Governance, Risk, and Compliance Lead - Greendale, United States - University of Chicago

University of Chicago Greendale, United States

4 weeks ago

Description

University of Chicago

One of the world's leading research universities, the University of Chicago inspires scholars to pursue field-defining research, while providing a transformative education for students.

View company page

Department

Provost Globus
About the Department

Globus ) is a sustainable, non-profit unit within The University of Chicago delivering solutions to the research community worldwide.

Globus develops and provides critical services that support scientific research for governmental, academic, and commercial organizations in a wide range of disciplines including life sciences, physics, and astronomy.

We develop and operate commercial-quality, cloud -based software application and platform services used by 10s of thousands of researchers to manage their large–and growing–data management challenges.

We have offices located at 401 North Michigan Avenue in the heart of downtown Chicago and remote employees who work-from-home.

Globus, together with Globus Labs, a research group within the University of Chicago, and part of the Data Science and Learning Division at Argonne National Labs, develop and deploy cutting edge technologies to solve new challenges facing the scientific community and enable break-through scientific discoveries.

Job Summary

As the Governance, Risk, and Compliance Lead for Globus, you will spearhead the Unit's compliance endeavors, ensuring alignment with essential regulatory standards for both our products and operations.

Globus offers a robust suite of capabilities for data and compute management, along with automation, serving researchers worldwide.

Our offerings come in the form of a hosted service (SaaS) and platform (PaaS), utilizing a hybrid architecture, with management services hosted on Amazon Web Services (AWS).

Globus capabilities are offered for use with protected data and adhere to NIST controls and the HIPAA Security Rule.

In your capacity, you'll oversee the compliance program to uphold these standards, crafting and leading initiatives aimed at enhancing operational efficiency as we expand.

Your focus will be on ensuring that we consistently meet our customers' compliance requirements while scaling our operations effectively.

As the resident expert within the team, you'll manage security assessments, monitoring compliance status, providing procedural guidance, implementing security controls, and driving process improvement and maturity initiatives.

Beyond sustaining our current compliance framework, your role will involve leveraging your expertise and insights into the Globus customer base to advocate for and implement additional compliance standards in response to customer demand and market trends.

This will entail conducting thorough gap analyses and collaborating with third-party vendors as necessary.

If you thrive in collaborative, innovative, mission-oriented environments, consider joining Globus where your skills and passion for compliance can make a meaningful impact on research worldwide

Responsibilities

Leads implementation and maintenance of NIST risk management framework and controls to manage security and privacy risks for the Unit.

Develops compliance strategy, and leads and executes various tasks based on those strategies, including development and maintenance of policies and procedures, system security plan, plans of actions and milestones.

Reviews technical procedures developed by the operations team, and ensure compliance with policies.

Supports the operations team in managing security incidents, generating reports, and serving as the primary liaison for communication with both internal and external stakeholders, in adherence to established policies.

Serves as compliance lead on internal and external assessments and audits.
Assists customers with security risk assessment of Globus products, and owns all customer communication on security and compliance.
Collaborates with the procurement team to review contract terms and data protection agreements pertaining to product and operational security. Ensures that contractual obligations are in line with the current operational standards of Globus.

Serves as a mentor to staff providing compliance and security consulting and awareness efforts, including engaging with the product team to analyze security of applications to provide risk recommendations.

Uses a deep understanding of IT expertise to develop and implement security and compliance policies, guidelines,and safe practices for the unit.

Leads teams to conduct in-depth information technology risk assessments; makes recommendations and designs improvements to IT security procedures.
Performs other related work as needed.

Minimum Qualifications

Education:
Minimum requirements include a college or university degree in related field.
-

Work

Experience:
Minimum requirements include knowledge and skills developed through 7+ years of work experience in a related job discipline.
-

Certifications:Certified Information Systems Security Professional (CISSP)
International Information System Security Certification Consortium, SANS GIAC Certification
Global Information Assurance Certification Preferred Qualifications

Experience:
Implementation of security or compliance frameworks such as HIPAA, NIST SP 800-53r5, NIST SP , or similar.

Maintaining security and compliance for production applications within cloud-based environments, with a preference for Amazon Web Services.

Proficiency in cybersecurity and compliance within higher education and/or government sectors.

Demonstrated experience in conducting information security audits or risk assessments.

Experience as security and/or network engineer and/or system administration.

Licenses and

Certifications:
Relevant security certifications such as CISSP, CISM, CISA, CRISC, or compliance certifications, and/or SANS GIAC certification for technical knowledge (e.g. GWAPT, GPCS, GWEB).

