NORC at the University of Chicago seeks an IT Security Compliance Analyst for join our growing Information Technology Department.
The successful candidate will be part of an IT security compliance team, expert in Government security standards and regulations. The team is responsible for specifying, documenting, validating, and maintaining IT security & privacy controls to ensure compliance with security requirements of clients (principally Government) and corporate standards for data and systems integrity. The team develops and implements tools and processes to measure and track IT security metrics. The team provides guidance to IT functional teams on security compliance as it pertains to system development, documentation, testing, monitoring, and reporting. The team conducts risk assessments and security impact analyses of information systems.
NORC recognizes that talented and skilled researchers live throughout the U.S. and actively supports remote work arrangements.
As a condition of employment, all NORC employees and contractors – including those working remotely - must be fully vaccinated (as defined by current CDC guidance) against COVID-19.
|DEPARTMENT: INFORMATION TECHNOLOGY
NORC's Information Technology program provides technology services to our staff and clients. Given the critical role technology plays in our day-to-day lives, we are committed to providing professional, high-quality solutions in order to further our collective goal of advancing social science research.
- The qualified candidate must have practical experience in participating in both internal and external compliance audits
- The IT Security Compliance Analyst will participate in meetings, provide all required documentation, identify deficiencies, and create remediation plans
- The IT Security Compliance Analyst will provide continuous monitoring of security against client contract requirements
- Tracking and reporting remediation of POA&Ms as well as supporting remediation activities in coordination with clients and Security Engineers
- He/she must be familiar with and be expert in government compliance regulations such as CCPA/CPRA, FISMA, Section 508, NIST SP 800-53, and HIPAA Security & Privacy
- The Compliance Analyst develops policies, procedures, and automated processes to ensure the company’s IT environment continues to meet all applicable standards and recommendations
- Strong customer service orientation and a demonstrated ability to transfer knowledge, both as a mentor to technical staff and as a translator for less technical management
- Ability to establish rapport with highly educated researchers in NORC’s collegial environment is essential
- He/she must be a self-starter, team player, and effective communicator (both written and oral)
- Facilitate security and IT compliance in a hybrid, multi-tenant infrastructure.
- Bachelor’s Degree in Management Information Systems, Computer Science, Accounting, Business Administration or other comparable degree or experience
- Current security compliance certification such as Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC) or System Security Certified Practitioner (SSCP)
- At least 5 years of experience in IT security, risk assessment, or compliance in a government contract environment
- Experience with creating and maintaining IT audit control processes to assess the suitability and applicability of technical, managerial, and operational security controls against security and regulatory frameworks
- Experience with GRC (Governance, Risk, and Compliance) systems or IRM (Information Risk Management) systems for tracking and monitoring multiple systems and assessments against multiple frameworks
- Experience in monitoring and maintaining compliance of a hybrid multi-tenant infrastructure
- Knowledge of current privacy regulations preferred, such as CCPA/CPRA, GDPR, and the HIPAA Privacy Rule
- In-depth understanding of information security practices at all layers of the IT infrastructure, to include network, servers, databases, and applications
- General understanding of IT infrastructure, operating systems, database, and application operations
- Previous experience in the advanced use of information security assessment techniques (e.g., vulnerability scanning, penetration testing, verification of application security, etc.)
- Previous experience working with the HIPAA Security and Privacy Rules, as well as the HITRUST Common Security Framework (CSF)
- Experience with FedRAMP and FISMA, including but not limited to the review and development of ATO security documentation and templates such as SSPs, POA&Ms, Contingency Plans, Scoping templates
- Excellent verbal and written communication skills.
|WHAT WE DO:
NORC at the University of Chicago is an objective, non-partisan research institution that delivers reliable data and rigorous analysis to guide critical programmatic, business, and policy decisions. Since 1941, our teams have conducted groundbreaking studies, created and applied innovative methods and tools, and advanced principles of scientific integrity and collaboration. Today, government, corporate, and nonprofit clients around the world partner with us to transform increasingly complex information into useful knowledge.
|WHO WE ARE:
For over 75 years, NORC has evolved in many ways, moving the needle with research methods, technical applications and groundbreaking research findings. But our tradition of excellence, passion for innovation, and commitment to collegiality have remained constant components of who we are as a brand, and who each of us is as a member of the NORC team. With world-class benefits, a business casual environment, and an emphasis on continuous learning, NORC is a place where people join for the stellar research and analysis work for which we’re known, and stay for the relationships they form with their colleagues who take pride in the impact their work is making on a global scale.
NORC is an affirmative action, equal opportunity employer that values and actively seeks diversity in the workforce. NORC evaluates qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status, sexual orientation, gender identity, and other legally- protected characteristics.