Senior IT Risk and Compliance Analyst
$97k - $120kNational Opinion Research Center - NORC
JOB SUMMARY
NORC at the University of Chicago seeks a Senior IT Risk and Compliance Analyst to join our DSS Security and Compliance group. The successful candidate will be part of an IT Risk and Compliance team, expert in government security standards and regulations. The team is responsible for specifying, documenting, validating, and maintaining IT security & privacy controls to ensure compliance with security requirements of clients (principally Government) and corporate standards for data and systems integrity. The team develops and implements tools and processes to measure and track IT risk and compliance metrics. The team provides guidance to IT functional teams on risk and compliance as it pertains to system development, documentation, testing, monitoring, and reporting. The team conducts risk assessments and security impact analyses of information systems. Location : This is a hybrid role based in our Chicago Loop or Washington, DC office, with a minimum of six days per month in the office. Remote candidates may also be considered. Qualified applicants must be U.S. citizens due to security clearance requirements for projects.DEPARTMENT
NORC's Digital Services & Solutions group provides technology services to our staff and clients. Given the critical role technology plays in our day-to-day lives, we are committed to providing professional, high-quality solutions in order to further our collective goal of advancing social science research.RESPONSIBILITIES
Work with the team in specifying, documenting, validating, and maintaining IT security & privacy controls to ensure compliance with security requirements of clients (principally Government) and corporate standards for data and systems integrity. Help develop and implement tools and processes to measure and track IT risk and compliance metrics. Provide guidance to IT functional teams on risk and compliance as it pertains to system development, documentation, testing, monitoring, and reporting. Assist the team with conducting risk assessments and security impact analyses of information systems.REQUIRED SKILLS
Education and Certifications: Bachelor's degree in computer science, Information Technology, or a related field (or equivalent years of experience). Professional certifications such as CISSP, CISM, or similar certifications. General Experience: Minimum of 4 years of experience in information security roles, emphasizing security architecture and engineering solutions. Proven experience in performing network penetration testing, vulnerability scans, and configuration analysis. Experience overseeing project penetration testing activities. Preferred experience as an ISO for federal programs and projects. Experience coordinating communications across vendors, internal stakeholders, and program owners. Experience using CSAM. ATO Experience: In-depth knowledge and experience guiding information systems through the Authorization to Operate (ATO) process. Proficient with ATO processes, obtaining authorizations for information systems. Extensive knowledge of the steps involved in the ATO process, ensuring compliance with government regulations and standards (NIST SP, FISMA). Ability to streamline and expedite ATO timelines without compromising security standards. Expertise in developing and presenting comprehensive ATO documentation, including System Security Plans, to accrediting authorities and stakeholders. Demonstrated skill in addressing and mitigating security risks identified during the ATO process. Exceptional communication skills to articulate ATO requirements, progress, and challenges to both technical and non-technical stakeholders. Risk Management Experience: Experience in developing threat models and security risk assessments. Ability to recommend mitigations and countermeasures to address identified risks, vulnerabilities, and threats. Experience conducting incident response across vendors, internal stakeholders, and program owners, including implementing, coordinating response plans, overseeing the technical response, and coordinating with legal, technical, and communications teams. Compliance and Documentation: Thorough understanding and experience with government regulations and standards related to information security. In-depth knowledge of security compliance checks and ability to perform audit activities. Experience reviewing and validating security documentation, including system security requirements definition and System Security Plans. Experience conducting penetration testing across multiple vendors, contractors, and consultants meeting stringent client requirements. Communication and Guidance: Strong communication skills with the ability to guide NORC customers on information security policies and regulations. Ability to effectively communicate complex security concepts to both technical and non-technical stakeholders.SALARY AND BENEFITS
The pay range for this position is $97,000 - $120,000. This position is classified as regular. Regular staff are eligible for NORC's comprehensive benefits program. Benefits include, but are not limited to: Generously subsidized health insurance, effective on the first day of employment Dental and vision insurance A defined contribution retirement program, along with a separate voluntary 403(b) retirement program Group life insurance, long-term and short-term disability insurance Benefits that promote work/life balance, including generous paid time off, holidays, paid parental leave, bereavement leave, tuition assistance, and an Employee Assistance Program (EAP). NORC is committed to equity and transparency in its pay practices. We publish salary ranges and benefit information for every job. The listed hiring range reflects what we, in good faith, expect to pay at the time of posting, though actual compensation may vary and may be adjusted over time. A candidate's placement within the range depends on factors such as competencies, education, qualifications, experience, skills, performance, and organizational needs.WHAT WE DO
