| JOB SUMMARY: |
NORC at the University of Chicago is seeking a seasoned IT Risk and Compliance Specialist to join our Information Technology Department within the DSS Security and Compliance team. This critical role will focus on driving the organization’s adherence to complex regulatory frameworks, with particular emphasis on FedRAMP, CMMC, NIST 800-171, and ISO 27001. The ideal candidate will bring a wealth of experience in auditing, risk management, and compliance within high-stakes environments, particularly for Government security standards.
Preferably, this position will have a hybrid work schedule of one or two days a week in either our Washington, DC or Chicago, IL office. Remote applicants may also be considered.
|
| DEPARTMENT: DSS Security and Compliance |
Technology is integral to NORC’s mission of advancing social science research. The IT department delivers innovative, high-quality solutions that support both our staff and clients, ensuring the highest standards of security and compliance.
|
| RESPONSIBILITIES: |
- Lead comprehensive internal and external IT compliance audits, ensuring alignment with critical security standards such as FedRAMP, CMMC, NIST 800-171, and ISO 27001.
- Execute in-depth risk assessments and security impact analyses of information systems, identifying potential vulnerabilities and proposing mitigation strategies.
- Develop, review, and manage key audit documentation, including the creation of corrective action and remediation plans to address identified deficiencies.
- Oversee and ensure continuous compliance with contract requirements, with a focus on tracking and reporting the progress of Corrective Action Plans (CAPs).
- Collaborate closely with Security Engineers and stakeholders to remediate compliance issues, ensuring alignment with regulations such as FISMA, Section 508, NIST SP 800-53, HITRUST, and HIPAA Security & Privacy standards.
- Design, implement, and optimize policies, procedures, and automated processes for compliance in hybrid and multi-tenant infrastructures.
- Provide mentorship and strategic guidance to IT teams, translating complex regulatory requirements into actionable technical steps for seamless compliance execution.
- Foster strong, collaborative relationships with NORC’s research community and other key stakeholders, facilitating a culture of compliance and security.
|
| REQUIRED SKILLS: |
- Bachelor’s Degree in Management Information Systems, Computer Science, Business Administration, or a related field. Or equivalent experience in IT security, risk, or compliance may be considered.
- Current certifications in IT security compliance, such as Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or Certified in Risk and Information Systems Control (CRISC).
- Minimum of 6+ years of experience in IT security auditing, risk assessment, or compliance, with a primary focus on government security frameworks and contracts.
- Proven expertise in auditing IT systems for compliance with security frameworks, including preparing and reviewing System Security Plans (SSPs), Corrective Action Plans (CAPs), and Contingency Plans.
- Proficiency in Governance, Risk, and Compliance (GRC) or Information Risk Management (IRM) systems, with a track record of managing compliance across multiple frameworks, including FedRAMP, NIST, and ISO standards.
- Deep knowledge of information security protocols across infrastructure layers, including networks, servers, databases, and applications, with hands-on experience in advanced security assessment techniques.
- Experience managing compliance in hybrid and multi-tenant infrastructures, with strong familiarity with privacy regulations such as GDPR, CCPA/CPRA, and the HIPAA Privacy Rule.
- Extensive experience in the implementation and oversight of frameworks such as FedRAMP, CMMC, NIST 800-171, ISO 27001, and HITRUST.
Qualified applicants must be eligible to work in the U.S. We regret that we are unable to offer visa sponsorship for this position. |
| SALARY AND BENEFITS: |
The pay range for this position is $110,000 – $165,000.
This position is classified as regular. Regular staff are eligible for NORC’s comprehensive benefits program. Benefits include, but are not limited to:
-
Generously subsidized health insurance, effective on the first day of employment
-
Dental and vision insurance
-
A defined contribution retirement program, along with a separate voluntary 403(b) retirement program
-
Group life insurance, long-term and short-term disability insurance
-
Benefits that promote work/life balance, including generous paid time off, holidays; paid parental leave, bereavement leave, tuition assistance, and an Employee Assistance Program (EAP).
NORC’s Approach to Equity and Transparency
Pay and benefits transparency helps to reduce wage gaps. As part of our commitment to pay equity and salary transparency, NORC includes a salary range for each job opening along with information about eligible benefit offerings. At NORC, we take a comprehensive approach to setting salary ranges and reviewing raises and promotions, which is overseen by a formal Salary Review Committee (SRC).
|
| WHAT WE DO: |
NORC at the University of Chicago is an objective, non-partisan research institution that delivers reliable data and rigorous analysis to guide critical programmatic, business, and policy decisions. Since 1941, our teams have conducted groundbreaking studies, created and applied innovative methods and tools, and advanced principles of scientific integrity and collaboration. Today, government, corporate, and nonprofit clients around the world partner with us to transform increasingly complex information into useful knowledge.
|
| WHO WE ARE: |
For over 80 years, NORC has evolved in many ways, moving the needle with research methods, technical applications and groundbreaking research findings. But our tradition of excellence, passion for innovation, and commitment to collegiality have remained constant components of who we are as a brand, and who each of us is as a member of the NORC team. With world-class benefits, a business casual environment, and an emphasis on continuous learning, NORC is a place where people join for the stellar research and analysis work for which we’re known, and stay for the relationships they form with their colleagues who take pride in the impact their work is making on a global scale.
|
| EEO STATEMENT: |
NORC is an equal opportunity employer. NORC evaluates qualified applicants without regard to race, color, religion, sex, gender, national origin, disability, status as a protected veteran, sexual orientation, and other legally protected characteristics.
#LI-MS1
|
