Sign up to access all features of our service.
  • Job search
  • Favorites
  • Create a CV
    New
  • Salaries
  • Subscriptions

Senior IT Risk and Compliance Analyst

$97k - $120k

National Opinion Research Center - NORC

JOB SUMMARY

NORC at the University of Chicago seeks a Senior IT Risk and Compliance Analyst to join our DSS Security and Compliance group. The successful candidate will be part of an IT Risk and Compliance team, expert in government security standards and regulations. The team is responsible for specifying, documenting, validating, and maintaining IT security & privacy controls to ensure compliance with security requirements of clients (principally Government) and corporate standards for data and systems integrity. The team develops and implements tools and processes to measure and track IT risk and compliance metrics. The team provides guidance to IT functional teams on risk and compliance as it pertains to system development, documentation, testing, monitoring, and reporting. The team conducts risk assessments and security impact analyses of information systems. Location : This is a hybrid role based in our Chicago Loop or Washington, DC office, with a minimum of six days per month in the office. Remote candidates may also be considered. Qualified applicants must be U.S. citizens due to security clearance requirements for projects.

DEPARTMENT

NORC's Digital Services & Solutions group provides technology services to our staff and clients. Given the critical role technology plays in our day-to-day lives, we are committed to providing professional, high-quality solutions in order to further our collective goal of advancing social science research.

RESPONSIBILITIES

Work with the team in specifying, documenting, validating, and maintaining IT security & privacy controls to ensure compliance with security requirements of clients (principally Government) and corporate standards for data and systems integrity. Help develop and implement tools and processes to measure and track IT risk and compliance metrics. Provide guidance to IT functional teams on risk and compliance as it pertains to system development, documentation, testing, monitoring, and reporting. Assist the team with conducting risk assessments and security impact analyses of information systems.

REQUIRED SKILLS

Education and Certifications: Bachelor's degree in computer science, Information Technology, or a related field (or equivalent years of experience). Professional certifications such as CISSP, CISM, or similar certifications. General Experience: Minimum of 4 years of experience in information security roles, emphasizing security architecture and engineering solutions. Proven experience in performing network penetration testing, vulnerability scans, and configuration analysis. Experience overseeing project penetration testing activities. Preferred experience as an ISO for federal programs and projects. Experience coordinating communications across vendors, internal stakeholders, and program owners. Experience using CSAM. ATO Experience: In-depth knowledge and experience guiding information systems through the Authorization to Operate (ATO) process. Proficient with ATO processes, obtaining authorizations for information systems. Extensive knowledge of the steps involved in the ATO process, ensuring compliance with government regulations and standards (NIST SP, FISMA). Ability to streamline and expedite ATO timelines without compromising security standards. Expertise in developing and presenting comprehensive ATO documentation, including System Security Plans, to accrediting authorities and stakeholders. Demonstrated skill in addressing and mitigating security risks identified during the ATO process. Exceptional communication skills to articulate ATO requirements, progress, and challenges to both technical and non-technical stakeholders. Risk Management Experience: Experience in developing threat models and security risk assessments. Ability to recommend mitigations and countermeasures to address identified risks, vulnerabilities, and threats. Experience conducting incident response across vendors, internal stakeholders, and program owners, including implementing, coordinating response plans, overseeing the technical response, and coordinating with legal, technical, and communications teams. Compliance and Documentation: Thorough understanding and experience with government regulations and standards related to information security. In-depth knowledge of security compliance checks and ability to perform audit activities. Experience reviewing and validating security documentation, including system security requirements definition and System Security Plans. Experience conducting penetration testing across multiple vendors, contractors, and consultants meeting stringent client requirements. Communication and Guidance: Strong communication skills with the ability to guide NORC customers on information security policies and regulations. Ability to effectively communicate complex security concepts to both technical and non-technical stakeholders.