NORC at the University of Chicago is an objective, non-partisan research institution that delivers reliable data and rigorous analysis to guide critical programmatic, business, and policy decisions. Since 1941, our teams have conducted groundbreaking studies, created and applied innovative methods and tools, and advanced principles of scientific integrity and collaboration. Today, government, corporate, and nonprofit clients around the world partner with us to transform increasingly complex information into useful knowledge.WHO WE ARE
For over 80 years, NORC has evolved in many ways, moving the needle with research methods, technical applications and groundbreaking research findings. But our tradition of excellence, passion for innovation, and commitment to collegiality have remained constant components of who we are as a brand, and who each of us is as a member of the NORC team. With world-class benefits, a business casual environment, and an emphasis on continuous learning, NORC is a place where people join for the stellar research and analysis work for which we’re known, and stay for the relationships they form with their colleagues who take pride in the impact their work is making on a global scale.EEO STATEMENT
NORC is an equal opportunity employer. NORC evaluates qualified applicants without regard to race, color, religion, sex, gender, national origin, disability, status as a protected veteran, sexual orientation, and other legally protected characteristics. #J-18808-Ljbffr National Opinion Research Center - NORCVacancy posted 1 day ago
Similar jobs that could be interesting for youBased on the Senior IT Risk and Compliance Analyst in Washington DC vacancy
$77.6k - $176k
Phase2 Technology is seeking a Cybersecurity Compliance Analyst to design and manage policies ensuring software and database security. The role requires extensive experience in compliance analysis and the ability to communicate cybersecurity posture effectively. Responsibilities...Senior- A leading federal services provider is seeking a Cybersecurity Analyst in Alexandria, VA. This role includes managing governance, risk, and compliance activities to ensure compliance with DoD requirements. The ideal candidate will have at least 10 years of relevant experience...Senior
- ...federal services provider is seeking a Cybersecurity Analyst in Alexandria, VA, focused on governance, risk, and compliance (GRC) activities. The ideal candidate should... ...minimum of 10 years of relevant experience and senior-level cybersecurity certifications. You will lead...Senior
$136k - $197k
Senior Compliance Analyst, Public Sector About the job The Google Compliance team ensures that our business is consistent with current financial... ...Analyst within the Google Public Sector (GPS) Governance, Risk and Compliance (GRC) team, you will act as a strategic lead...SeniorTemporary workLocal areaFlexible hours$111k - $171k
Amentum is seeking a Senior-level Cybersecurity Analyst in Arlington, Virginia, to support the Air Combat Command's cybersecurity initiatives. This position focuses on advanced cybersecurity operations, compliance, and ensuring secure system operations. Successful candidates...Senior- ...Security Specialist in Washington, DC. This position entails developing and implementing IT security standards, monitoring security technology performance, and ensuring compliance with regulations like PCI and HIPAA. Candidates should possess a Bachelor’s degree in Computer...Senior
$77.6k - $176k
Booz Allen Hamilton seeks a skilled professional with 10+ years in compliance analysis to ensure database and software security. You will manage policies, develop innovative solutions, and mentor team members. The ideal candidate will have a Bachelor's degree in cybersecurity...Senior$86k - $101k
...Payment Network Compliance Analyst (Visa/Mastercard/Discover) Citizens is seeking a Payment Network... ...oversight program within the Payments Risk organization. This role is responsible... ...Not a traditional TPRM / vendor risk / IT GRC role Not focused on cybersecurity...Work at officeLocal areaRemote workMonday to FridayFlexible hours- ...Worldwide Enterprises Inc. seeks a Senior Technical Analyst to provide advanced... ...validate deployments, and assess compliance across DIS systems. The role... ...stakeholders to identify risks, measure performance, and recommend... ...background in federal IT, testing, and metrics is...SeniorWorldwide
$92k - $97k
Senior Cyber Security and Compliance Consultant Job Summary The Senior Cyber Security and Compliance Consultant... ...their compliance, cyber security, IT controls, and multiple governance frameworks... ...frameworks, providing solutions for risk mitigation and continuous improvement...SeniorWork at office- Systems Planning and Analysis, Inc. is seeking a National Security Compliance Analyst to provide onsite support at the Mark Center in Alexandria,... ...degree and possess 12+ years of experience, with a focus on risk mitigation practices and compliance agreements. The position...SeniorWork at office
- ...Description SAIC is seeking a Cybersecurity Compliance analyst in Arlington, VA. The roles and responsibilities include providing administrative, technical, and analytical expertise of the Risk Management Framework with knowledge of network operations and vulnerability...
