The University of Chicago is an urban research university that has driven new ways of thinking since 1890. Our commitment to free and open inquiry draws inspired scholars to our global campuses, where ideas are born that challenge and change the world. We empower individuals to challenge conventional thinking in pursuit of original ideas. Students in the College develop critical, analytic, and writing skills in our rigorous, interdisciplinary core curriculum. Through graduate programs, students test their ideas with UChicago scholars, and become the next generation of leaders in academia, industry, nonprofits, and government. To learn more about the university click here http://www.uchicago.edu/ Department F&A ITS - Risk and Compliance About the Department IT Services collaborates with campus partners to support the mission of the University of Chicago through the consistent delivery of high-quality solutions and services. • We provide secure, stable, and reliable infrastructure and applications to support the mission of the University. • We support and enable faculty research and teaching with the effective use of technology. • We simplify the technology experience for faculty, students, alumni, and staff, and we ensure technology is mobile-friendly and accessible. • We identify, manage, and mitigate the technology risks of the University. Job Summary The Governance, Risk, and Compliance Manager is responsible for assessing and documenting the University’s compliance and risk posture as they relate to information assets. Under the general direction of the Director of Information Assurance, this position is responsible for providing consultation and assessments of risks and vulnerabilities; developing and tracking the progress of risk remediation plans; implementing security standards, policies, and controls; and representing the Risk Management program in campus forums. This role provides information security expertise for the development and implementation of the information security risk management program. Responsibilities require leadership and project management experience, as well as expertise to ensure effective security analysis; risk assessment; awareness, and education; and partner in the development of policies, standards, and guidelines. Responsibilities Hires, trains, and manages work of IT risk personnel. Leads staff to conduct in-depth information technology risk assessments, make recommendations, and design improvements to IT security procedures. Acts as a mentor to staff providing information security consulting and awareness efforts. Partners in developing Information Assurance team process documentation to enable team efficiency. Supports all other team workloads and business needs as required. Recommends programmatic and technical directions; and operates with a high degree of independence in matters relating to decisions regarding risk. Operates with a high degree of independence with regard to project management activities, including development of project plans and resource estimates. Partners in the development and implementation of the system-wide risk management function of the information security program to ensure information security risks are identified and monitored. Develops and implements effective and reasonable policies and practices to secure protected and sensitive data and ensures information security and compliance with relevant legislation and legal interpretation. Executes strategy for dealing with increasing number of audits, compliance checks and external assessment processes for internal/external auditors, PCI DSS, NIST 800-171, HIPAA. Interacts in both oral and written communications with all levels of System staff including developers and other IT Services staff, campus technical staff, general counsel, auditors, and all System staff and students and technology vendors and contractors, in matters related to information security and awareness. Works with Internal Audit, Office of Legal Counsel, University Research Administration and outside consultants as appropriate on required security assessments and audits. Coordinates and tracks information technology and security related audits including scope of audits, divisions/units involved, timelines, auditing agencies and outcomes. Partners with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provides a consistent perspective that continually puts the institution in its best light. Provides guidance, evaluation, and advocacy on audit responses. Creates plans to monitor, evaluate, and maintain systems and procedures to protect the data systems and databases from unauthorized users. Acts as a liaison to campus legal and administrative authorities as well as outside law enforcement agencies to communicate security procedures to relevant parties. Performs other related work as needed. Minimum Qualifications Education: Minimum requirements include a college or university degree in related field. --- Work Experience: Minimum requirements include knowledge and skills developed through 7 years of work experience in a related job discipline. --- Certifications: --- Preferred Qualifications Experience: Minimum five years of experience in management. Five years of planning and managing projects. Experience with legal, security or compliance frameworks such as FERPA, HIPAA, PCI-DSS, NIST 800-53, or similar. Information security experience in higher education or state/local government. Experience performing information security audits or risk assessments. Technical Skills or Knowledge: Knowledge of information security risk management frameworks and compliance practices. Develop security standards and guidelines based on best practices and industry standards. Understanding of common security standards and regulations relating to a higher education environment (e.g., PCI DSS, FERPA, 800-53, 800-171, CSF, etc.). Proficent in documenting risk and compliance activities. Familiarity with security auditing processes. Preferred Competencies Excellent verbal and written communication skills, especially in conveying technical concepts to a non-technical audience. Handle multiple tasks and substantial deadline pressure. Respond to changing priorities and operate effectively in a dynamic environment. Weigh business needs against security concerns. Excellent interpersonal, communication, and presentation skills, including formal report writing experience. Working Conditions Standard office environment. Extensively use computer. Make repetitive wrist, hand, or finger movements. Sit for short or extended time periods. Handle emergency situations and infrastructure maintenance outside of normal business hours. Application Documents Resume/CV (required) Cover Letter (required) When applying, the document(s) MUST be uploaded via the My Experience page, in the section titled Application Documents of the application. Job Family Information Technology Role Impact People Manager FLSA Status Exempt Pay Frequency Monthly Scheduled Weekly Hours 37.5 Benefits Eligible Yes Drug Test Required No Health Screen Required No Motor Vehicle Record Inquiry Required No Posting Statement Employees must comply with the University’s COVID-19 vaccination requirements. More information about the requirements can be found on the University of Chicago Vaccination GoForward. The University of Chicago is an Affirmative Action/Equal Opportunity/Disabled/Veterans Employer and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national or ethnic origin, age, status as an individual with a disability, protected veteran status, genetic information, or other protected classes under the law. For additional information please see the University's Notice of Nondiscrimination. Staff Job seekers in need of a reasonable accommodation to complete the application process should call 773-702-5800 or submit a request via Applicant Inquiry Form. We seek a diverse pool of applicants who wish to join an academic community that places the highest value on rigorous inquiry and encourages a diversity of perspectives, experiences, groups of individuals, and ideas to inform and stimulate intellectual challenge, engagement, and exchange. All offers of employment are contingent upon a background check that includes a review of conviction history. A conviction does not automatically preclude University employment. Rather, the University considers conviction information on a case-by-case basis and assesses the nature of the offense, the circumstances surrounding it, the proximity in time of the conviction, and its relevance to the position. The University of Chicago's Annual Security & Fire Safety Report (Report) provides information about University offices and programs that provide safety support, crime and fire statistics, emergency response and communications plans, and other policies and information. The Report can be accessed online at: http://securityreport.uchicago.edu. Paper copies of the Report are available, upon request, from the University of Chicago Police Department, 850 E. 61st Street, Chicago, IL 60637.