SALARY AND BENEFITS

The pay range for this position is $97,000 - $120,000. This position is classified as regular. Regular staff are eligible for NORC's comprehensive benefits program. Benefits include, but are not limited to: Generously subsidized health insurance, effective on the first day of employment Dental and vision insurance A defined contribution retirement program, along with a separate voluntary 403(b) retirement program Group life insurance, long-term and short-term disability insurance Benefits that promote work/life balance, including generous paid time off, holidays, paid parental leave, bereavement leave, tuition assistance, and an Employee Assistance Program (EAP). NORC is committed to equity and transparency in its pay practices. We publish salary ranges and benefit information for every job. The listed hiring range reflects what we, in good faith, expect to pay at the time of posting, though actual compensation may vary and may be adjusted over time. A candidate's placement within the range depends on factors such as competencies, education, qualifications, experience, skills, performance, and organizational needs.

WHAT WE DO

NORC at the University of Chicago is an objective, non-partisan research institution that delivers reliable data and rigorous analysis to guide critical programmatic, business, and policy decisions. Since 1941, our teams have conducted groundbreaking studies, created and applied innovative methods and tools, and advanced principles of scientific integrity and collaboration. Today, government, corporate, and nonprofit clients around the world partner with us to transform increasingly complex information into useful knowledge.

WHO WE ARE

For over 80 years, NORC has evolved in many ways, moving the needle with research methods, technical applications and groundbreaking research findings. But our tradition of excellence, passion for innovation, and commitment to collegiality have remained constant components of who we are as a brand, and who each of us is as a member of the NORC team. With world-class benefits, a business casual environment, and an emphasis on continuous learning, NORC is a place where people join for the stellar research and analysis work for which we’re known, and stay for the relationships they form with their colleagues who take pride in the impact their work is making on a global scale.

EEO STATEMENT

NORC is an equal opportunity employer. NORC evaluates qualified applicants without regard to race, color, religion, sex, gender, national origin, disability, status as a protected veteran, sexual orientation, and other legally protected characteristics. #J-18808-Ljbffr National Opinion Research Center - NORC

Vacancy posted 1 day ago
Similar jobs that could be interesting for youBased on the Senior IT Risk and Compliance Analyst in Washington DC vacancy
  • $77.6k - $176k

    Phase2 Technology is seeking a Cybersecurity Compliance Analyst to design and manage policies ensuring software and database security. The role requires extensive experience in compliance analysis and the ability to communicate cybersecurity posture effectively. Responsibilities... 
    Senior

    Phase2 Technology

    Arlington, VA
    2 days ago
  • A leading federal services provider is seeking a Cybersecurity Analyst in Alexandria, VA. This role includes managing governance, risk, and compliance activities to ensure compliance with DoD requirements. The ideal candidate will have at least 10 years of relevant experience... 
    Senior

    PingWind Inc

    Alexandria, VA
    1 day ago
  •  ...federal services provider is seeking a Cybersecurity Analyst in Alexandria, VA, focused on governance, risk, and compliance (GRC) activities. The ideal candidate should...  ...minimum of 10 years of relevant experience and senior-level cybersecurity certifications. You will lead... 
    Senior

    Medium

    Alexandria, VA
    2 days ago
  • $136k - $197k

    Senior Compliance Analyst, Public Sector About the job The Google Compliance team ensures that our business is consistent with current financial...  ...Analyst within the Google Public Sector (GPS) Governance, Risk and Compliance (GRC) team, you will act as a strategic lead... 
    Senior
    Temporary work
    Local area
    Flexible hours

    Google

    Washington DC
    1 day ago
  • $111k - $171k

    Amentum is seeking a Senior-level Cybersecurity Analyst in Arlington, Virginia, to support the Air Combat Command's cybersecurity initiatives. This position focuses on advanced cybersecurity operations, compliance, and ensuring secure system operations. Successful candidates... 
    Senior

    Amentum

    Arlington, VA
    1 day ago
  •  ...Security Specialist in Washington, DC. This position entails developing and implementing IT security standards, monitoring security technology performance, and ensuring compliance with regulations like PCI and HIPAA. Candidates should possess a Bachelor’s degree in Computer... 
    Senior

