IT Risk and Compliance Analyst Remote

IT Risk and Compliance Analyst Remote
Job no: 502567 Work type: Regular Full-Time Location: Chicago – 55 East Monroe Street, IL Capability Area: IT Security
JOB DESCRIPTION:
NORC at the University of Chicago is seeking a skilled Auditor to join our Information Technology Department as part of the IT Risk and Security Compliance team. The ideal candidate will possess deep expertise in auditing, particularly within the context of Government security standards and regulations. This role is pivotal in ensuring that IT security and privacy controls are compliant with the stringent requirements of our clients (primarily Government agencies) as well as corporate standards.
The successful candidate will be part of an IT security compliance team, expert in Government security standards and regulations. The team is responsible for specifying, documenting, validating, and maintaining IT security & privacy controls to ensure compliance with security requirements of clients (principally Government) and corporate standards for data and systems integrity. The team develops and implements tools and processes to measure and track IT security metrics. The team provides guidance to IT functional teams on security compliance as it pertains to system development, documentation, testing, monitoring, and reporting. The team conducts risk assessments and security impact analyses of information systems.
DEPARTMENT: INFORMATION TECHNOLOGY
NORC’s Information Technology program provides essential services to support our staff and clients. Technology is critical to our mission of advancing social science research, and we are dedicated to delivering professional, high-quality solutions.

RESPONSIBILITIES:

Lead and participate in both internal and external IT compliance audits, ensuring adherence to security and regulatory frameworks.

Conduct thorough risk assessments and security impact analyses of information systems to identify potential vulnerabilities.

Prepare, review, and manage all required audit documentation, identifying deficiencies and developing remediation plans.

Monitor ongoing compliance with client contract requirements, tracking and reporting on the remediation of Corrective Action Plans (CAPs).

Collaborate with clients and Security Engineers to support remediation activities and ensure compliance with government regulations such as FISMA, Section 508, NIST SP 800-53, HITRUST, and HIPAA Security & Privacy.

Develop and implement policies, procedures, and automated processes to maintain compliance in a hybrid, multi-tenant infrastructure.

Provide guidance to IT teams on compliance-related issues, acting as a mentor to technical staff and translating complex technical concepts for non-technical management.

Build and maintain strong relationships with highly educated researchers in NORC’s collaborative environment.

REQUIRED SKILLS:

Bachelor’s Degree in Management Information Systems, Computer Science, Accounting, Business Administration, or equivalent experience (H.S. degree with 5 years of relevant experience).

Current certification in IT security compliance, such as Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), or System Security Certified Practitioner (SSCP).

Minimum of 5 years of experience in IT security, risk assessment, or compliance, with a focus on government contracts.

Expertise in auditing IT systems for compliance with security frameworks, including the development and review of security documentation such as System Security Plans (SSPs), Corrective Action Plans (CAPs), and Contingency Plans.

Proficiency in using Governance, Risk, and Compliance (GRC) or Information Risk Management (IRM) systems to monitor and track compliance across multiple frameworks.

Experience in managing compliance for hybrid multi-tenant infrastructures, including familiarity with privacy regulations like CCPA/CPRA, GDPR, and the HIPAA Privacy Rule.

In-depth knowledge of information security practices across IT infrastructure layers, including networks, servers, databases, and applications.

Experience with advanced information security assessment techniques, such as vulnerability scanning and penetration testing.

Hands-on experience with HIPAA Security and Privacy Rules, HITRUST Common Security Framework (CSF), FedRAMP, and FISMA.

SALARY AND BENEFITS:
The pay range for this position is $75,000 to $113,000.
This position is classified as regular. Regular staff are eligible for NORC’s comprehensive benefits program. Benefits include, but are not limited to:
Generously subsidized health insurance, effective on the first day of employment
Dental and vision insurance
A defined contribution retirement program, along with a separate voluntary 403(b) retirement program
Group life insurance, long-term and short-term disability insurance
Benefits that promote work/life balance, including generous paid time off, holidays; paid parental leave, bereavement leave, tuition assistance, and an Employee Assistance Program (EAP).
NORC’s Approach to Equity and Transparency
Pay and benefits transparency helps to reduce wage gaps. As part of our commitment to pay equity and salary transparency, NORC includes a salary range for each job opening along with information about eligible benefit offerings. At NORC, we take a comprehensive approach to setting salary ranges and reviewing raises and promotions, which is overseen by a formal Salary Review Committee (SRC).

WHAT WE DO:
NORC at the University of Chicago is an objective, non-partisan research institution that delivers reliable data and rigorous analysis to guide critical programmatic, business, and policy decisions. Since 1941, our teams have conducted groundbreaking studies, created and applied innovative methods and tools, and advanced principles of scientific integrity and collaboration. Today, government, corporate, and nonprofit clients around the world partner with us to transform increasingly complex information into useful knowledge.

WHO WE ARE:
For over 75 years, NORC has evolved in many ways, moving the needle with research methods, technical applications and groundbreaking research findings. But our tradition of excellence, passion for innovation, and commitment to collegiality have remained constant components of who we are as a brand, and who each of us is as a member of the NORC team. With world-class benefits, a business casual environment, and an emphasis on continuous learning, NORC is a place where people join for the stellar research and analysis work for which we’re known, and stay for the relationships they form with their colleagues who take pride in the impact their work is making on a global scale.
EEO STATEMENT:
NORC is an affirmative action, equal opportunity employer that values and actively seeks diversity in the workforce. NORC evaluates qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status, sexual orientation, gender identity, and other legally- protected characteristics.
Advertised: August 29, 2024 Central Daylight Time Applications close: September 18, 2024 Central Daylight Time

NORC at the University of Chicago