Governance, Risk, and Compliance Lead - Chicago, United States - The University of Chicago

Description

Governance, Risk, and Compliance Lead

locations
Chicago, IL
time type
Full time

job requisition id
JR25905
Department

Provost Globus

About the Department

Globus ) is a sustainable, non-profit unit within The University of Chicago delivering solutions to the research community worldwide. Globus develops and provides critical services that support scientific research for governmental, academic, and commercial organizations in a wide range of disciplines including life sciences, physics, and astronomy. We develop and operate commercial-quality, cloud-based software application and platform services used by 10s of thousands of researchers to manage their large–and growing–data management challenges. We have offices located at 401 North Michigan Avenue in the heart of downtown Chicago and remote employees who work-from-home. Globus, together with Globus Labs, a research group within the University of Chicago, and part of the Data Science and Learning Division at Argonne National Labs, develop and deploy cutting edge technologies to solve new challenges facing the scientific community and enable break-through scientific discoveries.

Job Summary

As the Governance, Risk, and Compliance Lead for Globus, you will spearhead the Unit's compliance endeavors, ensuring alignment with essential regulatory standards for both our products and operations. Globus offers a robust suite of capabilities for data and compute management, along with automation, serving researchers worldwide. Our offerings come in the form of a hosted service (SaaS) and platform (PaaS), utilizing a hybrid architecture, with management services hosted on Amazon Web Services (AWS).

Globus capabilities are offered for use with protected data and adhere to NIST controls and the HIPAA Security Rule. In your capacity, you'll oversee the compliance program to uphold these standards, crafting and leading initiatives aimed at enhancing operational efficiency as we expand. Your focus will be on ensuring that we consistently meet our customers' compliance requirements while scaling our operations effectively. As the resident expert within the team, you'll manage security assessments, monitoring compliance status, providing procedural guidance, implementing security controls, and driving process improvement and maturity initiatives.

Beyond sustaining our current compliance framework, your role will involve leveraging your expertise and insights into the Globus customer base to advocate for and implement additional compliance standards in response to customer demand and market trends. This will entail conducting thorough gap analyses and collaborating with third-party vendors as necessary.

If you thrive in collaborative, innovative, mission-oriented environments, consider joining Globus where your skills and passion for compliance can make a meaningful impact on research worldwide
Responsibilities

Leads implementation and maintenance of NIST risk management framework and controls to manage security and privacy risks for the Unit.

Develops compliance strategy, and leads and executes various tasks based on those strategies, including development and maintenance of policies and procedures, system security plan, plans of actions and milestones.

Reviews technical procedures developed by the operations team, and ensure compliance with policies.

Supports the operations team in managing security incidents, generating reports, and serving as the primary liaison for communication with both internal and external stakeholders, in adherence to established policies.

Serves as compliance lead on internal and external assessments and audits.

Assists customers with security risk assessment of Globus products, and owns all customer communication on security and compliance.

Collaborates with the procurement team to review contract terms and data protection agreements pertaining to product and operational security. Ensures that contractual obligations are in line with the current operational standards of Globus.

Serves as a mentor to staff providing compliance and security consulting and awareness efforts, including engaging with the product team to analyze security of applications to provide risk recommendations.

Uses a deep understanding of IT expertise to develop and implement security and compliance policies, guidelines, and safe practices for the unit.

Leads teams to conduct in-depth information technology risk assessments; makes recommendations and designs improvements to IT security procedures.

Performs other related work as needed.

Minimum Qualifications

Education:

Minimum requirements include a college or university degree in related field.
---
Work Experience:

Minimum requirements include knowledge and skills developed through 7+ years of work experience in a related job discipline.
---
Certifications:

Relevant security certifications such as CISSP, CISM, CISA, CRISC, or compliance certifications, and/or SANS GIAC certification for technical knowledge (e.g. GWAPT, GPCS, GWEB) - .
---

Preferred Qualifications

Experience:

Implementation of security or compliance frameworks such as HIPAA, NIST SP 800-53r5, NIST SP , or similar.

Maintaining security and compliance for production applications within cloud-based environments, with a preference for Amazon Web Services.

Proficiency in cybersecurity and compliance within higher education and/or government sectors.

Demonstrated experience in conducting information security audits or risk assessments.

Experience as security and/or network engineer and/or system administration.

Technical Skills or Knowledge:

Proven track record of managing Governance, Risk and Compliance programs and supporting various compliance frameworks, including NIST RMF, SOC 1/SOC 2, HITRUST, HIPAA, and/or optionally FedRAMP

Strong knowledge of information security risk management frameworks, such as NIST RMF, and compliance practices.

Demonstrated proficiency in administering intricate security controls and configurations for applications.

Well-versed in public cloud security and compliance best practices, particularly in supporting compliance for applications hosted on cloud platforms.

Expertise in AWS security controls and compliance resources.

Some familiarity with Governance Risk and Compliance tools and suites (e.g. Navex, LogicGate).

Preferred Competencies

Strong crisis management and leadership ability.

Work collaboratively with cross-functional teams, especially in an engineering and product environment, and build consensus across teams.

Enjoys solving complex and hard problems and can turn incomplete, conflicting, or ambiguous inputs into actionable plans.

Excellent verbal and written communication skills.

Strong analytical and problem solving skills.

Excellent organizational skills and constant attention to detail.

Work independently, and balance competing priorities.

Weigh business needs against security concerns.

Working Conditions

Occasional evening or weekend hours.

Option available for hybrid work with occasional required attendance at in-person meetings.

Job Family

Information Technology

Role Impact

Individual Contributor

FLSA Status

Exempt

Pay Frequency

Monthly

Scheduled Weekly Hours

37.5

Benefits Eligible

Yes

Drug Test Required

No

Health Screen Required

No

Motor Vehicle Record Inquiry Required

No