NORC at the University of Chicago seeks a Manager of Security & Compliance for its IT department in our Bethesda, Maryland office.

NORC's Information Technology department provides technology services to our staff and clients. Given the critical role technology plays in our day-to-day lives, we are committed to delivering professional, high-quality solutions to achieve our collective goal of advancing social science research.

• Provide supervision and leadership for the IT compliance team responsible for specifying, documenting, and maintaining IT security policies and controls to ensure the protection of electronic assets and compliance with security requirements of clients (principally Government) and corporate standards for data and systems integrity


• Manage security compliance engagement activities and support existing compliance control


• Develop and implement tools and processes to measure and track security control metrics


• Provide executive level reporting on the current status and expected changes in the compliance requirements


• Provide guidance to IT functional teams on security compliance as it pertains to system development, documentation, testing, monitoring and reporting


• Manage NORC Risk Management program. Conduct risk assessments and security impact analysis of information systems;


• Participate in project meetings, provide all required documentation, identify deficiencies and create remediation plans


• Develop policies, procedures, and automated processes to ensure the company's IT environment continues to meet all applicable standards and recommendations


• Maintain all NIST 800-53 Standard Operating Procedure control documentation


• Manage daily activities of compliance team members, develop short term and long term compliance strategies

• BS in MIS, Computer Science, IT auditing or other comparable degree; Master's Degree preferred


• At least 8 years of experience in IT risk assessment, or compliance in a Government contract environment. Knowledge of compliance regulations and control frameworks such as NIST 800-53, FISMA, HIPAA and Fedramp


• At least 5 years of management supervision experience. Set team priorities, coordinate team tasks, mentor staff and handle any staff escalations. Create and develop a budget


• Current security compliance certification such as Certified Information Systems Auditor (CISA) or Certified Internal Auditor certification (CIA)


• Experience with creating and maintaining IT audit control processes; experience in Government security standards and regulations;


• Practical experience in participating in both internal and external compliance audits. Experience in managing the NIST 800-53 Authorization to Operate (ATO) approval process required. Experience transitioning to NIST 800-53 rev 5 preferred


• Project Management experience managing team projects and cross functional projects


• In-depth understanding of information security compliance practices at all layers of the IT infrastructure: network, servers, databases, applications including cloud systems and third party compliance


• Experience using Governance Risk and Compliance (GRC) tools to manage, test and document the performance of IT controls


• Experience auditing and reviewing identity and access privileges of employees and contractors including performing Identity and Access management Attestation reports across the organization


• Previous experience in the advanced use of information security assessment techniques (e.g., vulnerability scanning, penetration testing, verification of application security, etc.)


• Knowledgeable about data privacy compliance


• Familiarity with managing a Security Awareness training program


• Managerial experience managing technical employees


• Excellent communication and people skills

NORC at the University of Chicago is an objective, non-partisan research institution that delivers reliable data and rigorous analysis to guide critical programmatic, business, and policy decisions. Since 1941, our teams have conducted groundbreaking studies, created and applied innovative methods and tools, and advanced principles of scientific integrity and collaboration. Today, government, corporate, and nonprofit clients around the world partner with us to transform increasingly complex information into useful knowledge.

For over 75 years, NORC has evolved in many ways, moving the needle with research methods, technical applications and groundbreaking research findings. But our tradition of excellence, passion for innovation, and commitment to collegiality have remained constant components of who we are as a brand, and who each of us is as a member of the NORC team. With world-class benefits, a business casual environment, and an emphasis on continuous learning, NORC is a place where people join for the stellar research and analysis work for which we're known, and stay for the relationships they form with their colleagues who take pride in the impact their work is making on a global scale.

NORC is an affirmative action, equal opportunity employer that values and actively seeks diversity in the workforce. NORC evaluates qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status, sexual orientation, gender identity, and other legally- protected characteristics.