Job Function: the IT Security Engineer (GRC) plays a key role in establishing and maintaining the NCAA’s information security governance, risk management, and compliance posture. This position is responsible for developing, implementing, and monitoring security policies, standards, and controls to ensure the confidentiality, integrity, and availability of NCAA information systems and data. The role leads and supports risk assessments, regulatory compliance efforts, and audit activities, ensuring alignment with industry frameworks and legal requirements. Working closely with IT, Security Operations, Legal, Privacy, and business stakeholders, the IT Security Engineer provides guidance on risk mitigation strategies, control effectiveness, and security best practices to support informed decision-making and enterprise security maturity.

Job Responsibilities:

Security Operations & Incident Response

• Monitor and analyze security events, logs, and alerts to identify vulnerabilities, threats, and potential breaches.
• Investigate security incidents, perform forensic analysis, conduct root cause analysis, and recommend corrective actions.
• Support incident response activities and post-incident reviews from a governance, risk, and compliance perspective.

Governance, Risk, & Compliance (GRC)

• Develop, maintain, and enforce information security policies, standards, and procedures aligned with business objectives and regulatory requirements.
• Lead IT risk management activities, including risk assessments, risk registers, mitigation plans, and remediation tracking.
• Map security controls to regulatory and framework requirements and maintain audit documentation and evidence.
• Monitor and report on control effectiveness, overall risk posture, and compliance status to leadership.

Compliance & Audit Management

• Ensure compliance with applicable legal, regulatory, and contractual obligations (e.g., NIST, ISO 27001, SOC, PCI-DSS, HIPAA, GDPR).
• Coordinate and support internal and external security audits, assessments, and certifications.
• Manage third-party and vendor security risk assessments and ongoing compliance reviews.

Security Architecture & Engineering

• Design, implement, and maintain enterprise security controls and perimeter protections.
• Collaborate with IT teams to deploy and support security technologies such as firewalls, intrusion detection/prevention systems, endpoint protection, and authentication mechanisms.
• Maintain accurate documentation, inventories, and diagrams of the security environment.

Awareness, Training, & Collaboration

• Develop and deliver security awareness and training programs to promote a strong security culture.
• Partner with IT, Security Operations, Legal, Privacy, and business teams to embed security governance into systems, projects, and processes.
• Work closely with the NCAA Information Security Officer to support enterprise security strategy and policy development.
• Provide guidance and escalation support to the Service Desk for security-related issues.

Business Continuity, Reporting, & Events

• Support disaster recovery and business continuity planning, including backup, restoration, and testing activities.
• Prepare and maintain security documentation, incident records, and KPI-based reports to measure security effectiveness.
• Provide IT security support for offsite events, including meetings and championships, with flexibility for after-hours, weekend, and extended remote assignments.
• Perform other duties as assigned.
• Other duties as assigned

Job Requirements

Required:

• Bachelor’s degree in Computer Science, Information Technology, or a related field.
• 2-4 years of experience in IT security, risk management, compliance or audit required (3-7 years preferred).
• Strong understanding of GRC principles, risk assessment methodologies, and regulatory frameworks.
• Experience with security frameworks and standards (e.g., NIST, ISO 27001, SOC, PCI-DSS).
• Hands-on experience with GRC platforms (ServiceNow GRC, Archer, OneTrust, LogicGate, ZenGRC).
• Working knowledge of cloud platforms (Azure, AWS, or GCP) and associated security controls.
• Experience with Microsoft security platforms.
• Ability to efficiently collect, manage, and present audit evidence.
• Strong documentation, reporting, and policy development skills.
• Strong analytical, organizational, and problem-solving skills.
• Experience working in a collaborative, team-oriented environment.
• Exposure to ITIL fundamentals.
• Ability to support offsite events, including extended on-location assignments.
• This position will be based out of the national office in Indianapolis, Indiana. Current work environment is hybrid; 2 days in the office and 3 days remote. Relocation is expected.

Preferred:

• Industry certifications such as CISSP, CISM, CRISC, CISA, or CompTIA Security+.
• Active pursuit or attainment of CISSP.

Key Competencies

• Self Management | Takes responsibility of one’s behavior, work, priorities, and time management accordingly.
• Teamwork | Can effectively work together with other people and collaborate to achieve a common goal or to complete a task in the most effective and efficient way. 
• Attention to Detail | Allocates cognitive resources to achieve thoroughness and accuracy when accomplishing tasks, no matter how small or large.  
• Resourcefulness | The ability to creatively cope with difficult situations, or unusual problems. It is about problem-solving and getting things done in the face of obstacles and constraints.
• Drives Vision & Purpose | Communicates a compelling picture of the vision and strategy that motivates others to action by: Talking about future possibilities in a positive way. Creating milestones and symbolizing support behind the vision. Showing personal commitment to the vision.

Core Values

• LEADERSHIP | We actively listen and continually strive to provide vital solutions, counsel and advocacy for student-athletes and intercollegiate athletics.
• INCLUSION | We seek and incorporate different perspectives and experiences to drive innovation and impact.
• COMMUNICATION | We commit to an environment of openness to build trust and make timely decisions.
• COLLABORATION | We work together, based on mutual respect, to lead and serve our stakeholders.
• ACCOUNTABILITY | We take ownership for our actions and results to add value every day.

• Bachelors or better

Equal Opportunity Employer
This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights notice from the Department of Labor.