    National Education Association

    Washington DC
    2 days ago
  • $77.6k - $176k

    Booz Allen Hamilton seeks a skilled professional with 10+ years in compliance analysis to ensure database and software security. You will manage policies, develop innovative solutions, and mentor team members. The ideal candidate will have a Bachelor's degree in cybersecurity... 
    Senior

    Booz Allen Hamilton

    Arlington, VA
    4 days ago
  • $86k - $101k

     ...Payment Network Compliance Analyst (Visa/Mastercard/Discover) Citizens is seeking a Payment Network...  ...oversight program within the Payments Risk organization. This role is responsible...  ...Not a traditional TPRM / vendor risk / IT GRC role Not focused on cybersecurity... 
    Work at office
    Local area
    Remote work
    Monday to Friday
    Flexible hours

    Citizens Financial Group, Inc.

    Laurel, MD
    2 days ago
  •  ...Worldwide Enterprises Inc. seeks a Senior Technical Analyst to provide advanced...  ...validate deployments, and assess compliance across DIS systems. The role...  ...stakeholders to identify risks, measure performance, and recommend...  ...background in federal IT, testing, and metrics is... 
    Senior
    Worldwide

    TLN Worldwide Enterprises Inc

    Washington DC
    12 hours ago
  • $92k - $97k

    Senior Cyber Security and Compliance Consultant Job Summary The Senior Cyber Security and Compliance Consultant...  ...their compliance, cyber security, IT controls, and multiple governance frameworks...  ...frameworks, providing solutions for risk mitigation and continuous improvement... 
    Senior
    Work at office

    BDO USA

    Mc Lean, VA
    1 day ago
  • Systems Planning and Analysis, Inc. is seeking a National Security Compliance Analyst to provide onsite support at the Mark Center in Alexandria,...  ...degree and possess 12+ years of experience, with a focus on risk mitigation practices and compliance agreements. The position... 
    Senior
    Work at office

    Systems Planning and Analysis, Inc.

    Alexandria, VA
    6 days ago
  •  ...Description SAIC is seeking a Cybersecurity Compliance analyst in Arlington, VA. The roles and responsibilities include providing administrative, technical, and analytical expertise of the Risk Management Framework with knowledge of network operations and vulnerability... 

    SAIC

    Arlington, VA
    4 days ago
  • $110k - $120k

     ...passionate and skilled Digital Compliance Analyst to join our dynamic team! At...  ...to secure applications and IT systems is desirable. Flexible...  ...mission to help save lives! Seniority level Seniority level Mid-Senior...  ...DC-Baltimore Area . Risk and Compliance Senior Associate... 
    Full time
    Flexible hours

    Laerdal Medical

    Washington DC
    1 day ago
  • $100k - $150k

    Job Description The Senior Information Security Compliance Analyst is a key member of the SRO Compliance & Portfolio Management team, responsible for ensuring...  ...assessments, monitoring compliance efforts, managing risk, and providing expert guidance to stakeholders to... 
    Senior
    Work experience placement

    Motorola Solutions

    Washington DC
    1 day ago
  • $90k - $200k

     ...Senior Manager, Investigations, Diligence, and Compliance - Specialist Kroll’s North American Investigations, Diligence and Compliance practice is seeking a Senior...  ..., internal (client) investigations, insider risk compliance assessments, consulting projects and forensic... 
    Senior
    Temporary work
    Flexible hours

    Kroll

    Washington DC
    3 days ago
  • One Federal Solution in Washington, D.C. is seeking a Senior Security Risk Management Subject Matter Expert. The role involves providing risk management expertise, supporting A&A, and ensuring compliance with FISMA guidelines. The ideal candidate will have over 10 years... 
    Senior

    One Federal Solution

    Washington DC
    1 day ago
  • Nubank is seeking an AI and Agentic AI Risk Management Senior Specialist to build risk management frameworks and ensure AI system quality. This role involves independent assessments of AI systems and developing metrics for monitoring AI risks. Candidates should have a... 
    Senior

    Nubank

    Washington DC
    2 days ago
  • Management Solutions LLC is seeking a Risk Manager to support mission-critical services in...  ...managing risks associated with federal IT initiatives and requires strong analytical...  ...management processes while engaging with senior government stakeholders. A bachelor's degree... 
    Senior

