Senior IT Risk and Compliance Analyst
Job in
Chicago, Cook County, Illinois, 60618, USA
Listed on 2026-07-10
Listing for:
NORC at the University of Chicago
Full Time
position Listed on 2026-07-10
Job specializations:
-
IT/Tech
Cybersecurity, IT Consultant, Information Security, IT Project Manager
Job Description & How to Apply Below
NORC at the University of Chicago seeks Senior IT Risk and Compliance Analyst to join our DSS Security and Compliance group. The successful candidate will be part of an IT Risk and Compliance team, expert in government security standards and regulations. The successful candidate will be part of an IT Risk and Compliance team, expert in government security standards and regulations.
The team is responsible for specifying, documenting, validating, and maintaining IT security & privacy controls to ensure compliance with security requirements of clients (principally Government) and corporate standards for data and systems integrity. The team develops and implements tools and processes to measure and track IT risk and compliance metrics. The team provides guidance to IT functional teams on risk and compliance as it pertains to system development, documentation, testing, monitoring, and reporting.
The team conducts risk assessments and security impact analyses of information systems.
Location:
This is a hybrid role based in our Chicago Loop or Washington, DC office, with a minimum of six days per month in the office. Qualified applicants must be U.S. citizens due to security clearance requirements for projects. DEPARTMENT:
Digital Services & Solutions Security & Compliance NORC's Digital Services & Solutions group provides technology services to our staff and clients. Given the critical role technology plays in our day-to-day lives, we are committed to providing professional, high-quality solutions in order to further our collective goal of advancing social science research. RESPONSIBILITIES:
Work with the team in specifying, documenting, validating, and maintaining IT security & privacy controls to ensure compliance with security. requirements of clients (principally Government) and corporate standards for data and systems integrity. Help develop and implement tools and processes to measure and track IT risk and compliance metrics. Provide guidance to IT functional teams on risk and compliance as it pertains to system development, documentation, testing, monitoring, and reporting.
Assist the team with conducting risk assessments and security impact analyses of information systems.
REQUIRED SKILLS:
Education and
Certifications:
Bachelor’s degree in computer science, Information Technology, or a related field (or equivalent years of experience). Professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or similar certifications. General
Experience:
Minimum of 4 years of experience in information security roles, emphasizing security architecture and engineering solutions. Proven experience in performing network penetration testing, vulnerability scans, and configuration analysis. Experience overseeing project penetration testing activities. Preferred experience as an ISO for federal programs and projects. Experience coordinating communications across vendors, internal stakeholders, and program owners. Experience using CSAM ATO
Experience:
In-depth knowledge and experience guiding information systems through the Authorization to Operate (ATO) process:
Proficient in navigating the complex landscape of ATO processes, demonstrating a successful track record in obtaining authorizations for information systems Extensive knowledge of the steps involved in the ATO process, ensuring compliance with government regulations and standards, including NIST Special Publications and FISMA A proven ability to streamline and expedite ATO timelines without compromising security standards, showcasing efficiency in documentation and regulatory adherence Expertise in developing and presenting comprehensive ATO documentation, including System Security Plans, to accrediting authorities and other relevant stakeholders Demonstrated skill in addressing and mitigating security risks identified during the ATO process, ensuring the secure operation of systems in various environments Exceptional communication skills to articulate ATO requirements, progress, and challenges to both technical and non-technical stakeholders, fostering…
Position Requirements
10+ Years
work experience
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
Search for further Jobs Here:
×