminate based upon race, ethnicity, color, religion, national origin, age, disability, sex, sexual orientation, gender, gender identity, gender expression, pregnancy, pregnancy-related conditions, genetic information, or protected veteran’s status. The University does not discriminate on the basis of sex in the education program or activity that it operates, as required by Title IX and 34 CFR part 106. The requirement not to discriminate in education programs or activities extends to admission and employment. Inquiries about the application of Title IX and its regulations may be referred to the Title IX Coordinator, to the Department of Education, Office for Civil Rights, or both.