• The qualified candidate must have practical experience in participating in both internal and external compliance audits
• The IT Security Compliance Analyst will participate in meetings, provide all required documentation, identify deficiencies, and create remediation plans
• The IT Security Compliance Analyst will provide continuous monitoring of security against client contract requirements
• Tracking and reporting remediation of POA&Ms as well as supporting remediation activities in coordination with clients and Security Engineers
• They must be familiar with and be expert in government compliance regulations such as CCPA/CPRA, FISMA, Section 508, NIST SP 800-53, and HIPAA Security & Privacy
• The Compliance Analyst develops policies, procedures, and automated processes to ensure the company’s IT environment continues to meet all applicable standards and recommendations
• Strong customer service orientation and a demonstrated ability to transfer knowledge, both as a mentor to technical staff and as a translator for less technical management
• Ability to establish rapport with highly educated researchers in NORC’s collegial environment is essential
• They must be a self-starter, team player, and effective communicator (both written and oral)
• Facilitate security and IT compliance in a hybrid, multi-tenant infrastructure

• Current security compliance certification such as Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC) or System Security Certified Practitioner (SSCP)
• At least 5 years of experience in IT security, risk assessment, or compliance in a government contract environment
• Experience with creating and maintaining IT audit control processes to assess the suitability and applicability of technical, managerial, and operational security controls against security and regulatory frameworks
• Experience with GRC (Governance, Risk, and Compliance) systems or IRM (Information Risk Management) systems for tracking and monitoring multiple systems and assessments against multiple frameworks
• Experience in monitoring and maintaining compliance of a hybrid multi-tenant infrastructure
• Knowledge of current privacy regulations preferred, such as CCPA/CPRA, GDPR, and the HIPAA Privacy Rule
• In-depth understanding of information security practices at all layers of the IT infrastructure, to include network, servers, databases, and applications
• General understanding of IT infrastructure, operating systems, database, and application operations
• Previous experience in the advanced use of information security assessment techniques (e.g., vulnerability scanning, penetration testing, verification of application security, etc.)
• Previous experience working with the HIPAA Security and Privacy Rules, as well as the HITRUST Common Security Framework (CSF)
• MUST HAVE Experience with FedRAMP and FISMA, including but not limited to the review and development of ATO security documentation and templates such as SSPs, POA&Ms, Contingency Plans, Scoping templates
• Excellent verbal and written communication skills
• Preferred but not required: Bachelor’s degree in management information systems, Computer Science, Accounting, Business Administration or other comparable degree or experience

NORC at the University of Chicago is an objective, non-partisan research institution that delivers reliable data and rigorous analysis to guide critical programmatic, business, and policy decisions. Since 1941, our teams have conducted groundbreaking studies, created and applied innovative methods and tools, and advanced principles of scientific integrity and collaboration. Today, government, corporate, and nonprofit clients around the world partner with us to transform increasingly complex information into useful knowledge.

For over 80 years, NORC has evolved in many ways, moving the needle with research methods, technical applications and groundbreaking research findings. But our tradition of excellence, passion for innovation, and commitment to collegiality have remained constant components of who we are as a brand, and who each of us is as a member of the NORC team. With world-class benefits, a business casual environment, and an emphasis on continuous learning, NORC is a place where people join for the stellar research and analysis work for which we’re known, and stay for the relationships they form with their colleagues who take pride in the impact their work is making on a global scale.

NORC is an affirmative action, equal opportunity employer that values and actively seeks diversity in the workforce. NORC evaluates qualified applicants without regard to race, color, religion, sex, national origin, disability, status as a protected veteran, sexual orientation, gender identity, and other legally protected characteristics.