Governance, Risk, and Compliance Lead | University of Chicago (UC)

Location : Chicago, IL Job Description : Leads implementation and maintenance of NIST risk management framework and 800-53 controls to manage security and privacy risks for the Unit.

Develops compliance strategy, and leads and executes various tasks based on those strategies, including development and maintenance of policies and procedures, system security plan, plans of actions and milestones.

Reviews technical procedures developed by the operations team, and ensure compliance with policies. Supports the operations team in managing security incidents, generating reports, and serving as the primary liaison for communication with both internal and external stakeholders, in adherence to established policies.

Serves as compliance lead on internal and external assessments and audits. Assists customers with security risk assessment of Globus products, and owns all customer communication on security and compliance.

Collaborates with the procurement team to review contract terms and data protection agreements pertaining to product and operational security.

Ensures that contractual obligations are in line with the current operational standards of Globus. Serves as a mentor to staff providing compliance and security consulting and awareness efforts, including engaging with the product team to analyze security of applications to provide risk recommendations.

Uses a deep understanding of IT expertise to develop and implement security and compliance policies, guidelines, and safe practices for the unit.

Leads teams to conduct in-depth information technology risk assessments; makes recommendations and designs improvements to IT security procedures.

Performs other related work as needed. Preferred Qualifications Experience : Implementation of security or compliance frameworks such as HIPAA, NIST SP 800-53r5, NIST SP 800-171, or similar.

Maintaining security and compliance for production applications within cloud-based environments, with a preference for Amazon Web Services.

Proficiency in cybersecurity and compliance within higher education and / or government sectors. Demonstrated experience in conducting information security audits or risk assessments.

Experience as security and / or network engineer and / or system administration. Licenses and Certifications : Relevant security certifications such as CISSP, CISM, CISA, CRISC, or compliance certifications, and / or SANS GIAC certification for technical knowledge (e.

g. GWAPT, GPCS, GWEB). Technical Skills or Knowledge : Proven track record of managing Governance, Risk and Compliance programs and supporting various compliance frameworks, including NIST RMF, SOC 1 / SOC 2, HITRUST, HIPAA, and / or optionally FedRAMP Strong knowledge of information security risk management frameworks, such as NIST RMF, and compliance practices.

Demonstrated proficiency in administering intricate security controls and configurations for applications. Well-versed in public cloud security and compliance best practices, particularly in supporting compliance for applications hosted on cloud platforms.

Expertise in AWS security controls and compliance resources. Some familiarity with Governance Risk and Compliance tools and suites (e.

g. Navex, LogicGate). Preferred Competencies Strong crisis management and leadership ability. Work collaboratively with cross-functional teams, especially in an engineering and product environment, and build consensus across teams.

Enjoys solving complex and hard problems and can turn incomplete, conflicting, or ambiguous inputs into actionable plans.

Excellent verbal and written communication skills. Strong analytical and problem solving skills. Excellent organizational skills and constant attention to detail.

Work independently, and balance competing priorities. Weigh business needs against security concerns. Working Conditions Occasional evening or weekend hours.

Option available for hybrid work with occasional required attendance at in-person meetings. Application Documents Resume / CV (required) The University of Chicago is an Affirmative Action / Equal Opportunity / Disabled / Veterans Employer and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national or ethnic origin, age, status as an individual with a disability, protected veteran status, genetic information, or other protected classes under the law.

For additional information please see the University's Notice of Nondiscrimination. Staff Job seekers in need of a reasonable accommodation to complete the application process should call 773-702-5800 or submit a request via the Applicant Inquiry Form.

The University of Chicago's Annual Security & Fire Safety Report (Report) provides information about University offices and programs that provide safety support, crime and fire statistics, emergency response and communications plans, and other policies and information.

The Report can be accessed online at : securityreport.uchicago.edu. Paper copies of the Report are available, upon request, from the University of Chicago Police Department, 850 E.

61st Street, Chicago, IL 60637.