Job Description:

• Development of diverse and impactful risk metrics around information security risks.
• Monitor and manage compliance of implemented enterprise information security controls.
• Conduct risk analysis, assessments, and security audits using internal solutions and third-party vendor partners.
• Identify, implement, monitor, and enforce information security compliance, regulatory, and control frameworks.
• Provide Information Security consulting and security awareness education.
• Improve, monitor, and coordinate Third Party Vendor Risk Management activities.
• Conduct research on information security best practices, solutions, strategies.
• Develop, maintain, and enforce strong information security policy, procedures, standards, and position papers.
• Develop, maintain, and enforce strong security governance of all Information Security strategy and operational process.
• Planning and reviewing annually the risks influencing the effectiveness of information security, privacy, and Information security risk management.
• Represent Information Security and foster positive collaboration amongst CTDS peers, University departments, agency sponsors, and organizational partners.

• With moderate direction from others, performs procedures necessary to ensure the safety of information systems. Monitors system activity and identifies potential threats. Responds to detected and reported security violations.

• Researches, recommends, and implements changes to procedures and systems to enhance data systems security.

• Communicates with users to understand their security needs and supports the implementation of procedures to accommodate them. Ensures that user community understands and adheres to necessary procedures to maintain security.

• Performs other related work as needed.

Preferred Qualifications

Experience:

• 5-7 years business/technical/information security/risk compliance experience desired.
• Experience in information security risk analysis, auditing, compliance, policies, and overall governance and communication.
• Demonstrated success implementing and Information Security control frameworks and standards such as ITIL, CIS Top 20, Soc2, GDPR, NIST CSF / 800-53, FISMA, and FedRAMP.
• Strong knowledge of audit and risk management methodologies, such as COBIT, NIST 800-37/800-30, FAIR.
• Experience with GRC, IAM, and risk management tools and solutions.
• Experience with information security tools and solutions.

Licenses and Certifications:

• CISA, CRISC, GIAC, CISM, or CISSP Certifications desired.

Preferred Competencies

• Knowledge of hybrid IT systems, networking, and cloud environments (AWS, Google, etc.).
• Ability to respond to changing priorities and operate effectively in a dynamic demand-based environment, requiring extreme flexibility and responsiveness.
• Ability to weigh Center, partner, and agency needs against security and risk tolerance.
• Ability to conceptualize a course of action and to organize for the successful completion of that action are critical, often under tight deadlines.
• Ability to present information in a consistent and concise manner.
• Strong written and verbal communication skills and ability to foster collaborative working relationships.

Working Conditions

• Office environment.

Application Documents

• Resume (required)
• Cover Letter ( preferred)

The University of Chicago is an Affirmative Action/Equal Opportunity/Disabled/Veterans Employer and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national or ethnic origin, age, status as an individual with a disability, protected veteran status, genetic information, or other protected classes under the law. For additional information please see the University's Notice of Nondiscrimination.

Staff Job seekers in need of a reasonable accommodation to complete the application process should call 773-702-5800 or submit a request via the Applicant Inquiry Form.

The University of Chicago's Annual Security & Fire Safety Report (Report) provides information about University offices and programs that provide safety support, crime and fire statistics, emergency response and communications plans, and other policies and information. The Report can be accessed online at: securityreport.uchicago.edu. Paper copies of the Report are available, upon request, from the University of Chicago Police Department, 850 E. 61st Street, Chicago, IL 60637.