    Management Solutions LLC

    Washington DC
    4 days ago
  • Management Solutions is looking for a Risk Manager to support federal IT and cybersecurity services in the Washington, DC area. This role requires a...  ...comprehensive risk management strategies, working closely with senior government stakeholders. Benefits include medical... 
    Senior

    Management Solutions

    Washington DC
    3 days ago
  • JCD Staffing is seeking a Senior Cybersecurity Supply Chain Risk Management Analyst in Washington, DC, to support federal cybersecurity initiatives. This role focuses on identifying and mitigating risks related to complex supply chains, requiring an active TS clearance... 
    Senior

    JCD Staffing

    Washington DC
    2 days ago
  • Fluence is seeking a senior-level Internal Audit Manager based in Arlington, Virginia. This full-time role focuses on leading audits and...  ...will possess strong internal audit experience and expertise in risk management. As part of a fast-paced team, you'll work across functions... 
    Senior
    Full time

    TryApplyNow

    Arlington, VA
    3 days ago
  •  ...specialists ready to tackle critical cybersecurity challenges. Ideal candidates should have an active Top Secret clearance, 5-7 years of IT security experience, and a strong background in information assurance tools. Responsibilities include researching security controls,... 
    Senior

    Qmulos

    Washington DC
    4 days ago
  • $97k - $120k

    NORC at the University of Chicago is seeking a Senior IT Risk and Compliance Analyst for a critical role within the DSS Security and Compliance group. The successful candidate must have expertise in government security standards and a strong background in IT risk management... 
    Senior
    Work at office

    National Opinion Research Center - NORC

    Washington DC
    1 day ago
  • MISSION ONE, LLC is seeking a Senior Cybersecurity Advisor to provide strategic leadership in cybersecurity, focusing on governance, risk management, and compliance. The ideal candidate will possess extensive experience advising on cybersecurity policies, frameworks, and... 
    Senior

    MISSION ONE, LLC

    Washington DC
    2 days ago
  • Nubank is seeking an AI and Agentic AI Risk Management Senior Specialist to define and manage risk frameworks for AI systems. This hands-on technical position requires strong experience in model risk management, with substantial knowledge in Python and SQL. The ideal candidate... 
    Senior

    Nubank

    Washington DC
    22 hours ago
  • The VP Senior Compliance Officer (SCO) is responsible for assisting in the coordination of the development...  ...framework, to assess and mitigate the risk exposures, and to ensure the Branch...  ...systems integration with HO and local IT, project team and local management as and... 
    Senior
    Work at office
    Local area

    First Abu Dhabi Bank (FAB)

    Washington DC
    3 days ago
  •  ...experienced professional in Washington, DC, to provide analytical support in managing cybersecurity risks within supply chains. Ideal candidates will have a background in IT, combined with a bachelor's degree, relevant certifications like Network+ and Security+, and at... 
    Senior

    Maania Consultancy Services

    Washington DC
    2 days ago
  • Strive Health in Washington, DC is seeking a Senior Analyst to review client data for completeness and accuracy, aiding in the transformation of chronic conditions. The role includes auditing contracts and collaborating with various departments to add value. Candidates... 
    Senior
    Remote work

    Strive Health

    Washington DC
    1 day ago
  • Management Solutions, LLC seeks a Risk Manager in the Washington, DC area. This client-facing role involves supporting federal IT services, identifying and mitigating risks linked...  ...risk strategies and engaging with senior stakeholders. A comprehensive benefits package... 
    Senior

    Management Solutions, LLC

    Washington DC
    4 days ago
  • ABS Group is seeking a Senior Consultant II to provide technical expertise in maritime risk management. The role involves leading consulting tasks for clients and...  ...conducting risk assessments, supporting regulatory compliance, and maintaining client relationships. #J-1880... 
    Senior
    Remote work

    ABS Group

    Washington DC
    1 day ago

Do you want to receive more vacancies?

Subscribe and receive similar vacancies to Senior IT Risk and Compliance Analyst. Be the first to apply!