The successful candidate will be part of a small, but essential IT security compliance team, expert in Government security standards and regulations. The team is responsible for specifying, documenting, and maintaining IT security controls to ensure compliance with security requirements of clients (principally Government) and corporate standards for data and systems integrity. They develop and implement tools and processes to measure and track security metrics. They provide guidance to IT functional teams on security compliance as it pertains to system development, documentation, testing, monitoring and reporting. They conduct risk assessment and security impact analysis of information systems.
|DEPARTMENT: INFORMATION TECHNOLOGY
NORC's Information Technology program provides technology services to our staff and clients. Given the critical role technology plays in our day-to-day lives, we are committed to providing professional, high-quality solutions in order to further our collective goal of advancing social science research.
- The qualified candidate must have practical experience in participating in both internal and external compliance audits
- The IT Security Compliance Analyst will participate in meetings, provide all required documentation, identify deficiencies and create remediation plans
- He/she must be familiar with and be expert in Government compliance regulations such as FISMA and NIST 800-53
- The Compliance Analyst develops policies, procedures, and automated processes to ensure the company’s IT environment continues to meet all applicable standards and recommendations
- Strong customer service orientation and a demonstrated ability to transfer knowledge, both as a mentor to technical staff and as a translator for less technical management
- Ability to establish rapport with highly educated researchers in NORC’s collegial environment is essential
- NORC is seeking candidates who are self-starters, team players, and effective communicators (both written and oral)
- Bachelor Degree in Management Information Systems, Computer Science, Electrical Engineering or other comparable degree or experience
- Current security compliance certification such as Certified Information Systems Auditor (CISA) or System Security Certified Practitioner (SSCP) preferred
- At least 5 years of experience in IT security, risk assessment, or compliance in a Government contract environment
- Knowledge of compliance regulations such NIST 800-53, FISMA, HIPAA and 508 compliance
- Experience with creating and maintaining IT audit control processes
- Knowledge of current privacy regulations preferred
- In-depth understanding of information security practices at all layers of the IT infrastructure: network, servers, databases, applications
- Previous experience in the advanced use of information security assessment techniques (e.g., vulnerability scanning, penetration testing, verification of application security, etc.)
- General understanding of IT infrastructure, operating systems, database and application operations
- Excellent verbal and written communication skills
|WHAT WE DO:
NORC at the University of Chicago is an objective, non-partisan research institution that delivers reliable data and rigorous analysis to guide critical programmatic, business, and policy decisions. Since 1941, our teams have conducted groundbreaking studies, created and applied innovative methods and tools, and advanced principles of scientific integrity and collaboration. Today, government, corporate, and nonprofit clients around the world partner with us to transform increasingly complex information into useful knowledge.
|WHO WE ARE:
For over 75 years, NORC has evolved in many ways, moving the needle with research methods, technical applications and groundbreaking research findings. But our tradition of excellence, passion for innovation, and commitment to collegiality have remained constant components of who we are as a brand, and who each of us is as a member of the NORC team. With world-class benefits, a business casual environment, and an emphasis on continuous learning, NORC is a place where people join for the stellar research and analysis work for which we’re known, and stay for the relationships they form with their colleagues who take pride in the impact their work is making on a global scale.
NORC is an affirmative action, equal opportunity employer that values and actively seeks diversity in the workforce. NORC evaluates qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status, sexual orientation, gender identity, and other legally- protected characteristics.