Hires, trains, and manages work of IT risk personnel.
Leads staff to conduct in-depth information technology risk assessments, make recommendations, and design improvements to IT security procedures.
Acts as a mentor to staff providing information security consulting and awareness efforts.
Partners in developing Information Assurance team process documentation to enable team efficiency.
Supports all other team workloads and business needs as required.
Recommends programmatic and technical directions; and operates with a high degree of independence in matters relating to decisions regarding risk.
Operates with a high degree of independence with regard to project management activities, including development of project plans and resource estimates.
Partners in the development and implementation of the system-wide risk management function of the information security program to ensure information security risks are identified and monitored.
Develops and implements effective and reasonable policies and practices to secure protected and sensitive data and ensures information security and compliance with relevant legislation and legal interpretation.
Executes strategy for dealing with increasing number of audits, compliance checks and external assessment processes for internal/external auditors, PCI DSS, NIST 800-171, HIPAA.
Interacts in both oral and written communications with all levels of System staff including developers and other IT Services staff, campus technical staff, general counsel, auditors, and all System staff and students and technology vendors and contractors, in matters related to information security and awareness.
Works with Internal Audit, Office of Legal Counsel, University Research Administration and outside consultants as appropriate on required security assessments and audits.
Coordinates and tracks information technology and security related audits including scope of audits, divisions/units involved, timelines, auditing agencies and outcomes. Partners with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provides a consistent perspective that continually puts the institution in its best light.Â Provides guidance, evaluation, and advocacy on audit responses.
Creates plans to monitor, evaluate, and maintain systems and procedures to protect the data systems and databases from unauthorized users.
Acts as a liaison to campus legal and administrative authorities as well as outside law enforcement agencies to communicate security procedures to relevant parties.
Performs other related work as needed.
Minimum five years of experience in management.
Five years of planning and managing projects.
Experience with legal, security or compliance frameworks such as FERPA, HIPAA, PCI-DSS, NIST 800-53, or similar.
Information security experience in higher education or state/local government.
Experience performing information security audits or risk assessments.
Technical Skills or Knowledge:
Knowledge of information security risk management frameworks and compliance practices.
Develop security standards and guidelines based on best practices and industry standards.
Understanding of common security standards and regulations relating to a higher education environment (e.g., PCI DSS, FERPA, 800-53, 800-171, CSF, etc.).
Proficent in documenting risk and compliance activities.
Familiarity with security auditing processes.
Excellent verbal and written communication skills, especially in conveying technical concepts to a non-technical audience.
Handle multiple tasks and substantial deadline pressure.
Respond to changing priorities and operate effectively in a dynamic environment.
Weigh business needs against security concerns.
Excellent interpersonal, communication, and presentation skills, including formal report writing experience.
Standard office environment.
Extensively use computer.
Make repetitive wrist, hand, or finger movements.
Sit for short or extended time periods.
Handle emergency situations and infrastructure maintenance outside of normal business hours.
Cover Letter (required)
The University of Chicago is an Affirmative Action/Equal Opportunity/Disabled/Veterans Employer and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national or ethnic origin, age, status as an individual with a disability, protected veteran status, genetic information, or other protected classes under the law. For additional information please see the University's Notice of Nondiscrimination.
Staff Job seekers in need of a reasonable accommodation to complete the application process should call 773-702-5800 or submit a request via the Applicant Inquiry Form.
The University of Chicago's Annual Security & Fire Safety Report (Report) provides information about University offices and programs that provide safety support, crime and fire statistics, emergency response and communications plans, and other policies and information. The Report can be accessed online at: securityreport.uchicago.edu. Paper copies of the Report are available, upon request, from the University of Chicago Police Department, 850 E. 61st Street, Chicago, IL 60637.
One of the world's premier academic and research institutions, the University of Chicago has driven new ways of thinking since our 1890 founding. Today, UChicago is an intellectual destination that draws inspired scholars to our Hyde Park and international campuses, keeping UChicago at the nexus of ideas that challenge and change the world.