Technical Skills or Knowledge:
Proven track record of managing Governance, Risk and Compliance programs and supporting various compliance frameworks, including NIST RMF, SOC 1/SOC 2, HITRUST, HIPAA, and/or optionally FedRAMP

Strong knowledge of information security risk management frameworks, such as NIST RMF, and compliance practices.

Demonstrated proficiency in administering intricate security controls and configurations for applications.

Well-versed in public cloud security and compliance best practices, particularly in supporting compliance for applications hosted on cloud platforms.

Expertise in AWS security controls and compliance resources.

Some familiarity with Governance Risk and Compliance tools and suites (e.g. Navex, LogicGate).

Preferred Competencies
Strong crisis management and leadership ability.

Work collaboratively with cross-functional teams, especially in an engineering and product environment, and build consensus across teams.

Enjoys solving complex and hard problems and can turn incomplete, conflicting, or ambiguous inputs into actionable plans.

Excellent verbal and written communication skills.

Strong analytical and problem solving skills.

Excellent organizational skills and constant attention to detail.

Work independently, and balance competing priorities.

Weigh business needs against security concerns.

Working Conditions
Occasional evening or weekend hours.

Option available for hybrid work with occasional required attendance at in-person meetings.

Application Documents
Resume/CV (required)

When applying, the document(s)

MUST be uploaded via the

My Experience

page, in the section titled

Application Documents

of the application.

Job Family

Information Technology
Role Impact

Individual Contributor
FLSA Status

Exempt
Pay Frequency

Monthly
Scheduled

Weekly Hours

37.5
Benefits Eligible

Yes
Drug Test Required

No
Health Screen Required

No
Motor Vehicle Record Inquiry Required

No
Posting Statement

The University of Chicago is an Affirmative Action/Equal Opportunity/Disabled/Veterans

and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender, gender identity, national or ethnic origin, age, status as an individual with a disability, military or veteran status, genetic information, or other protected classes under the law.

For additional information please see the University's Notice of Nondiscrimination.

Staff Job seekers in need of a reasonable accommodation to complete the application process should call or submit a request via Applicant Inquiry Form.

We seek a diverse pool of applicants who wish to join an academic community that places the highest value on rigorous inquiry and encourages a diversity of perspectives, experiences, groups of individuals, and ideas to inform and stimulate intellectual challenge, engagement, and exchange.

All offers of employment are contingent upon a background check that includes a review of conviction history. A conviction does not automatically preclude University employment.

Rather, the University considers conviction information on a case-by-case basis and assesses the nature of the offense, the circumstances surrounding it, the proximity in time of the conviction, and its relevance to the position.

The University of Chicago's Annual Security & Fire Safety Report (Report) provides information about University offices and programs that provide safety support, crime and fire statistics, emergency response and communications plans, and other policies and information.

The Report can be accessed online .Paper copies of the Report are available, upon request, from the University of Chicago Police Department, 850 E.

61st Street, Chicago, IL

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.

#J-18808-Ljbffr

Technical Compliance Lead

1 week ago

Fastly Greendale, United States

Fastly, Inc. · Fastly's edge cloud platform delivers faster, safer, and more scalable sites and apps to customers. Elevate your edge CDN, video delivery, security, and more. · View company page · Fastly helps people stay better connected with the things they love. Fastly's edg ...
Director, Trust Risk

2 weeks ago

Autodesk Greendale, United States

As the Director of Trust Risk & Compliance you will strategize, build, operate, and mature a global Trust (Security, Privacy, Trusted AI, Resiliency) Risk & Compliance organization and lead cross-functional partnerships in maintaining commitments to Autodesk customers and employe ...
Senior Compliance and Risk Analyst

2 weeks ago

NextEra Energy , Inc. Greendale, United States

Florida Power & Light Company · is America's largest electric company, providing clean, affordable, and reliable electricity to more than 12 million people in Florida. We operate one of the cleanest power generation fleets in the U.S. and our reliability is among the best in the ...
Data Protection Consultant

1 week ago

NovaWorks Berlin, United States

We are currently seeking several lawyers for positions as consultants and senior consultants in the field of data protection for the datenschutz nord GmbH - a company of the DSN GROUP - based in Berlin. Depending on your place of residence, you will be assigned to one of our offi ...
Mechatronics Technician

1 week ago

Titan Innovations New Berlin, United States

Mechatronics Technician (m/f/d) Maintenance Due to our extensive experience in the German job market, renowned and future-oriented companies have trusted the personnel services of the expertum Group for 30 years. We bring together the ideas and wishes of excellent candidates with ...
Assistant Center Director

