Senior IT Risk and Compliance Analyst
Listed on 2026-07-14
-
IT/Tech
Cybersecurity, Information Security, IT Consultant
Job Summary
NORC at the University of Chicago seeks a Senior IT Risk and Compliance Analyst to join the DSS Security and Compliance group. The successful candidate will be part of an IT Risk and Compliance team, expert in government security standards and regulations.
LocationThis is a hybrid role based in our Chicago Loop or Washington, DC office, with a minimum of six days per month in the office. Qualified applicants must be U.S. citizens due to security clearance requirements for projects.
Responsibilities- Specify, document, validate, and maintain IT security and privacy controls to ensure compliance with clients’ (principally Government) security requirements and corporate standards for data and systems integrity.
- Develop and implement tools and processes to measure and track IT risk and compliance metrics.
- Provide guidance to IT functional teams on risk and compliance as it pertains to system development, documentation, testing, monitoring, and reporting.
- Conduct risk assessments and security impact analyses of information systems.
- Bachelor’s degree in computer science, information technology, or a related field (or equivalent experience).
- Professional certifications such as CISSP, CISM, or similar.
- Minimum of 4 years in information security roles, emphasizing security architecture and engineering solutions.
- Proven experience in performing network penetration testing, vulnerability scans, and configuration analysis.
- Experience overseeing project penetration testing activities.
- Preferred experience as an ISO for federal programs and projects.
- Experience coordinating communications across vendors, internal stakeholders, and program owners.
- Experience using CSAM.
- In-depth knowledge guiding information systems through the Authorization to Operate (ATO) process.
- Demonstrated success in obtaining authorizations for information systems and navigating related regulations (NIST SP, FISMA).
- Ability to streamline and expedite ATO timelines while maintaining security standards.
- Expertise in developing and presenting comprehensive ATO documentation, including System Security Plans.
- Skill in addressing and mitigating security risks identified during the ATO process.
- Exceptional communication skills to articulate ATO requirements, progress, and challenges to both technical and non-technical stakeholders.
- Developed threat models and conducted security risk assessments.
- Recommended mitigations and countermeasures for identified risks and vulnerabilities.
- Executed incident response across vendors, internal stakeholders, and program owners, including coordinating technical response, legal, and communication efforts.
- Strong understanding of government regulations and standards related to information security.
- Performs security compliance checks and audit activities.
- Reviews and validates security documentation such as system security requirements definitions and System Security Plans.
- Conducts penetration testing across multiple vendors, contractors, and consultants to meet stringent client requirements.
- Strong communication skills to guide NORC customers on security policies and regulations.
- Effectively explains complex security concepts to both technical and non-technical stakeholders.
The pay range is $97,000 - $120,000. This position is classified as regular staff, eligible for NORC’s comprehensive benefits program.
Benefits- Generously subsidized health insurance, effective on the first day of employment.
- Dental and vision insurance.
- Defined contribution retirement program and a separate voluntary 403(b) program.
- Group life insurance, long‑term and short‑term disability insurance.
- Work/life balance benefits: generous paid time off, holidays, paid parental leave, bereavement leave, tuition assistance, and an Employee Assistance Program (EAP).
NORC at the University of Chicago is an objective, non‑partisan research institution that delivers reliable data and rigorous analysis to guide critical programmatic, business, and policy decisions. We collaborate with government, corporate, and nonprofit clients worldwide to transform complex information into actionable insights.
Who We AreFor 80+ years, NORC has advanced research methods, technology, and academic collaboration. We pride ourselves on excellence, innovation, and collegiality. NORC offers a business‑casual environment, continuous learning opportunities, and a supportive culture where people thrive.
EEO StatementNORC is an equal opportunity employer. NORC evaluates qualified applicants without regard to race, color, religion, sex, gender, national origin, disability, status as a protected veteran, sexual orientation, or any other legally protected characteristic.
#J-18808-Ljbffr(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).