Join the leadership team at NORC at the University of Chicago as our Chief Information Security Officer (CISO) in the Information Technology department. As a nationally renowned non-partisan research institute that informs decision-makers around the world, we take information security seriously.
Guide a highly successful and critical team to new heights of achievement and excellence with your proven leadership skills, vision, and extensive management experience in information security and compliance.
The Information Security and Compliance team sits within the larger IT department and is responsible for protecting all NORC electronic assets, writing all company security policies, maintaining all NIST 800-53 compliance documentation, and educating the company on security awareness.
|DEPARTMENT: Information Technology
NORC's Information Technology program provides technology services to our staff and clients. Given the critical role technology plays in our day-to-day lives, we are committed to providing professional, high-quality solutions in order to further our collective goal of advancing social science research.
- Lead all aspects of information security, compliance, and privacy, including budgeting, operations, staff management and development, strategic partnerships, and business development
- Develop short- and long-term vision and strategies to support organizational information security and align them to NORC’s overall strategic goals
- Identify and report risks to the organization; develop comprehensive recommendations to manage risk in response to organizational security and privacy threats
- Maintain an efficient vulnerability management program that identifies system vulnerabilities, and prioritizes and reports them to the system owners; monitor vendor sites for emergency patches
- Guide client security teams on new requirements, threats, and progress on outstanding issues
- Cooperate with client and independent third-party auditing teams to provide compliance documentation and evidence to auditors
- Review information security in all contracts and data use agreements as a member of the Data Governance Board
- Track state and federal legislative, technological, and societal changes in data security and privacy; identify any changes that could have an adverse impact on the collection and protection of respondent data
- Liaise across all IT teams on effective designs, processes, and procedures to sufficiently protect NORC’s data and ensure it meets all legal and contractual requirements
- Lead all data loss prevention efforts across organizational systems and devices
- Organize business continuity testing and reporting across various IT teams; ensure systems are prepared to prevent an extended systems outage
- Manage organization-wide security awareness program
- Partner with research departments on new technology relating to the collection, processing, and storing of personally identifiable information
- Collaborate with system administrators, engineers, and developers to create or update application/system/site policies, procedures, and process guides
- Devise and regularly revisit policies and procedures regarding incident response, business continuity planning, data loss prevention, cloud security, and privacy
- Oversee organizational system security and compliance requirements
- Bachelor Degree in a related field required, advanced degree preferred
- Minimum 10 years of applicable work experience in information security and IT infrastructure
- Extensive experience maintaining security in a highly regulated environment
- Significant knowledge of the NIST 800-53 security framework or equivalent framework
- Proven track record successfully leading a strategic team across all levels of the organization
- Exceptional analytic capabilities with competency in advanced problem-solving techniques
- Ability to identify organizational risks in a timely manner and prepare appropriate action to minimize risks
- Strong record of directing IT infrastructure and security teams and managing multiple projects with competing timelines and resource demands
- Expertise in security best practice, privacy regulations, and U.S. Government FISMA and Fedramp compliance
- Outstanding collaborative work style with an emphasis on effective communications
- Strategic thinker who can simultaneously direct multiple critical projects and strategic initiatives
- Familiarity with the technologies used in all aspects of data security, compliance, and privacy
- The successful candidate will be based in a NORC location (Chicago preferred), and will travel to our other offices; limited travel required
Please submit your resume/CV with a brief statement describing your interest and fit for the position. Applications will be reviewed on a rolling basis and you will hear from a recruiter should your background and interests fit our expectations.
|WHAT WE DO:
NORC at the University of Chicago is an objective, non-partisan research institution that delivers reliable data and rigorous analysis to guide critical programmatic, business, and policy decisions. Since 1941, our teams have conducted groundbreaking studies, created and applied innovative methods and tools, and advanced principles of scientific integrity and collaboration. Today, government, corporate, and nonprofit clients around the world partner with us to transform increasingly complex information into useful knowledge.
|WHO WE ARE:
For over 75 years, NORC has evolved in many ways, moving the needle with research methods, technical applications and groundbreaking research findings. But our tradition of excellence, passion for innovation, and commitment to collegiality have remained constant components of who we are as a brand, and who each of us is as a member of the NORC team. With world-class benefits, a business casual environment, and an emphasis on continuous learning, NORC is a place where people join for the stellar research and analysis work for which we’re known, and stay for the relationships they form with their colleagues who take pride in the impact their work is making on a global scale.
NORC is an affirmative action, equal opportunity employer that values and actively seeks diversity in the workforce. NORC evaluates qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status, sexual orientation, gender identity, and other legally- protected characteristics.