$110k - $120k
...passionate and skilled Digital Compliance Analyst to join our dynamic team! At... ...to secure applications and IT systems is desirable. Flexible... ...mission to help save lives! Seniority level Seniority level Mid-Senior... ...DC-Baltimore Area . Risk and Compliance Senior Associate...Full timeFlexible hours$100k - $150k
Job Description The Senior Information Security Compliance Analyst is a key member of the SRO Compliance & Portfolio Management team, responsible for ensuring... ...assessments, monitoring compliance efforts, managing risk, and providing expert guidance to stakeholders to...SeniorWork experience placement$90k - $200k
...Senior Manager, Investigations, Diligence, and Compliance - Specialist Kroll’s North American Investigations, Diligence and Compliance practice is seeking a Senior... ..., internal (client) investigations, insider risk compliance assessments, consulting projects and forensic...SeniorTemporary workFlexible hours- One Federal Solution in Washington, D.C. is seeking a Senior Security Risk Management Subject Matter Expert. The role involves providing risk management expertise, supporting A&A, and ensuring compliance with FISMA guidelines. The ideal candidate will have over 10 years...Senior
- Nubank is seeking an AI and Agentic AI Risk Management Senior Specialist to build risk management frameworks and ensure AI system quality. This role involves independent assessments of AI systems and developing metrics for monitoring AI risks. Candidates should have a...Senior
- Management Solutions LLC is seeking a Risk Manager to support mission-critical services in... ...managing risks associated with federal IT initiatives and requires strong analytical... ...management processes while engaging with senior government stakeholders. A bachelor's degree...Senior
- Management Solutions is looking for a Risk Manager to support federal IT and cybersecurity services in the Washington, DC area. This role requires a... ...comprehensive risk management strategies, working closely with senior government stakeholders. Benefits include medical...Senior
- JCD Staffing is seeking a Senior Cybersecurity Supply Chain Risk Management Analyst in Washington, DC, to support federal cybersecurity initiatives. This role focuses on identifying and mitigating risks related to complex supply chains, requiring an active TS clearance...Senior
- Fluence is seeking a senior-level Internal Audit Manager based in Arlington, Virginia. This full-time role focuses on leading audits and... ...will possess strong internal audit experience and expertise in risk management. As part of a fast-paced team, you'll work across functions...SeniorFull time
- ...specialists ready to tackle critical cybersecurity challenges. Ideal candidates should have an active Top Secret clearance, 5-7 years of IT security experience, and a strong background in information assurance tools. Responsibilities include researching security controls,...Senior
$97k - $120k
NORC at the University of Chicago is seeking a Senior IT Risk and Compliance Analyst for a critical role within the DSS Security and Compliance group. The successful candidate must have expertise in government security standards and a strong background in IT risk management...SeniorWork at office- MISSION ONE, LLC is seeking a Senior Cybersecurity Advisor to provide strategic leadership in cybersecurity, focusing on governance, risk management, and compliance. The ideal candidate will possess extensive experience advising on cybersecurity policies, frameworks, and...Senior
- Nubank is seeking an AI and Agentic AI Risk Management Senior Specialist to define and manage risk frameworks for AI systems. This hands-on technical position requires strong experience in model risk management, with substantial knowledge in Python and SQL. The ideal candidate...Senior
- The VP Senior Compliance Officer (SCO) is responsible for assisting in the coordination of the development... ...framework, to assess and mitigate the risk exposures, and to ensure the Branch... ...systems integration with HO and local IT, project team and local management as and...SeniorWork at officeLocal area
- ...experienced professional in Washington, DC, to provide analytical support in managing cybersecurity risks within supply chains. Ideal candidates will have a background in IT, combined with a bachelor's degree, relevant certifications like Network+ and Security+, and at...Senior
- Strive Health in Washington, DC is seeking a Senior Analyst to review client data for completeness and accuracy, aiding in the transformation of chronic conditions. The role includes auditing contracts and collaborating with various departments to add value. Candidates...SeniorRemote work
- Management Solutions, LLC seeks a Risk Manager in the Washington, DC area. This client-facing role involves supporting federal IT services, identifying and mitigating risks linked... ...risk strategies and engaging with senior stakeholders. A comprehensive benefits package...Senior
- ABS Group is seeking a Senior Consultant II to provide technical expertise in maritime risk management. The role involves leading consulting tasks for clients and... ...conducting risk assessments, supporting regulatory compliance, and maintaining client relationships. #J-1880...SeniorRemote work
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Senior IT Risk and Compliance Analyst. Be the first to apply!
Related searches
- senior quantitative risk analyst Washington DC
- information risk analyst Washington DC
- it risk analyst Washington DC
- risk consultant Washington DC
- operational risk consultant Washington DC
- third party risk analyst Washington DC
- risk analyst Washington DC
- risk officer Washington DC
- transaction risk analyst Washington DC
- governance risk & compliance analyst Washington DC