3 weeks ago

The Learning Experience - Corporate Childcare Centers Franklin, United States

Benefits:401(k) · 401(k) matching · Competitive salary · Dental insurance · Employee discounts · Free food & snacks · Free uniforms · Health insurance · Opportunity for advancement · Paid time off · Training & development · Tuition assistance · Vision insurance · Wellness resourc ...
IT Security Associate Director

1 day ago

Wolters Kluwer Greendale, United States

IT Security Associate Director - Compliance Lead · Wolters Kluwer · Wolters Kluwer is a global provider of professional information, software solutions, and services. · View company page · Wolters Kluwer Global Business Services (GBS) is designed to provide services to the bu ...
Compliance Officer, Park Avenue Securities

2 weeks ago

Guardian Llc Greendale, United States

Compliance Officer, Park Avenue Securities · Guardian · We provide life insurance, disability insurance, dental insurance, and other benefits that help protect people and inspire their well-being. · View company page · The Chief Compliance Officer of Park Avenue Securities (P ...
Regulatory Compliance Engineer

4 weeks ago

Salt River Project Greendale, United States

Salt River Project · Salt River Project has delivered low-cost, reliable power and water to Arizona for over 100 years. View plans, see outages, pay your bill, contact us and more. · View company page · Join us in building a better future for Arizona · SRP is one of the larges ...
Chief Compliance Officer

1 day ago

Gravie Greendale, United States

Hi, were Gravie, and we are building the health plan of the future. For the past few decades, the health insurance industry has evolved to serve the needs of employers, insurance companies, brokers, and (sometimes) doctors and hospitals. The needs of the consumer, however, have l ...
Security and Compliance Leader

4 days ago

Amazon Greendale, United States

· Free shipping on millions of items. Get the best of Shopping and Entertainment with Prime. Enjoy low prices and great deals on the largest selection of everyday essentials and other products, including fashion, home, beauty, electronics, Alexa... · View company page · As the ...
Senior Director, Technology

1 day ago

TransUnion Greendale, United States

Senior Director, Technology & Security Risk Management & Compliance · TransUnion's Job Applicant Privacy Notice · Personal Information We Collect · Your Privacy Choices · What We'll Bring: · At TransUnion we have a welcoming and energetic environment that encourages collaboratio ...
Senior Risk

1 week ago

Highmark Health Greendale, United States

This job works collaboratively to support of all risk and compliance assessment activities of Highmark Health across a broad range of frameworks including NIST, HITRUST, PCI, HIPAA, SOC, MAR, CMS, JCAHO, etc. The incumbent will partner with the organizational risk and business pa ...
IT Cybersecurity Manager

2 weeks ago

Beacon Building Products Greendale, United States

Beacon Building Products · Beacon Building Products (NASDAQ: BECN), is one of the largest distributors of commercial and residential roofing products, complementary construction, and building materials serving the entire United States and six Canadian provinces. · View company ...
Principal Security Engineer

3 weeks ago

Gemini, Inc. Greendale, United States

Gemini · Gemini makes crypto simple. Find, Trade and Buy over 80 coins including bitcoin on the best cryptocurrency platform. Start trading crypto here. · View company page · Gemini is a global crypto and Web3 platform founded by Tyler Winklevoss · and Cameron Winklevoss · i ...
Director of Information Security and IT

1 day ago

botkeeper Greendale, United States

Botkeeper · See how 250+ Botkeeper firms are saving time & increasing profit with the only badass bookkeeping solution designed for badass accounting pros. · View company page · Ready for the future of accounting? Botkeeper provides automated bookkeeping support to Accounting ...
Senior Director, Technology

1 day ago

TransUnion Greendale, United States

Senior Director, Technology & Security Risk Management & Compliance · TransUnion's Job Applicant Privacy Notice · Personal Information We Collect · Your Privacy Choices · What We'll Bring: · At TransUnion we have a welcoming and energetic environment that encourages collabor ...
Cybersecurity Incident Response Program Manager

3 weeks ago

UMB Bank Greendale, United States

Cybersecurity Incident Response Program Manager (Hybrid) · As part of UMB's Corporate Information Security and Privacy (CISP) team, the mission is to identify threats, vulnerabilities, and risks and to help protect the people, information, and services within the organization. C ...
SOC Analyst

1 week ago

VMware Greendale, United States

The End-User Computing Division (EUC) empowers employees to do their best work from anywhere, through smart, seamless, and secure experiences. · As digital workspaces continue to evolve, we are designing and engineering VMware Anywhere Workspace, a holistic platform built on our ...
Director, Information Security and Privacy

1 day ago

Jam City Greendale, United States

Director, Information Security and Privacy · Jam City, Inc. · Jam City connects people around the world through great games. · View company page · As a leading mobile games developer, Jam City is looking to level up our talent. Were searching for innovators who consider thems ...