NORC at the University of Chicago seeks a Manager of Security and Compliance for its IT department in our Chicago Loop office.
|DEPARTMENT: INFORMATION TECHNOLOGY
NORC's Information Technology department provides technology services to our staff and clients. Given the critical role technology plays in our day-to-day lives, we are committed to delivering professional, high-quality solutions to achieve our collective goal of advancing social science research.
- Provide management and technical leadership for the IT security and compliance team responsible for specifying, documenting, and maintaining IT security policies and controls to ensure the protection of electronic assets and compliance with security requirements of clients (principally Government) and corporate standards for data and systems integrity
- Manage security compliance engagement activities and support existing compliance control
- Develop and implement tools and processes to measure and track security metrics
- Provide guidance to IT functional teams on security compliance as it pertains to system development, documentation, testing, monitoring and reporting
- Conduct risk assessment and security impact analysis of information systems
- Participate in project meetings, provide all required documentation, identify deficiencies and create remediation plans
- Develop policies, procedures, and automated processes to ensure the company’s IT environment continues to meet all applicable standards and recommendations
- Recruit, manage, and review performance for team members
- BS in MIS, Computer Science, Electrical Engineering or other comparable degree or experience; Master’s Degree preferred
- At least 8 years of experience in IT security, risk assessment, or compliance in a Government contract environment. Knowledge of compliance regulations and control frameworks such as NIST 800-53, FISMA, HIPAA and (US Rehabilitation Act) Section 508
- Experience with creating and maintaining IT audit control processes; experience in Government security standards and regulations
- In-depth understanding of information security practices at all layers of the IT infrastructure: network, servers, databases, applications
- Previous experience in the advanced use of information security assessment techniques (e.g., vulnerability scanning, penetration testing, verification of application security, etc.)
- Knowledgeable about data privacy compliance
- Familiarity with managing a Security Awareness training program
- Managerial experience managing technical employees
- Strong understanding of IT infrastructure, operating systems, database and application operations;
- Excellent communication and people skills
- Current security compliance certification such as Certified Information Systems Auditor (CISA) or CISSP highly preferred
- Practical experience in participating in both internal and external compliance audits
|WHAT WE DO:
NORC at the University of Chicago is an objective, non-partisan research institution that delivers reliable data and rigorous analysis to guide critical programmatic, business, and policy decisions. Since 1941, our teams have conducted groundbreaking studies, created and applied innovative methods and tools, and advanced principles of scientific integrity and collaboration. Today, government, corporate, and nonprofit clients around the world partner with us to transform increasingly complex information into useful knowledge.
|WHO WE ARE:
For over 75 years, NORC has evolved in many ways, moving the needle with research methods, technical applications and groundbreaking research findings. But our tradition of excellence, passion for innovation, and commitment to collegiality have remained constant components of who we are as a brand, and who each of us is as a member of the NORC team. With world-class benefits, a business casual environment, and an emphasis on continuous learning, NORC is a place where people join for the stellar research and analysis work for which we’re known, and stay for the relationships they form with their colleagues who take pride in the impact their work is making on a global scale.
NORC is an affirmative action, equal opportunity employer that values and actively seeks diversity in the workforce. NORC evaluates qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status, sexual orientation, gender identity, and other legally- protected characteristics.